Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.
Does MBAE still conflict with SBIE? I would love to try it, but I won't sacrifice SBIE
I see, thank you.
I think it still does conflict, Pete, but I'm using it anyway because lots of other stuff is protected -- particularly with the Premium version. Actually, with the Premium version you can add just about any app you want to the Shields list, which is a nice feature.
BTW, I'm still using FF under Sandboxie. And in that scenario, even though FF is not specifically protected, Sandboxie pretty much takes care of the browser issues and MBAE adds some additional layered security to other apps.
Okay, thanks Tom. As another question, do you think it adds much if running Appguard?
Thanks Rasheed187 for this insightful post, it helps me understand more on the differences of these different programs.
Don't know if you were directing this question at me or someone else, but I do use AppGuard as well. Does it help?. . . is it needed?. . . I have absolutely no idea. However, because it seems to be very light on system resources and very unobtrusive, I figure it can't hurt anything. And as I said, it's just another layer of protection.
No problem, and BTW I forgot to add that HIPS can only stop the execution of malware if they monitor "process execution". So for example a simple HIPS like WinPatrol won´t offer any protection against exploits.
OK I see, but I just wondered about this, because it seems so strange to patent code that can be written by anyone. Other apps like VoodooShield and AppGuard have apparently also patented the design (?) of the software, seems weird to me.
OK, very interesting, so perhaps that is why some products performed poorly in the PCSL anti-exploit test?
I understand, but what do you think about HMPA, in the GUI you can even see what type of mitigations they offer (of course not the logic behind it), you apparently think that this is not a good idea either?
Akamai persons - please glance at Perspectives website, which pertains to an extension available for Firefox browser.
QUESTION: If I am running MBAE, do I need that Perspectives extension, or not?
The Perspectives extension doesn´t seem to be related to blocking exploits, instead it´s trying to stop so called man-in-the middle attacks.
If I had to guess, I would say the reason for not listing mitigations (minus the logic) in the GUI would likely to be just to keep things simple so that it doesn't seem overwhelming for people who may not understand, and that along could scare of potential new user purchases and that crowd would probably make up the larger percentage of their future intended user base.
Having said that, I think that we should suggest that MBAE maybe add an Advanced option for a more detailed GUI for power users like members here at Wilders who like to get their hands dirty. The program would start in the current dumbed down GUI but an Advanced option could be something to opt-in if we choose. Obviously most of us users here at Wilders like to tinker with our security software. That is why I often get bored of this type of set-it-and-forget-it software with no options. But clearly I do understand how the simplified interface is good for their larger percentage of users or at least likely their future target user base. I am intrigued by MBAE though and continue to follow developments.
Yes I think they want to keep it as simple as possible. But that´s not exactly what I meant. The thing is, Malwarebytes refuses to give that type of info, while EMET and HMPA are very open about it, that is a bit "striking". On the other hand I can also understand it from their point of view.
I have MBAE PRO. As far as I could determine, neither the systray icon nor the main GUI offer a click spot to check for updates.
QUESTION: How do I know when updates are issued?
MBAE checks for upgrades automatically every so often. If there's one available it will prompt you asking if you want to upgrade or not.
There's a new release coming soon and you'll be able to see the upgrade prompt.
We are happy to announce the availability of Malwarebytes Anti-Exploit, version 1.04.1.1012!
This version includes a whole new set of exploit detection and blocking techniques, specifically for Layer1 to prevent exploit shellcode and for Layer2 advanced Java and other type of exploit payloads. In addition it improves usability with Desktop-based Java applications and some other usability improvements. The changelog is as follows:
Added various new layer 1 and layer 2 detection techniques
Improved various aspects of installation and automatic upgrades
Improved UI to make it easier to activate Premium
Improved threat information telemetry
Improved Java shield to prevent slowdowns and FPs in desktop-based applications
Fixed FP with Excel addon
Fixed bug executing Desktop shortcut after install
Updated hooking framework
In order to download MBAE 1.04 please visit the main Malwarebytes Anti-Exploit page.
Existing users of MBAE 1.03 will receive the automatic upgrade prompt. Initially we will roll this out slowly over the next two or three weeks to make sure the automatic upgrades is working as expected.
Any progress with getting it to work with Sandboxie?
Not with 1.04. For 1.05 we're working on improving compatibility with third-party apps by improving the hooking driver. Keep an eye out on the Experimental sub-forum for a 1.05 test version soon.
Oh good, Chrome loads fine again. Even with latest free stable EMET, HMP.A, and APT Shield. Now I need to test an exploit and hope everything doesn't fubar on me.
Didn't exactly fubar, but browsers stopped working unless MBAE is disabled. AX64 to MBAE-less snapshot.
Okay, I will do that, and look forward to giving it a test.
I was just logging in to ask if the current HMP.A 2.6.5 was compatible with the free version of MBAE when I read your post, so I guess they are now, is that right?
According to this it isn't - Known Issues & Conflicts
To me it is fixed.
Is it correct to say that if at some moment there's no running apps that MBAE free covers then anyway MBAE gives protection to the OS?
MBAE Free version only has shields for Mozilla Firefox, Google Chrome, Internet Explorer and Opera as well as Java. To protect other OS components, additional software and custom options you would have to use the paid version. Lately I've been using MBAE for browser exploit protection and using EMET to protect everything else. You just need to make sure you don't protect the browsers with EMET in this case because the two programs would likely overlap and cause problems. But it's a pretty decent setup.
Thank you. EMET has OS-wide protection options: DEP, SEHOP, ASLR. I thought MBAE free could have something like this.
Separate names with a comma.