Tyler 0 Report post Posted August 8, 2011 http://www.virustotal.com/file-scan/report.html?id=fc0433686f654a6114b630a2604473c95379ebc3e097a41064764a437734a9a8-1312805972 I came across this old exploit today and was curious to see if OA can give me some alert.Unfortunately, nothing but silence. So I want to know if OA is designed to be capable of preventing exploits like this or not? I did this test in a virtual machine. OS: Windows XP SP3 x86. (windows updates not installed) OA: Latest public beta I will attach the file if requested. Best regards, Tyler Quote Share this post Link to post Share on other sites
Kevin Zoll 308 Report post Posted August 8, 2011 Your topic has been moved to the Customer Support forum. Help, my PC is infected! is not the proper place for you question. Someone more familiar with OA will provide you any assistance you may require. Quote Share this post Link to post Share on other sites
Andrew F. 28 Report post Posted August 8, 2011 Hi Tyler, Please pm me the file or even better - create a bug report, as you're a beta tester. Thanks in advance, Best regards, Andrey. Quote Share this post Link to post Share on other sites
Tyler 0 Report post Posted August 8, 2011 Hi Tyler, Please pm me the file or even better - create a bug report, as you're a beta tester. Thanks in advance, Best regards, Andrey. I don't know if this is a real bug, so I'll pm you the file to confirm first. Quote Share this post Link to post Share on other sites
Andrew F. 28 Report post Posted August 8, 2011 Could you please tell me what kind of alert were you expecting to receive ? Quote Share this post Link to post Share on other sites
Tyler 0 Report post Posted August 8, 2011 Could you please tell me what kind of alert were you expecting to receive ? To be honest, I don't know how the exploit works. I was expecting you to tell me something about the protection OA can provide from such a exploit. I don't know if it's something like a trojan. I mean when the file is executed, OA will response by popping up an alert saying something wants to run. But in this case, OA kept its mouth shut, so I wonder if the protection from exploits is OA's duty or not. Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted August 8, 2011 There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware. Quote Share this post Link to post Share on other sites
Tyler 0 Report post Posted August 9, 2011 There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware. Hi Fabian, Thanks for telling me how exploit works. I'm confident about the protection OA can provide. BTW, I like the forum update. Quote Share this post Link to post Share on other sites
wojtek 0 Report post Posted August 27, 2013 so, after a few years from the above discussion, how looks the situation with detection of exploits and rootkits by Online Armor (Premium)? it's a quite important problem, because in a few months (from April 2014), there will be no more updates of Windows XP, which is still used by about 35% of PC users, and the problem of exploits may arise here in a special way. I've just read in a newspaper that there will be available specially prepared, very expensive exploits on the 'market' to hack Windows XP; I hope there will be a solution to the problem, other than migrating to Win Vista/7/8, or so... Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted August 27, 2013 It is technically impossible to protect from exploits. You can try to mitigate them (EMET for example), but that is not a firewall's job. The only real solution is to upgrade to a system that is still under continued development. That being said, Online Armor will still take care of the actual payload delivered through the exploit. Quote Share this post Link to post Share on other sites
wojtek 0 Report post Posted August 31, 2013 thank you. Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE). it's in a beta version now, interesting how it will work... the crucial problem with security programs is the probability of possible (or maybe hypothetical, as in the case of exploits) infection against the continuous issues caused by the security programs (that is, instability leading to the 'blue screen', high usage of CPU and RAM, longer boot time, and so on). Quote Share this post Link to post Share on other sites
GT500 771 Report post Posted September 4, 2013 Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE). it's in a beta version now, interesting how it will work... I've tried it before. Malwarebytes purchased the company that created it. I don't know exactly how it works, but it does appear to be compatible with Emsisoft Anti-Malware (I have not tested it with Online Armor). Quote Share this post Link to post Share on other sites
