Dark Star 72

HMP.Alert & MBAE

Recommended Posts

There has been much publicity recently to the growing threat posed by 'exploits' and HitmanPro.Alert and Malwarebytes Anti-Exploit have been widely promoted as the answers to this.

However one of the testers of HMP.A over at Wilders (who is a member here) noted that while HMP.A succesfully stopped a threat he tried against it so did EIS.

So do HMP.A and MBAE actually provide any extra protection from 'exploits' over and above what EIS alone already provides. Is there any real point in installing one or the other of them in addition to EIS.

Share this post


Link to post
Share on other sites

Hello Dark Star 72,

 

This is solely my approach...and my opinions...

 

I greatly reduce exploit potential on my system simply by not using Adobe Acrobat, Reader & Flash, Windows Media Player, Microsoft Office, and Oracle Java.  Instead, I use alternatives.

 

I also use Secunia PSI to keep my software up-to-date.

 

That said, my attitude is that it makes no difference which route malware takes onto my system - whether via exploit or otherwise.  Once that malware is on my system, then its actions are very likely to be detected by EIS' Behavior Blocker.  In testing the Behavior Blocker against malware on my system it has done a rather fine job.

 

I suppose there is value in an anti-exploit if it prevents malware that none of the EIS guards would detect from entering your system.

Share this post


Link to post
Share on other sites

Hello there,

I use MBAE Premium with EIS, since MBAE will stop exploits before they drop anything on your system. EIS' Behavior Blocker will catch whatever things that slipped through.

I cannot uninstall Flash because I play a Facebook game (stupid, I know). So mitigration is the next best step.

In my opinion, having HitmanPro.Alert or MBAE will stop exploits before they drop malware on your system. Once malware is already on a system (if it manages to get through Surf Protection and File Guard), this is where the Behavior Blocker comes into play.

Regards,

Alex

Share this post


Link to post
Share on other sites

Did EIS stop it by signature or behavior blocker?

 

 

I was one of the people who tested HMPA with EIS.   EIS first stopped with signature.  Turning off FIle Guard, the the BB blocked it.  I run more then EIS, because I have client financial info on my home computers, but from the testing I've done, the average home user in particular would do well with EIS alone.

 

Pete

Share this post


Link to post
Share on other sites

I was one of the people who tested HMPA with EIS.   EIS first stopped with signature.  Turning off FIle Guard, the the BB blocked it.  I run more then EIS, because I have client financial info on my home computers, but from the testing I've done, the average home user in particular would do well with EIS alone.

 

Pete

Thanks for the info Pete. I knew it was you who did the test I was refering to but hadn't the time to search back hundreds of pages to find it for the full details. As I also have AppGuard installed I just kept thinking to myself  "are all these other apps really neccessary" when EIS probably covers the same scenarios anyway.

EMET, HMP.Alert and MBAE can all be useful under certain circumstances. The most effective step to fending of exploits is to reduce your attack surface. Keep the software you use up-to-date and try to get rid of Java and Adobe plugins. If you can't get rid of them completely, at least turn them on only for the sites that you know won't work without them. All browsers that I have used in the past year have features which makes it very easy to limit plugins to just a few sites. If for some reason you can't do either of that, then adding exploit protection can be somewhat useful.

Thank you Fabian, thats basically what I wanted to know.  I have not had Java installed for years, only use Flash on demand when required and only have two other plugins anyway.

Share this post


Link to post
Share on other sites

I'll tell you why I run Appguard along with EIS.   When EIS BB throws up an alert I have to make a decision.  I always assume I will make the wrong decision, even though that isn't true.   So if I make a mistake with EIS, Appguard will still block automatically and protect me.

 

Pete

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.