AfterDawn: Tech news

New Malwarebytes Anti-Exploit tool released

Written by James Delahunty (Google+) @ 24 Jun 2013 0:26 User comments (16)

New Malwarebytes Anti-Exploit tool released Malwarebytes has released a beta of its new Anti-Exploit tool, a result of its acquisition of ZeroVulnerabilityLabs' ExploitShield application.
Anti-Exploit is not an anti-virus or anti-malware tool. Instead, Anti-Exploit runs in the background and monitors some popular applications, preventing vulnerabilities in the software from being exploited. This could be, for example, an attempt to exploit a bug in a web browser that used a maliciously crafted website.

It does not need to download large amounts of definitions every day to work either, it can even be effective at blocking the exploits of vulnerabilities that are not known about by the vendor of the software.

The tool is made with simplicity in mind; simply run the installer and it will then run in the background automatically. If you check the System Tray, you will see an icon that you can double-click to bring up the user interface of Anti-Exploit, allowing you to enable/disable protection, view a list of applications it protects against exploitation, view a log of blocked exploit attempts and set any exceptions that you would like.

   

In this BETA of Anti-Exploit, the following apps are protected: Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Java, Adobe Acrobat, Adobe Reader, Foxit Reader, Microsoft Office Word, Microsoft Office Excel, Microsoft Office PowerPoint, Windows Media Player, VLC Media Player, Winamp Player, QuickTime Player, Windows Script Host and Windows Help.

You should note that while Anti-Exploit is a very interesting method for blocking exploitation of applications, it should never be used as an alternative to keeping your system (OS, applications, browsers, plug-ins etc.) up to date with the latest patches.

Malwarebytes Anti-Exploit is available for free at least during BETA.

Download it from: Malwarebytes Anti-Exploit BETA

Tags: Malwarebytes
Previous Next  

16 user comments

124.6.2013 0:55

Great, another application to run in the background!

224.6.2013 1:12

So, in other words, they made a standalone heuristic protection application? Interesting, if so, but many security suites (Comodo, for example, or Norton) already have this functionality.

324.6.2013 1:17

Originally posted by Bozobub:
So, in other words, they made a standalone heuristic protection application? Interesting, if so, but many security suites (Comodo, for example, or Norton) already have this functionality.
No, I believe this is different. A heuristic protection application looks for 'virus-like behaviors' in software. This looks for out-dated software already installed on your computer that contains known vulnerabilities to exploitation.

424.6.2013 10:19

From the description, no, that's NOT what this software does. Click the link and see for yourself.

525.6.2013 0:57

Good. I'm glad you got your question answered for yourself. I assume you now know how this product is different from what Norton does.

625.6.2013 2:22

this product is nothing like norton. i got it running and you dont even know its there.how much good it does remains to be seen.only had it for a day.

72.7.2013 22:11

It sounds good to me. This year the hacking world has changed. AV is becoming passé. Routines that can alter a viral signature have been on hacking download servers for over a year. Each time malware is injected into your computer it has a different signature than all the same malware that had been injected from that server. Even if a malware is identified, it is no help finding the malware on a different computer. Only a new order of heuristic security software can protect your server. Mind you, I still keep AV up and running since a club can kill you as well as a bullet.


I will try it. It will be less useful for me because I sandbox everything. Still I want to see what it catches. I have seen a huge decrease in last ditch thwarted attacks since I started using Comodo. I browse using a heavy weight sandbox (sandboxie). Which prevents the browser from being altered while browsing. You do get an error message warning you can’t modify your browsed while it is sandboxed. I was getting attacked at least once an hour and AD was one of the least respectable sites I browse. For a week I was getting attacked on Hotmail. This is how a site like Hotmail got hacked. Apparently it is maintained by many different contractors. The attacks were coming when I downloaded an attachment. What they do is infect any page they can with FTP login stealing code. See linkstealing credentials

When they use that information to infect more web pages. Along with stealing FTP information they will attack your computer with malicious scripts, hidden links and the worst injection frames.
link
http://blog.unmaskparasites.com/2012/08...ame-injections/

Since then hackers have moved to brute force hacking of blog sites. Sites that use Wordpress and Joomla blog engines. These have default admin IDs and are

link

What does this mean to you? More and more sites will be getting hacked. When they do your computer will be attacked by ever increasingly efficient malware. This is the new wave of infections that has been going on for some time. They don't use a virus. The malware doesn't replicate by a computer getting infected. They infect web sites. This software will try to prevent a keylogger attaching itsself to your browser. Key loggers are great to steal all sorts of Personal Information (PI).

82.7.2013 23:13

god,mez,i feel sorry for you.i dont know where you surf but ive never in 10+ years on the net even come close to the experiences youve had.seriously man,lighten up.if youve actually had experience with these things first hand fine.if not,get off the conspiracy theory websites for your own good.

92.7.2013 23:21

Originally posted by cart0181:
Good. I'm glad you got your question answered for yourself. I assume you now know how this product is different from what Norton does.

Yes, this product IS like Norton (and Comodo, and every security software that has a real-time heuristics module). No, it isn't like the entire programs, just the relevant modules.

Nor is a (properly-written) heuristics protection module something that only looks for "virus-like" behavior. Anyone who has ever put Comodo's "Defense+" module on the "Paranoid" setting knows this, to their unending irritation; I'm pretty sure that accessing the keyboard and/or display is not necessarily a hallmark of malware - lol...

An exercise for you: Please explain how this program will operate, if it doesn't use a heuristic ruleset. It won't be using a definition database, so, er..? Maybe magic wands and pixie dust?

Unlike you, apparently, I clicked the link before I ever posted my opinion. Funny how that works.

This utility *may* be worth using, in addition to w/e heuristic protection you already have (similar to using both AdAware and Spybot on the same system to clean up spyware), it may not (like running two AVs at the same time is often a bad idea). But the fact remains, it's duplicating a function many people already have in place on their systems.

Edit --> I hate to be the bearer of bad tidings, Mez, but there's more than one way already to break sandbox protection. No security is perfect.
This message has been edited since its posting. Latest edit was made on 02 Jul 2013 @ 23:33

1013.7.2013 11:28

Quote:
Unlike you, apparently, I clicked the link before I ever posted my opinion. Funny how that works.
edited by ddp. And what I posted wasn't an opinion. It was an attempt to help you understand what the software does.

Quote:
An exercise for you: Please explain how this program will operate, if it doesn't use a heuristic ruleset. It won't be using a definition database, so, er..? Maybe magic wands and pixie dust?
It's a shame you don't understand how this software works. I'm not going to explain it for you.
This message has been edited since its posting. Latest edit was made on 13 Jul 2013 @ 13:42

1113.7.2013 13:43

post edited as per forum rules.

1214.7.2013 8:48

Sorry, but no. This app is merely a specialized heuristics module, nothing more. Just about everything it does, less specialized programs already do. The advantage it seems to have is that most other, more generalized apps would need to be set to an elevated security level (with the annoying flood of pop-ups that would entail) to provide the same level of protection for the specific programs MAE protects.

It's a shame you don't understand how this software works; glad I was able to explain it to you.

Note: The transparent ploy, "I know the answer, I just won't tell YOU! " doesn't work for 6-year-olds. How about learning to debate like an adult?

This message has been edited since its posting. Latest edit was made on 14 Jul 2013 @ 8:55

1314.7.2013 14:11

play nice.

1414.7.2013 19:55

Sorry, ddp, I'll drop it, but that mess rubs me the wrong way ^^' .

1514.7.2013 20:52

you can continue but just don't go hyper as just the net compared to face to face.

1614.7.2013 21:09

Heh. Frankly, I'm exactly as snarky when I feel someone has responded unfairly or insultingly in real life. Not saying that's always wise, mind you =x !

Comments have been disabled for this article.

News archive