Tyler

How can I block this exploit using OA

Recommended Posts

http://www.virustotal.com/file-scan/report.html?id=fc0433686f654a6114b630a2604473c95379ebc3e097a41064764a437734a9a8-1312805972

I came across this old exploit today and was curious to see if OA can give me some alert.Unfortunately, nothing but silence. So I want to know if OA is designed to be capable of preventing exploits like this or not?

I did this test in a virtual machine.

OS: Windows XP SP3 x86. (windows updates not installed)

OA: Latest public beta

I will attach the file if requested.

Best regards,

Tyler

Share this post


Link to post
Share on other sites

Your topic has been moved to the Customer Support forum. Help, my PC is infected! is not the proper place for you question.

Someone more familiar with OA will provide you any assistance you may require.

Share this post


Link to post
Share on other sites

Hi Tyler,

Please pm me the file or even better - create a bug report, as you're a beta tester.

Thanks in advance,

Best regards,

Andrey.

I don't know if this is a real bug, so I'll pm you the file to confirm first. ;)

Share this post


Link to post
Share on other sites

Could you please tell me what kind of alert were you expecting to receive ?

To be honest, I don't know how the exploit works. I was expecting you to tell me something about the protection OA can provide from such a exploit. I don't know if it's something like a trojan. I mean when the file is executed, OA will response by popping up an alert saying something wants to run. But in this case, OA kept its mouth shut, so I wonder if the protection from exploits is OA's duty or not.

Share this post


Link to post
Share on other sites

There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware.

Share this post


Link to post
Share on other sites

There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware.

Hi Fabian,

Thanks for telling me how exploit works. I'm confident about the protection OA can provide. BTW, I like the forum update. ^_^

Share this post


Link to post
Share on other sites

so, after a few years from the above discussion,

how looks the situation with detection of exploits and rootkits by Online Armor (Premium)?

 

it's a quite important problem, because in a few months (from April 2014), there will be no more updates of Windows XP,

which is still used by about 35% of PC users, and the problem of exploits may arise here in a special way.

I've just read in a newspaper that there will be available specially prepared, very expensive exploits on the 'market'

to hack Windows XP; I hope there will be a solution to the problem, other than migrating to Win Vista/7/8, or so...

Share this post


Link to post
Share on other sites

It is technically impossible to protect from exploits. You can try to mitigate them (EMET for example), but that is not a firewall's job. The only real solution is to upgrade to a system that is still under continued development. That being said, Online Armor will still take care of the actual payload delivered through the exploit.

Share this post


Link to post
Share on other sites

thank you. 

 

Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE).

it's in a beta version now, interesting how it will work...

 

the crucial problem with security programs is the probability of possible (or maybe hypothetical, as in the case

of exploits) infection against the continuous issues caused by the security programs (that is, instability leading to the 'blue screen',

high usage of CPU and RAM, longer boot time, and so on).

Share this post


Link to post
Share on other sites

Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE).

it's in a beta version now, interesting how it will work...

I've tried it before. Malwarebytes purchased the company that created it. I don't know exactly how it works, but it does appear to be compatible with Emsisoft Anti-Malware (I have not tested it with Online Armor).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.