Malwarebytes Anti-Exploit

Hey could you do an example of Pale Moon blocking an exploit in your blog when the next exploit hits that pertains to Firefox (if that's possible)? This would be great! And I think some of the other Pale Moon users would like to see this too happen.

 

TOR uses a modified 31.8 ESR (outdated) firefox code and PaleMoon uses another (not by mozilla maintained) gecko fork and do not contain latest features or security patches. so i call it by default vulnerable either x64 or not. thats also reason why some extension are not functional.

 

Yes that's partly true about us not containing certain code patches that only relates to the newly Firefox and it's features. But the other half is not because "Pale Moon is not Firefox, and will never be again." So let me quote you somethings that will clear those up, ok.


"......If our code isn't vulnerable, then there is also no reason to add (unnecessary) extra checking code to work around a non-existing problem (current vulnerabilities in Firefox)...... So we neither can nor are obligated to apply all patches that exist for a different product. In fact, blindly doing so may break our product with a relatively high degree of certainty in quite a few cases......."

"In Pale Moon 25, the GUID was changed to reflect the continuing divergence between the browser and its sibling. Most of the time a modification to chrome.manifest or bootstrap.js to add/change the hard-coded GUID is a simple solution to issues with add-ons. This will be done for many of the most used add-ons where a developer has chosen not to support Pale Moon or the add-on has been abandoned. Creating a pseudo-static version of the add-on as a Pale Moon specific one."

"In Firefox 29, Mozilla adopted a nearly completely rewritten user interface and theme as well as some technologies that Pale Moon has chosen not to implement. Add-ons targeting these features without fall-backs to the more time-tested and more commonly used features in all Mozilla-based programs will not be supported."

Well I hope this is bit more clearer. If you and anyone else want to know more, by all means look through our forums and homepage for the info, which can found here, here, here and here. You can also privately message us if it does not relate to the public info already given.

 

thx - i know all that text, i was a voluntary firefox supporter but i still read support forums.

 

This isn't good. How can I tell if MBAE (Free) is protecting firefox? I tried looking with process explorer but don't know what to look for.

 

It's really simple, click on the Firefox process and look for mbae.dll in the tab below. If it is there everything is ok.

 

Could MBAE check for Chrome and if it isn't found it would display the list rather than forcing someone to go looking inside all the processes for mbae.dll?

 

Just open Find from the main menu and type in mbae.dll and again mbae64.dll if you're shielding 64 bit apps. That'll list all the stuff where MBAE is injected.

It's a pane, not a tab, and simple only if under View in the main menu one has "Show Lower Pane" checked and in "Lower Pane View" DLLs is checked. I think I remember those are not selected by default.

 

Thanks for the information on using Process Explorer.

 

Does MBAE allready covers Edge?

 

Not yet, but you can add Edge manually

 

Microsoft Edge. I've added this browser to MBAE and it works just fine.can someone tell me how to shield edge.i have tryed not working.or i am doing something wrong...

 

Add both:

Code:

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

 

Does MBAE cover the plugin container in FF? Or is there a need to protect it?

 

FF's plugin-container.exe is automatically shielded by MBAE. No need to add a shield for it.

 

Thanks

 

thank's WildByDesign.that worked.cheers

 

I purchased a copy of Malwarebytes Pro several years ago and I used to be able to install the Anti-Exploit from the Malwarebytes site. However, after I did a Windows 8.1 'Refresh' several months ago, I now get a message from Malwarebytes that my current Malwarebytes program(Pro) is not compatible with the Anti-Exploit program.

 

Hi RCGuy, can you please post a screenshot of that message.

 

Does MBAE makes a diference between Opera Presto (v12) and chrome based Opera (v31)? Do we need a custom shield for Opera Presto or ... ? I ask, because both are opera.exe.

 

MBAE defaults to the ChromeBrowser family for Opera. If you are using v12 or earlier, you can simply go to Advanced Settings -> Application Hardening and enable the Anti-HeapSpraying Enforcement for the ChromeBrowser family.

 

@ ZeroVulnLabs

What do you think about this?

http://www.tomsguide.com/us/freezing-starving-malware-summercon,news-21358.html

 

Interesting concept. Would be nice to see if it works under 64bit OS.

 

Good to know, thank you.

 

now for those who questioned what's the point of securing Skype ...
let me remind you with example http://www.maadssec.com/blog/skype-unauthorized-file-execution/