Jump to content

How can I block this exploit using OA

Tyler

By Tyler,
in Other Emsisoft products

 Share Followers 1

Recommended Posts

Tyler

Tyler 0

Posted
Posted

http://www.virustotal.com/file-scan/report.html?id=fc0433686f654a6114b630a2604473c95379ebc3e097a41064764a437734a9a8-1312805972

I came across this old exploit today and was curious to see if OA can give me some alert.Unfortunately, nothing but silence. So I want to know if OA is designed to be capable of preventing exploits like this or not?

I did this test in a virtual machine.

OS: Windows XP SP3 x86. (windows updates not installed)

OA: Latest public beta

I will attach the file if requested.

Best regards,

Tyler

Link to post
Share on other sites
Tyler

Tyler 0

Posted
  • Author
Posted

Hi Tyler,

Please pm me the file or even better - create a bug report, as you're a beta tester.

Thanks in advance,

Best regards,

Andrey.

I don't know if this is a real bug, so I'll pm you the file to confirm first. ;)

Link to post
Share on other sites
Tyler

Tyler 0

Posted
  • Author
Posted

Could you please tell me what kind of alert were you expecting to receive ?

To be honest, I don't know how the exploit works. I was expecting you to tell me something about the protection OA can provide from such a exploit. I don't know if it's something like a trojan. I mean when the file is executed, OA will response by popping up an alert saying something wants to run. But in this case, OA kept its mouth shut, so I wonder if the protection from exploits is OA's duty or not.

Link to post
Share on other sites
Fabian Wosar

Fabian Wosar 390

Posted
Posted

There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware.

Link to post
Share on other sites
Tyler

Tyler 0

Posted
  • Author
Posted

There is only one reliable way to protect from exploits: Don't use exploitable software and keep your system updated. HIPSes can only mitigate the damage an exploited application can do to your system but not prevent the exploit from taking place in the first place. In case of the JPEG exploit the payload is usually some shell code that downloads and executes malware. OA would fully protect your from that kind of payload as it will detect and prevent the execution of the newly downloaded malware.

Hi Fabian,

Thanks for telling me how exploit works. I'm confident about the protection OA can provide. BTW, I like the forum update. ^_^

Link to post
Share on other sites
  • 2 years later...
wojtek

wojtek 0

Posted
Posted

so, after a few years from the above discussion,

how looks the situation with detection of exploits and rootkits by Online Armor (Premium)?

 

it's a quite important problem, because in a few months (from April 2014), there will be no more updates of Windows XP,

which is still used by about 35% of PC users, and the problem of exploits may arise here in a special way.

I've just read in a newspaper that there will be available specially prepared, very expensive exploits on the 'market'

to hack Windows XP; I hope there will be a solution to the problem, other than migrating to Win Vista/7/8, or so...

Link to post
Share on other sites
Fabian Wosar

Fabian Wosar 390

Posted
Posted

It is technically impossible to protect from exploits. You can try to mitigate them (EMET for example), but that is not a firewall's job. The only real solution is to upgrade to a system that is still under continued development. That being said, Online Armor will still take care of the actual payload delivered through the exploit.

Link to post
Share on other sites
wojtek

wojtek 0

Posted
Posted

thank you. 

 

Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE).

it's in a beta version now, interesting how it will work...

 

the crucial problem with security programs is the probability of possible (or maybe hypothetical, as in the case

of exploits) infection against the continuous issues caused by the security programs (that is, instability leading to the 'blue screen',

high usage of CPU and RAM, longer boot time, and so on).

Link to post
Share on other sites
GT500

GT500 854

Posted
Posted

Malwarebytes tries to protect against exploits; their quite new project is Malwarebytes Anti-Exploits (MBAE).

it's in a beta version now, interesting how it will work...

I've tried it before. Malwarebytes purchased the company that created it. I don't know exactly how it works, but it does appear to be compatible with Emsisoft Anti-Malware (I have not tested it with Online Armor).

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 01/20/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...