Malwarebytes bought Zerovulnerabilitylabs

Discussion in 'other anti-malware software' started by kupo, Jun 20, 2013.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Hi,

    MBAE gave me a false alert on top of the freezes so I rebooted computer. It works fine for now, so I suppose another reboot was needed. Also added MBAE to PowerApps in AppGuard just to be safe!
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It may be a good idea to change the MAE icon to something that won't resemble a firewall icon. Today a friend asked me why a security app which is a not a firewall has an icon resembling a firewall icon. It's confusing, and I agree.

    What do you think? ;)
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    I don't really think it's a firewall icon. Firewall icons are typically a brick wall. MBAE's icon is a shield with fire inside.
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Actually, the icon looks almost exactly like VodooShield but with the 'V' up-side-down inside the shield.

    Anyone else see this obvious similarity? :)
     
  5. guest

    guest Guest

    Then is not a firewall, is a fireshield :D

    Well if a remember well, Agnitum, Online Armor and Comodo FW (old version) use a shield as a tray icon.

    Could you take a look to this article?

    http://www.insanitybit.com/2013/06/22/exploitshield-smart-antiexecutable/

    Anything to say? basically he says ES is worthless and can be easily bypassed.
     
    Last edited by a moderator: Jul 1, 2013
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I agree that firewalls are typically represented by a brick wall, and that is the case of Windows own firewall, but there are others that also add fire to the brick wall. For example: -http://www.softpedia.com/get/Security/Firewall/Windows-7-Firewall-Control-Plus.shtml (look at the icon)

    Another example, and I'm not sure about the current version's tray bar icon, but the firewall settings tab has a fire icon in it: -http://i1-win.softpedia-static.com/screenshots/Comodo-Personal-Firewall_17.png?1371708824

    (Most likely this kind of confusion comes from this kind of examples.)
     
  7. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Discussed here already:
    https://www.wilderssecurity.com/showthread.php?t=333127&page=30
    (from post #730)

    Basically the author relies on a lot of hearsay... outdated hearsay.

    I think the root of his problem is with the name "ExploitShield" and "Anti-Exploit" and with his continued requests for us to publicly detail how the technology works (which we of course won't).

    At the end of the day what counts is if the product does what it says it does. In our case Malwarebytes Anti-Exploit is blocking hundreds of vulnerability exploit attacks every day as can be seen at http://www.zerovulnerabilitylabs.com/webconsole/lv.php.
     
  8. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    I have to say that 0.9.2.1200 has been working great for me for the last couple weeks. W7 Home Premium x64 SP1 production machine with only MBAM Pro as other security software. :thumb:
     
  9. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,853
    Is there an ETA for the 1.0 release?

    Also, been using it a couple weeks now and no major problems, just the shielded apps count and the GUI not loading a couple times. :thumb:
     
  10. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    I have ran this on my main desktop and on my laptop, both ran MBAE without any problems.

    I think it's quite stable and extremely light for a BETA :thumb:

    The only problem I have at the moment would be, It's not compatible with Sandboxie :(

    and yes...I am aware that I mentioned this before
     
    Last edited: Jul 3, 2013
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We're shooting for a 1.0 before end of year. There's a few really cool ideas and tech from Malwarebytes we are incorporating into Anti-Exploit beta prior to 1.0 release.

    As for Sandboxie there's not much we can do in the short term. We can't change our hooking mechanism to fix this, it is not trivial and will take some time. Sandboxie could allow us to hook the browser if they wanted to in the meantime.
     
  12. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA

    Nice! I can't wait to see where it's headed. :cool:
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    Can't wait for future releases, this will be exciting :D

    I hear ya on that, keep up the good work :thumb:

    Thanks
     
  14. Cyrano2

    Cyrano2 Registered Member

    Joined:
    Mar 19, 2010
    Posts:
    131
    Location:
    Spain
    Testing it :D .
     
  15. Maldoran

    Maldoran Registered Member

    Joined:
    May 6, 2013
    Posts:
    37
    Location:
    Norway


    It's running.
    The 0.9.2 is my first install of MBAE.

    I did as suggested and opened my installed FF.
    The GUI showed it as shielded. So it is working. Which is good, but that shows that it doesn't protect portable browsers.
    I'd like to suggest that it is implemented.
    Also I don't know if my Pale Moon browsers isn't shielded becouse of it doesn't know PM or because I use the portable version.
    Can you also add The K-Meleon browser?
     
  16. guest

    guest Guest

    Like what? more features?
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The criteria we follow for shielding new apps is that (a) it is widely used and (b) it is actively targeted by exploits.

    For now we support IE (iexplore.exe), FF (firefox.exe and plugin-container.exe), Chrome (chrome.exe) and Opera (opera.exe and opera_plugin_wrapper.exe). There are dozens of alternative browsers out there and most of them are based on one of the above. If your browser of choice is based on one of these and you can rename it to the original filename then MBAE will shield it, but that's not supported officially.

    @guest, sorry, you'll have to wait and see ;)
     
  18. Maldoran

    Maldoran Registered Member

    Joined:
    May 6, 2013
    Posts:
    37
    Location:
    Norway
    Thanks for your answer.

    I just noticed that it supports portable FF. :thumb:
    So I was wrong about that.

    In regard to your suggestion about renaming Pale Moon to FF, I tried that but it didn't work.
    Something needs to be changed that I'm not aware off.
    I changed the name of the portable launcher, the name of the INI file, the name in the splash in the INI file and the PaleMoon file in the Bin directory.
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    I downloaded Pale Moon and with 3 small changes you can make it work with Malwarebytes Anti-Exploit:

    palemoon.JPG

    1- In Palemoon-Portable.ini change the Appname variable under [Setup] to "firefox" (without the quotes) instead of "Palemoon".

    2- On disk, rename the directory \Bin\Palemoon to \Bin\firefox

    3- On disk, rename the file \Bin\firefox\palemoon.exe to \Bin\firefox\firefox.exe

    That should do it. Simply launch Palemoon-Portable.exe as you normally would and Malwarebytes Anti-Exploit will shield it as if it were the regular firefox.
     
  20. Maldoran

    Maldoran Registered Member

    Joined:
    May 6, 2013
    Posts:
    37
    Location:
    Norway
    Thank you. That kind of did it. :thumb:
    MBAE shows 1 protected app when I launch PM but there's no entry in the log window.
    Perhaps that is not important.
    Now I just need to figure out how to keep my prefs and addons under the new conditions.
    PM opens as a new browser with no addons and default prefs.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Yes, I also wondered about this. I wonder if Malwarebytes Anti-Exploit is using more advanced techniques to block malware.

    I mean wouldn´t a tool like EXE Radar Pro do the same? Or perhaps standard execution blockers are less powerful? :)
     
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes MBAE includes more protections such as memory exploit detection and we are adding more advanced memory techniques as well.

    I really like ERP but I don't think it's designed for the average user nor specifically for exploits. I've seen exploits bypass it via regsvr and rundll and I'm fairly sure memory-only exploits can bypass it as well.
     
  23. Any idea when the version which has the option to disable protection for an application will be released (I still have this Word problem on x32 bits which your QA contacted me for to run some tests).

    Regards Kees
     
  24. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Not any more!
    Those youtube videos were made with older Free version, which is now abandoned.
    Newer versions have regsvr32 and rundll32 in Vulnerable list and will give you popup when executing (or auto-block in lockdown mode).
     
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We're QA'ing the fixed version. Will be released asap.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.