Battle Which Anti-Exploit software should I use?

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
I just reinstalled my computer and found out that Malwarebytes Anti-Exploit has been discontinued (probably?) and is only available now as a beta. I am looking for product that could replace this software. I am mainly looking for low resources usage! Malwarebytes Anti-Exploit only used a few megabytes of RAM. I use Avira Antivirus Free and Comodo Firewall Free.
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Does MBAE protect against unknown exploits?
It should, since unknown is relative upon what antivirus knows and MBAE is marketed to protect against unknowns. You can't fully lie.
@RXZ6Q Should you? There's only a few free anti-exploit and it's only getting worse since the products are getting worse or getting deprecated.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I don't think there are any good free anti-exploits

if you are on windows 8 or 10, enable the appcontainer flag in chrome. That is anti-exploit protection.
And use a safe PDF reader as default, such as Sumatra.
In other words, you will need to do piece-meal exploit protection, or buy HitmanPro.Alert.
 
5

509322

I just reinstalled my computer and found out that Malwarebytes Anti-Exploit has been discontinued (probably?) and is only available now as a beta. I am looking for product that could replace this software. I am mainly looking for low resources usage! Malwarebytes Anti-Exploit only used a few megabytes of RAM. I use Avira Antivirus Free and Comodo Firewall Free.

Exploits succeed against out-of-date and obsolete software. The older exploits are still used. A very new one - that was easy to implement against MicrosoftEdge or Chrome - would be worth a huge amount on the black market. It would be sold and very likely used in a targeted campaign (e.g. surveillance) as opposed to releasing it into the wild in an attempt to compromise every single user system. If an exploit costs $500,000 they aren't going to go on a fishing expedition to try to recoup and make profit on that expense. There's a lot of user misunderstandings surrounding exploits.

One of the best anti-exploit strategies is to use non-targeted software. For example, instead of using Microsoft Office, use Kingsoft WPS instead. Instead of Adobe Acrobat\Reader, use Foxit, NitroPDF, PDF X-Change, SumatraPDF, or your browser instead. Don't use Adobe Flash, install Oracle Java or Java Runtime Environment.

Make of a list of the most commonly exploited software and find alternatives that work for you.

Also, use an updater software like Secunia Personal Software Inspector to keep your softwares up-to-date.
 
Last edited by a moderator:

Nheo_Linkin

Level 1
Verified
Feb 19, 2017
44
Exploits succeed against out-of-date and obsolete software. There's a lot of user misunderstandings surrounding exploits.

One of the best anti-exploit strategies is to use non-targeted software. For example, instead of using Microsoft Office, use Kingsoft WPS instead. Instead of Adobe Acrobat\Reader, use Foxit, NitroPDF, PDF X-Change, SumatraPDF, or your browser instead. Don't use Adobe Flash, install Oracle Java or Java Runtime Environment.

Make of a list of the most commonly exploited software and find alternatives that work for you.

Also, use an updater software like Secunia Personal Software Inspector to keep your softwares up-to-date.
How could you know that Foxit, NitroPDF... or Oracle Java are non-targeted? Perhaps the best anti-virus strategy is to use non-targeted OS like Linux.
 
5

509322

How could you know that Foxit, NitroPDF... or Oracle Java are non-targeted? Perhaps the best anti-virus strategy is to use non-targeted OS like Linux.

There are CVE reports publicly available, plus industry tracking of exploits of softs.

Oracle Java is one of the most targeted.

Some choose to transition to Linux since it is comparatively less targeted than Windows.
 
W

Wave

Does MBAE protect against unknown exploits?
It does but I've barely seen it work well in the past, I think they are relying on signatures for it regardless of what they advertise... However that is just an opinion and not a fact, hence no evidence for me to back the statement up.

Oracle Java is one of the most targeted.
That is why I don't have Java installed, I don't need it anyway. Flash is also quite vulnerable, another reason to push HTML5 further as it already is being pushed a lot. More and more people are moving to HTML5 as opposed to using flash nowadays.

@RXZ6Q I recommend HitmanPro.Alert, it has a lot of functionality (including anti-ransomware) and definitely protects against exploits... I've tested it myself - it can also prevent BadUSB exploit which is very sophisticated, based on firmware exploitation of a USB device.
 
5

509322

But I bet most of people won't choose this strategy.

Of course not. It requires a little bit of work on the user's part - where they actually learn something valuable that will help them to protect themselves. Most people just want plug-n-play.

And I should point out that an anti-exploit does not protect against exploits of the OS. You'll have to talk to Microsoft about that.
 
W

Wave

Another strategy is to run targeted softs while sandboxed using Sandboxie.
You can also sandbox your browser to help prevent browser exploits from touching your actual host as they'll be within the sandbox container - then it's a job of exploiting the browser & sandboxie which would be twice as difficult than without the sandbox.

Comodo Firewall is also good for sandboxing IMO but can bring lots of trouble lol
 
W

Wave

HMPA has some kind of behavior analizing I guess.
They do analyse the behavior of programs and if I recall correctly they also have the ability to identify when the browser has become compromised (e.g. formgrabber through injection & API hooking), and in this case they would alert you to run a scan - I don't know of any other anti-exploit which does this? Even full AV/IS suite products these days would miss such a thing as I've seen from personal testing.

*could be wrong if I recalled incorrectly but I think what I said above is right.

They inject into processes and monitor from user-mode via hooks I believe.

Even Sophos liked it enough to integrate their technology into their endpoint protection for enterprises.
 
W

Wave

And I should point out that an anti-exploit does not protect against exploits of the OS. You'll have to talk to Microsoft about that.
Sometimes vendors use virtual patching for features like UAC but it doesn't really work well IMO, of course update patches from MS are much more reliable and useful.

I think a lot of the Anti-Exploit products out there are more signature-based detecting the bytes than actual dynamic analysis (HMP.A for example definitely has dynamic aspects, if not it's completely dynamic).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top