Arequire

Level 23
Content Creator
Verified
If you're only looking to protect your browsers, MBAE Free works well. If you're willing to pay for the MBAE Premium then you'll get protection for some of the most targeted programs out there.

EMET works too but I've personally had some compatibility issues with wrapping its protection around certain programs in the past. Also Microsoft are dropping support for it in July 2018. (Huge mistake in my opinion. Businesses especially will suffer for this.)

Never tried HMPA so I can't comment on it, but I know a good amount of people hold it in high regard.
 
Last edited:
5

509322

My first impression about Sophos is how they seperate their Sophos Home into "pieces". When I want to uninstall "it", I need to uninstall each one of "them". That... is...not... cool if you know what I mean.
They aren't the only ones that do it; Bitdefender, COMODO, Norton, etc. In Enterprise it is more common.
 

RXZ6Q

Level 3
Sorry, guys, I forgot to mention that I was using paid version of Malwarebytes :D So I misled you. Feel free to offer any paid solution, I am not looking for free software :)

The Comodo protecting against exploits is really interesting, does anyone else knows more?

I am running Windows 10 and already using SumatraPDF

I try to update my software as much as I can, but I still have to use Microsoft Office and Flash.

As a gamer, running Linux is not a option for me.

HitmanPro.Alert seems to be really interesting, do any of you guys have information about resorce usage and compatibility with my soft? BadUSB protection is amazing.

How good is EMET compared to HMP.A and MBAE in terms of performance and zero-day protection?

So if I decide to continue using MBAE - should I run the old version or the new beta version?
 
W

Wave

Sorry, guys, I forgot to mention that I was using paid version of Malwarebytes :D So I misled you. Feel free to offer any paid solution, I am not looking for free software :)
HitmanPro.Alert IMO.

How good is EMET compared to HMP.A and MBAE in terms of performance and zero-day protection?
HMP.A works differently but it is the most powerful in terms of capabilities, but either EMET or MBAE is fine too.

So if I decide to continue using MBAE - should I run the old version or the new beta version?
MBAE stable version not beta unless you don't mind occasional bugs it might bring. Stable can have bugs too but there won't be as many...
 

shmu26

Level 78
Content Creator
Trusted
Verified
HMPA is a powerful software, it does not impact system performance, it uses 0% CPU or close to it, it uses about 12 MB RAM.

But... it is famous for conflicting with software and hardware (certain USB peripherals)
You just have to try it and see if it works with your config, and if not, maybe their beta version (they always are pushing out another beta version) solves your conflict.

It's good enough to make it worth the hassle.
 
W

Wave

HMPA is a powerful software, it does not impact system performance, it uses 0% CPU or close to it, it uses about 12 MB RAM.
It does impact system performance, the same way everything which behaves like HitmanPro.Alert will impact on system performance. The 0% CPU doesn't mean it doesn't use any CPU usage, every running program uses the CPU because it'll be running in the background, I don't know how Task Manager works with it myself...

HitmanPro.Alert works with process injection which means the memory of other running programs will increase; the memory usage of the monitored programs won't use a lot of additional memory since HMP.A is genuinely light but it depends.

Since it injects into processes, there must be a reason to need to do this... Hooks! Hooks will allow them to log the behavior of the running program. This means when the hooked (or "detoured" is a more professional term for it) functions are triggered (so when the targeted functions are called and it leads to the custom code written by HMP.A alert before Windows processes the API call properly), they log this information which will be beneficial in identifying certain behavior.

:)
 

Rolo

Level 18
Verified
EMET works too but I've personally had some compatibility issues with wrapping its protection around certain programs in the past. Also Microsoft are dropping support for it in July 2018. (Huge mistake in my opinion. Businesses especially will suffer for this.)
Not a mistake: it's because they've been incorporating these capabilities in Windows; EMET was just a gap-filler.
cf. Moving Beyond EMET


To not use software "because it's targeted more frequently" is like saying "don't have money or buy stuff--you'll get targeted more frequently". Instead, use what you need, don't have extra, keep it up to date (Secunia PSI has problems and SUMo/DUMo does a far better job).
 

Handsome Recluse

Level 19
Verified
Yeah. Updates are your best bet in exploit protection. It's in the mandatory section in asd.gov.au . You also already have both Comodo Firewall for a usable whitelist and a good antivirus to deal with anything extra. Adding more will just bog down your system or possibly lead to incompatibilities. More chances to fail. You just need that little extra self-control to not download that extra soft.
 
  • Like
Reactions: RXZ6Q

shmu26

Level 78
Content Creator
Trusted
Verified
It does impact system performance, the same way everything which behaves like HitmanPro.Alert will impact on system performance. The 0% CPU doesn't mean it doesn't use any CPU usage, every running program uses the CPU because it'll be running in the background, I don't know how Task Manager works with it myself...

HitmanPro.Alert works with process injection which means the memory of other running programs will increase; the memory usage of the monitored programs won't use a lot of additional memory since HMP.A is genuinely light but it depends.

Since it injects into processes, there must be a reason to need to do this... Hooks! Hooks will allow them to log the behavior of the running program. This means when the hooked (or "detoured" is a more professional term for it) functions are triggered (so when the targeted functions are called and it leads to the custom code written by HMP.A alert before Windows processes the API call properly), they log this information which will be beneficial in identifying certain behavior.

:)
The Wave knows about a million times better than me how these apps actually work, but as a user, I don't feel that HMPA makes my system slower or less responsive.

Caveat: if you start piling on the security softs, one on top of another, then it is likely that you will start to feel a general slowdown in system responsiveness.

Radical idea: if the OP is serious about exploit protection, he should dump COMODO and switch to ReHIPS, which allows one to elegantly isolate all vulnerable programs, as well as control system processes.
 

Arequire

Level 23
Content Creator
Verified
Not a mistake: it's because they've been incorporating these capabilities in Windows; EMET was just a gap-filler.
cf. Moving Beyond EMET


To not use software "because it's targeted more frequently" is like saying "don't have money or buy stuff--you'll get targeted more frequently". Instead, use what you need, don't have extra, keep it up to date (Secunia PSI has problems and SUMo/DUMo does a far better job).
Don't get me wrong, implementing the protections afforded by EMET into Windows itself can only be a good thing but I think Microsoft is forgetting that Windows 7 still holds a market share majority by almost 50%. It isn't such a big deal with consumers; I'm betting most people haven't even heard of EMET, but when it comes to businesses it's a whole different story. With the amount of time it takes a large business to migrate to an entirely new OS I feel Microsoft's being a little premature on ending support for it. (Although to their credit, they did extend the end-of-life time by 18 months but only because they were put under so much pressure.)

You're right about Secunia. Ran a scan with both Secunia and SUMo; Secunia found no updates, SUMo found 6. Guess I'm switching update software. Thanks. :)
 
Last edited:

giants8058

Level 4
They do analyse the behavior of programs and if I recall correctly they also have the ability to identify when the browser has become compromised (e.g. formgrabber through injection & API hooking), and in this case they would alert you to run a scan - I don't know of any other anti-exploit which does this? Even full AV/IS suite products these days would miss such a thing as I've seen from personal testing.

*could be wrong if I recalled incorrectly but I think what I said above is right.

They inject into processes and monitor from user-mode via hooks I believe.

Even Sophos liked it enough to integrate their technology into their endpoint protection for enterprises.
It definitely does. I've received a handful or more browser intruder alerts from HMP.alert, in which my AV missed. And doing a good amount of online banking/commerce, this is extremely important to me. Personally I think your best bet is going with HMP.alert and keeping your apps up to date. I've used Secunia in the past, but felt it can slow down your system a bit. In my case, I feel no slow downs with HMP.alert. As you can see, it offers more exploit mitigation than the competition.
 

Attachments

Last edited:
  • Like
Reactions: Wave
5

509322

I've received a handful or more browser intruder alerts from HMP.alert, in which my AV missed.
If those browser intrusion alerts are legitimate, then that means that there is an active infection already on your system... ;)

Banking trojans and other financial malware just don't run from a webpage inside your browser without touching your system - they're actually installed onto your system.

You better get someone to either check out those HMP.A alerts or take a look at your system.