Do you use a software anti-exploit?

Discussion in 'polls' started by Sampei Nihira, Jul 14, 2014.

?

On your security setup used the software anti-exploit?

  1. Yes

    57 vote(s)
    62.0%
  2. No

    20 vote(s)
    21.7%
  3. I'm not interested

    15 vote(s)
    16.3%
  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Please motivate your choices.
    TH.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    No. Two reasons:
    1. they tend to cause problems with applications they protect (let's say browser). Even after compatibility update new application update can break compatibility.
    2. I don't think I need one. Even if I get hit by exploit, payload would still be stopped by SRP.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Not interested. Linux is (as I understand it) pretty resistant to userspace memory exploits at this point, and I don't feel like recompiling my kernel every week for the latest GrSec patchset.

    (That said, I really wish most desktop distros shipped stable GrSec kernels. With mprotect() restrictions turned off, they work out of the box with everything.)
     
  4. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    No, I use an HIPS and I believe that it makes the work.
     
  5. guest

    guest Guest

    Assuming that we are currently talking about additional anti-exploit software/GUI and not already built-in defence mechanism such as DEP, the answer is no. Why? Because I don't feel like bothering with it. Too much confusion, too much hesitation.
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i voted "not interested".

    there's no security without inconveniences and i like my creature comfort. lol
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yes, common sense won't help you against exploits. As for increased complexity, that is overrated. I bet an average user won't notice a thing, I sure didn't until MBAE forgone compatibility. Even if you think you have enough protection, that doesn't mean anti-exploit tools don't add to it.
     
  8. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    MBAE & AppGuard
     
  9. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    No, I don't.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    I voted "yes", now.
    In my security setup is the last line of defence.
     
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    No, I do not think, that I need it, since exploits are done for default setups to hit the most users and my PC settings are far from it.
    I also do not feel comfortable using software, that does something somehow and it is not really that clear, what exactly it does. :doubt:
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I feel safer when I use an AE in XP
     
  13. guest

    guest Guest

    Perhaps for you it is overrated, but for me it's another problem to worry about. At least I'm certain that EMET at full power breaks Firefox.
     
  14. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I'm running my Firefox under EMET protection, set to Maximum security settings and all works fine on my end.
     
  15. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Using HitmanProAlert 3 tech preview 1. Currently running without problem except for some keyboard encryption problems.

    Plan on employing it once it hits final release. This suites my security needs and strategy as i do not rely on any real time antimalware software. I prefer HIPS or Policy based, arguable these exploit mitigation software's fills the voids that these kinds of software tend to have. Together they should provide a very secure strategy with minimal overhead and burden on the user once HIPS or Policy restrictions are adequately trained.
     
  16. guest

    guest Guest

    I ran Firefox with only under EMET's protection. No other 3rd party security software. Ran it under Windows 8.0 with EMET 4.0 if I'm not being mistaken. The result was Firefox was not closed properly and still running in the background process, so I had to terminate it to fully close it. I don't know which mitigation does this since I didn't bother to troubleshoot it.
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    @ GrafZeppelin

    EAF.
    With the latest versions of Firefox and EMET 4.1 update 1 does not happen.
     
  18. guest

    guest Guest

    Thanks for the info. :thumb: Good to know it's been taken care of now. But still, IMO mitigation techniques should be the domain of software developers, not the end users. Also, we don't know if the future versions of EMET will break other software in one way or another. That's just a bit too bothersome for my liking.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    I totally agree with you on this one. Software developers should start adding those mitigations to their products. That way we wouldn't have to worry about compatibility as those restrictions would be built-in and software as whole would be created with those mitigations in mind.
     
    Last edited: Jul 21, 2014
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That might be ideal for products currently in development, but no chance with old versions.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Yes, on Win XP I used Comodo Memory Firewall, and on Win 8 I´m planning to use either MBAE or HitmanPro.Alert. It´s a nice extra layer. :)
     
  22. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Well if we're counting that then I technically have one too, since Comodo has that integrated into their D+ by way of a check box for shellcode injection protection. Between that and hardware DEP (Always On) I have at least basic defense against exploits.

    I do plan on adding either MBAE once it's matured a bit, or what I'm really excited about... Open EMET, which a buddy is working on. I won't be able to use ASLR or SEHOP here on XP but can take advantage of some of the app. specific mitigations. And no .NET FW bloat/attack surface necessary.

    If/when I can add that I'll feel that my XP Pro setup is complete.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Yes correct, it has been integrated into Comodo IS. But I have to say that it never blocked anything, I´m not sure how effective it is compared to MBAE and EMET. :)
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yeah, I'm sure it pales by comparison to both, and would only block the common buffer overflows... moot since even software DEP would probably kick in first and do the job. But really I think I'd almost have to try to be exploited, or very lax at least, the way my setup is. Only once in my life have I seen anything of the sort, and software DEP spring into action and terminated the session... which was sandboxed... then the sandboxed was deleted and back to business as usual. I think DEP would probably take care of the vast majority of exploits by itself. That's just an unsubstantiated theory though. And the other stuff is just for a nice added placebo effect. I've never heard of nor seen of any of the other mitigation techniques even firing before in real world situations.

    I feel perfectly safe with the basic protection I have. But more-so because of the miniscule attack surface I have than the DEP & D+ component.

    That said though I am (very) eagerly awaiting Open EMET. And if/when it is completed it will become a permanent member of my setup/sig.
     
    Last edited: Jul 24, 2014
  25. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Against userland exploits, EMET.
    Against kernel exploits, OS updates.
     
Loading...