plat1098

Emsisoft and HitmanPro "AntiRansomware"

Recommended Posts

Currently have Emsisoft Internet Security with Malwarebytes Anti Exploit on a Windows 8.1 machine and using Internet Explorer 11 browser exclusively.   I am seriously considering adding the above antiransomware product but would like to know if there would be potential conflicts between any of the three products or issues that would result in a reduction of effectiveness of any of the three.  Is the HitmanPro product worthwhile to get?  Windows 10 is a little too "mysterious" for me right now but it seems nothing is exploit-proof.  Thanks for info.

Share this post


Link to post
Share on other sites

I would not use two anti-exploit products at the same time. If you are going to use HitmanPro.Alert, uninstall MBAE.

 

 

Totally agree, and personally I feel HitmanPro Alert is the stronger of the two.  I use it with EAM/EIS and there are no conflicts.   Didn't even need any excludes.  The subject is however a bit misleading.  HMPA is more then AntiRansomware.

 

From my testing with a few ransomware nasties EAM/EIS does a pretty good job itself.

Share this post


Link to post
Share on other sites

Wow, thanks for this info, I'm trying to sift through all the promotional hoopla, and was hoping both could co-exist but that doesn't seem to be the case.  Don't run paid MBAM very often with Emsisoft in the house but wasn't sure about the two anti-exploits. Since I'm running older Windows with a vulnerable browser, I need an extra shield or two, and HitmanPro seems to be the one :D   I likely misunderstood when I thought the two products differed in their make-up and could therefore reside on the same machine.  HitmanPro touts its own product as "antiransomware," so it's good to know it's actually more than just that.

 

I had a Java exploit blocked on a Yahoo news page in October and four days ago, my account password was stolen and the "reset password" function corrupted on another site.  Since you can't look on the other side of a webpage to see what's going on there, a more informed decision for me is crucial.  Thanks again.

Share this post


Link to post
Share on other sites

If you are still running XP, I do not recommend it. All the security in the world is not going to stop weak points that reside deep in the kernel of the OS - not to mention that the security vendors will stop supporting XP at some point in time.

Upgrade to later Windows versions if you can - or use Linux if you cannot.

Share this post


Link to post
Share on other sites

Actually, it's the 8.1 version, so can you imagine what you're exposed to if you run the XP? Or even Windows 7? Windows 10 seems a little shady to me right now, updates appear then disappear, Microsoft is promoting it too aggressively,  and you never quite know what it is that's installing when it's update time. Linux is indeed looking better all the time......

Share this post


Link to post
Share on other sites

Hitman Pro Alert and Emsisoft products should reside together on 8.1 just fine.   But don't mix HMPA and MBAE, even if they don't conflict they may collide and cause loss of protection

Share this post


Link to post
Share on other sites

No, it's clearly one or the other, and because of the specific antiransomware aspect of HitmanPro, that's what I'm going with.  By the way, AVG blocked that Java exploit, not MBAE.  MBAE never loaded on the desktop when AVG was in place, so the awareness of conflicts (or something else via AVG) was already there. I originally thought HP and MBAE differed enough in their software, so they could co-exist along with Emsisoft  but clearly, that's incorrect.   I got rid of AVG because among other things, its recent "automatic update" corrupted my Windows update service and I found that out only by chance.  Bye.

 

This encrypting malware seems to be getting nastier and more prevalent by the hour. I wonder what the incidence of exploits using Windows 10 is compared to the earlier versions.  I'll be looking into that, for sure.

Share this post


Link to post
Share on other sites

This encrypting malware seems to be getting nastier and more prevalent by the hour. I wonder what the incidence of exploits using Windows 10 is compared to the earlier versions.  I'll be looking into that, for sure.

Actually, the majority of the exploits are against plugins such as Adobe Flash, Adobe Reader, and Java. As long as you have version of Windows that is still receiving security updates, and you are making sure those updates get installed, the biggest threat will be via vulnerabilities in plugins. I recommend simply uninstalling the ones you don't need, or at least disabling them. You can't exploit what isn't there. ;)

Share this post


Link to post
Share on other sites

Yes, I have additional info request related to above reply. First, after ditching all prev. security programs and associated yuckware, I have EIS and HPA; let me tell you, no more brutalizing the hard drive when loading, no more ballooning of RAM or protracted scans or shutdowns, something my large and smelly machine really appreciates. One thing with EIS: In Task Manager, at times the Service only consumes 4mb RAM, is that expected? That's so miniscule.

Second info request: And maybe this should be posted elsewhere, so please tell me if so. It's immaterial what Windows version you have because of the Adobe and Java products? Windows 10 was touted to be more secure than previous versions but I'm not too savvy in general about these things. I guess it's reliant on Windows updates to a large extent. Can a Java exploit succeed if you don't have one iota of Java Runtime installed on your machine? That's my case, and the type, Jave exploit 2922, has virtually no info about it, but I shudder to think what it contained. Anyone know? This happened on a Yahoo page and Oracle and Yahoo seemed to have formed some unholy alliance, ditched Yahoo also. post-41660-0-37711500-1449595960_thumb.png
Download Image

Share this post


Link to post
Share on other sites

I run EIS on Windows 7 x64, and it is also just that much.

Can a Java exploit succeed if you don't have one iota of Java Runtime installed on your machine?

If you do not have Java installed then Java exploits will fail :)

Share this post


Link to post
Share on other sites

One thing with EIS: In Task Manager, at times the Service only consumes 4mb RAM, is that expected? That's so miniscule.

Our software will offload database signatures that are not being used to the pagefile in order to reduce memory usage. Of course, Windows will automatically move any part of our database back to RAM when our software is trying to use it, which can cause a momentary delay. If you're more concerned about performance than memory usage, then you can disable the memory usage optimization in the settings in EIS.

It's immaterial what Windows version you have because of the Adobe and Java products? Windows 10 was touted to be more secure than previous versions but I'm not too savvy in general about these things. I guess it's reliant on Windows updates to a large extent.

I wouldn't say that Windows version doesn't matter at all, however most exploits attack plugins rather that the operating system. Granted more advanced security features in the operating system may help prevent the exploit from being successful even if there is a vulnerable plugin, such as the UAC (User Account Control) which will prompt you to ask whether an application should be allowed to have administrator rights. Since running a browser normally while the UAC is turned on means the browser (and any processes that are launched by it) won't have admin rights, an infection can't be successfully installed without you clicking a button to grant it admin rights.

Can a Java exploit succeed if you don't have one iota of Java Runtime installed on your machine?

No, the Java Runtime Environment is required for a Java exploit, and they won't execute without it.

That's my case, and the type, Jave exploit 2922, has virtually no info about it, but I shudder to think what it contained. Anyone know? This happened on a Yahoo page and Oracle and Yahoo seemed to have formed some unholy alliance, ditched Yahoo also. attachicon.gifCapture.PNG

The alert in the screenshot you posted is about a malicious Java file of some sort ("type 2922" is an AVG designation, and they don't seem to have any real description of what type of exploit that is). These exploits work by embedding some sort of Java content in a webpage, which means you web browser will attempt to load whatever file/files make up that content and pass them to the Java pluin. If there is no Java plugin, then the exploit will fail, as there is no Runtime Environment to execute it. Java programs/Applets actually can't execute without a virtual machine designed to process Java bytecode (aka the "Java Runtime Environment" or "JRE"), and it is this virtual machine that has the security vulnerabilities that are being exploited by Java exploits.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.