Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.
@Tarnak Wow, I get scared when i see your systray icons. I guess malware is running away also
Tarnak has always believed in the minimalist school of self defense
Yes, just like I do
I dont want to be his HDD , the i/o writes must be massive... ^^
What about compatibility with HitmanPro.Alert? And what do you think about ViRobot APT Shield?
Perhaps Tarnak can make a list of all security apps that he´s using, just for fun?
Improvements to the injection driver are being done. This will help a lot with known compatibility issues such as BullGuard & BitDefender w/ Chrome, HMP, etc.
There's a new MBAE 1.04 experimental build in case you want to take it for a spin:
Re: ViRobot I can't really comment. Haven't tried or tested it.
I'll do a test.
Updated to latest beta. After installing over existing version I rebooted computer and the monitor resolution was lowered (I reset). Not sure if anything to do with MBAE installation. So far running smooth with my programs. Ran MBAE exploit test and it blocked. Not running Java on my machine.
Does the experimental build 1.04.1.1006 free covers Chrome Canary x64?
When I install 1.04 I don't get the experimental licence like before, I get free one.
Added an explanation about that in the thread.
MBAE makes IE to crash (Win 8.1 Update, EMET 5) in case Bing search is activated via address bar search. Latest experimental build didn't solve this.
Cool, that´s nice to know. By the way, what do you think about adding a "banking trojan detection" feature like in HMP.A? Would that be difficult to add? And perhaps if you have the time, you can take a look at ViRobot APT Shield, I wonder how good it really is.
The incidental hanging of chrome when started by user was already solved, now it also runs great when using apptimer to launch Chrome repeately.
Apptimer also says chrome loads faster now, not really sure whether it is all because of new injector, because i have a newer Chrome version also since last time I check program launch times with MBAE
"A recent test by China-based PC Security Labs showed that some products are much more effective than others at [blocking exploit attacks:] Malwarebytes [Anti-EXPLOIT] beat all the rest with a success rate of 93.10 percent."
Remark: Most of the other products tested (aside from HitmanPro.Alert and EMET) were security "suites". Emphasize that MalwareBytes Anti-EXPLOIT can be run side-by-side with (i.e., complementing) these security suites! http://en.community.dell.com/emoticons/emotion-2.gif
Disclaimer: Be advised that Malwarebytes commissioned this test.
Hey... good stuff. Thanks for posting.
Norton is the great surprise here for me.
Too bad more apps like AppGuard & NVT EXE were not tested.
Hopefully there will be more of these tests to help us determine which product is the one we want.
Yes, MBAM sponsored... got it. But looks good for MBAE.
Nice job, I really wonder why MBAE performed so much better than the other apps. For example HMPA3 seems to be quite advanced.
It also makes me wonder how apps like EXE Radar and AppGuard (who don´t offer exploit mitigations) would do.
Here's the link to the actual PC Security Labs test results
in my case, the 4 exploits that were NOT blocked by MBAE were in fact successfully blocked by my Avast. Meaning that this combination was 100% effective
it is possible to perform a future test to other laboratories (AV-C..........)?
Unless AV-C only test for exploits I think it would be pretty pointless.
Congrats to MBAE for performing so well!
That was a paid for test. Please read the thread about HitmanPro.Alert. They paid for and insisted a Preview version of HMP.A was to be included just to show they had better scores than an unfinished product. Other than that, all competitors (except EMET which is FREE!) were security suites not specialized in exploits. Makes you wonder why they paid for the test other than just to bad mouth competitors... especially when they didn't even include AppGuard (afraid to go up against a 100% score competitor perhaps?).
Beside the unfairness against HMP.A also the EMET thing is nonsense. They testet the old version, cause the new one (v5) doesn't support the irrelvant test setting (unpatched XP-SP3). Even if still people use this old OS and it's better to find working exploits for it ... it's official no longer supported and therefore shouldn't be used as reference esp. in proactive tests. Newer OSes by itself offer better exploit protections and even in EMET2/3 times M$ showed, that XP (even with EMET) can't be as secure as newer OSes.
Beside the already mentioned issues (default settings, not enabled things ... but EMET and HMP.A aren't just set-and-forget applications) this sums up to the "value" of this test. Yes Malwarebytes not set the test setting, but they accepted and paid for it.
Bad and unfair marketing IMO.
Yes! The whole test is bogus.
As mentioned in another thread our objective was to see the differences in protection from proactive vs reactive approach to exploit blocking (i.e. signature-based vs proactive exploit mitigations) so we were surprised with the results as well.
Here are some facts to answer the concerns mentioned above about the test:
I would prefer a non-sponsored test any day of the week but that wasn't happening and many of you have been asking for third-party tests comparing anti-exploit products for quite some time. However PCSL did a very good job and their independent criteria prevailed during the entire test. I don't necessarily agree with some of the methodology decisions but it was their decision, not ours.
It was performed under WinXP as that OS is still in wide usage and more exposed to exploits as Win7/8 as there are no updates from Microsoft. However many of the exploits tested were for non-Microsoft applications (Java, Silverlight, Flash, QuickTime, etc.) and they also work under Win7/8.
It also tested Security Suites as they include some exploit blocking features. Comparing paid vs free vs suite vs commercial vs beta was not the objective. The objective was specifically to test exploit mitigation techniques. It's not uncommon to see FreeAV outperform PaidAV or Beta outperform Commercial products, so that's not relevant with the above objective in mind. EMET 4.1 is also a "Technical Preview" btw.
Other specialty products such as anti-EXE or white-listing were not included. Even if those products are able to block certain types of exploits, it is a by-product of their approach, not necessarily because they include specific exploit mitigation techniques.
The QuickTime bypasses of HMPA3 is probably due to a bug. For some reason the software radar didn't work when executing the exploit and PCSL chose to give it a fail.
The Java reverse shell fail of HMPA3 is documented in the methodology. The reverse shell is established, i.e. the exploit payload is executed. Some commands are blocked but some are not. This is easy to verify with Metasploit.
The IE8 bypasses are very real. Oddly they are ROP-based.
Separate names with a comma.