No. Two reasons: 1. they tend to cause problems with applications they protect (let's say browser). Even after compatibility update new application update can break compatibility. 2. I don't think I need one. Even if I get hit by exploit, payload would still be stopped by SRP.
Not interested. Linux is (as I understand it) pretty resistant to userspace memory exploits at this point, and I don't feel like recompiling my kernel every week for the latest GrSec patchset. (That said, I really wish most desktop distros shipped stable GrSec kernels. With mprotect() restrictions turned off, they work out of the box with everything.)
Assuming that we are currently talking about additional anti-exploit software/GUI and not already built-in defence mechanism such as DEP, the answer is no. Why? Because I don't feel like bothering with it. Too much confusion, too much hesitation.
i voted "not interested". there's no security without inconveniences and i like my creature comfort. lol
Yes, common sense won't help you against exploits. As for increased complexity, that is overrated. I bet an average user won't notice a thing, I sure didn't until MBAE forgone compatibility. Even if you think you have enough protection, that doesn't mean anti-exploit tools don't add to it.
No, I do not think, that I need it, since exploits are done for default setups to hit the most users and my PC settings are far from it. I also do not feel comfortable using software, that does something somehow and it is not really that clear, what exactly it does.
Perhaps for you it is overrated, but for me it's another problem to worry about. At least I'm certain that EMET at full power breaks Firefox.
I'm running my Firefox under EMET protection, set to Maximum security settings and all works fine on my end.
Using HitmanProAlert 3 tech preview 1. Currently running without problem except for some keyboard encryption problems. Plan on employing it once it hits final release. This suites my security needs and strategy as i do not rely on any real time antimalware software. I prefer HIPS or Policy based, arguable these exploit mitigation software's fills the voids that these kinds of software tend to have. Together they should provide a very secure strategy with minimal overhead and burden on the user once HIPS or Policy restrictions are adequately trained.
I ran Firefox with only under EMET's protection. No other 3rd party security software. Ran it under Windows 8.0 with EMET 4.0 if I'm not being mistaken. The result was Firefox was not closed properly and still running in the background process, so I had to terminate it to fully close it. I don't know which mitigation does this since I didn't bother to troubleshoot it.
Thanks for the info. Good to know it's been taken care of now. But still, IMO mitigation techniques should be the domain of software developers, not the end users. Also, we don't know if the future versions of EMET will break other software in one way or another. That's just a bit too bothersome for my liking.
I totally agree with you on this one. Software developers should start adding those mitigations to their products. That way we wouldn't have to worry about compatibility as those restrictions would be built-in and software as whole would be created with those mitigations in mind.
Yes, on Win XP I used Comodo Memory Firewall, and on Win 8 I´m planning to use either MBAE or HitmanPro.Alert. It´s a nice extra layer.
Well if we're counting that then I technically have one too, since Comodo has that integrated into their D+ by way of a check box for shellcode injection protection. Between that and hardware DEP (Always On) I have at least basic defense against exploits. I do plan on adding either MBAE once it's matured a bit, or what I'm really excited about... Open EMET, which a buddy is working on. I won't be able to use ASLR or SEHOP here on XP but can take advantage of some of the app. specific mitigations. And no .NET FW bloat/attack surface necessary. If/when I can add that I'll feel that my XP Pro setup is complete.
Yes correct, it has been integrated into Comodo IS. But I have to say that it never blocked anything, I´m not sure how effective it is compared to MBAE and EMET.
Yeah, I'm sure it pales by comparison to both, and would only block the common buffer overflows... moot since even software DEP would probably kick in first and do the job. But really I think I'd almost have to try to be exploited, or very lax at least, the way my setup is. Only once in my life have I seen anything of the sort, and software DEP spring into action and terminated the session... which was sandboxed... then the sandboxed was deleted and back to business as usual. I think DEP would probably take care of the vast majority of exploits by itself. That's just an unsubstantiated theory though. And the other stuff is just for a nice added placebo effect. I've never heard of nor seen of any of the other mitigation techniques even firing before in real world situations. I feel perfectly safe with the basic protection I have. But more-so because of the miniscule attack surface I have than the DEP & D+ component. That said though I am (very) eagerly awaiting Open EMET. And if/when it is completed it will become a permanent member of my setup/sig.
