Malwarebytes Anti-Exploit aims to stop unknown threats to Windows

Malwarebytes Anti-Exploit aims to stop unknown threats to Windows

Summary: Malwarebytes has launched a lightweight exploit shield designed to prevent zero-day attacks and other unknown threats to Windows, including Windows XP. And the basic version is free….

SHARE:
TOPICS: Security, Software
8
MBAE_biz (600 x 276)

Zero-day attacks are a nightmare for businesses that use Windows because, by definition, there is no patch to prevent them, and traditional anti-virus programs may not have signatures to identify them. Some anti-virus companies have used approaches based on heuristics — identifying virus-like behaviour — to block them, but Malwarebytes Anti-Exploit takes a different approach: it shields selected applications from attack.

"We're not looking at how but at what," said Pedro Bustamante, Malwarebytes' director of special projects, in a telephone interview. "We're looking at the attack behaviour rather than the malware behaviour."

Exploit attack behaviour includes things like redirects and attempts to corrupt memory and download executable code. All this happens before the virus is even downloaded. It precedes any analysis of malware behaviour, which is the basis of heuristic defences.

The result is very light weight (3MB) background protection program that runs alongside traditional anti-virus software. It's very low-maintenance because it doesn't use or need any virus signature updates. You just install it then forget about it.

MBAE_About (200 x 166)

The free version of Malwarebytes Anti-Exploit (MBAE) protects the leading Windows browsers and Java, and stops them from executing exploit code. The premium version adds protection for the core Microsoft Office applications (Word, Excel and PowerPoint) and other popular targets. These include Adobe Acrobat and Reader, VLC Player, and Apple's QuickTime Player.

The Premium version costs $24.95 per year. The business version uses a management console and centralized reporting, with a reduced price for 25-49 seats. Deals can be negotiated for 50+ seats.

Bustamante co-founded Zero Vulnerability Labs and launched the first version of the program as ExploitShield about two years ago. Malwarebytes bought the company, and the MBAE version has spent the past year in beta test. "Since then, we've advanced it a lot," he says.

Malwarebytes hired Kafeine, a "world-renowned threat researcher", to test its product against the 11 most commonly used exploit kits (EKs) and the 14 most common exploits. It passed all the tests. On his blog, Kafeine concluded: "Malwarebytes Anti-Exploit is working as expected against all widely used exploit kit. It works on Java exploit where Emet wouldn't. This product sounds like a good additional layer against unpatched ('0day') exploit as well even if I have some doubts on his ability to stop Kernel level exploit." (EMET is the Enhanced Mitigation Experience Toolkit, Microsoft's attempt at blocking exploits, which is in technical preview at the moment.)

Kafeine also posted two videos. The first shows a virtual PC falling to the recent CryptoWall virus, dropped by the Rig EK during a visit to a soccer kit website. The second video (below) shows the free version of MBAE being installed and blocking the exploit.

Marcin Kleczynski, Malwarebytes' CEO, said in a statement: "With the advanced threat landscape becoming increasingly exploit-led, this new proactive technology puts people and companies back on solid ground. This is especially important for those still running Windows XP."

I've been running MBAE on my main Windows 7 PC and have not been able to detect any adverse effects, so I'm planning to install the free version on all our Windows machines. It hasn't blocked any exploits so far, but if it had saved me from having CryptoWall encrypt my PC then I'd be duly grateful. And I reckon there's a better chance of me avoiding the next unknown exploit by running MBAE than by not running it.

 

 

Topics: Security, Software

Jack Schofield

About Jack Schofield

Jack Schofield spent the 1970s editing photography magazines before becoming editor of an early UK computer magazine, Practical Computing. In 1983, he started writing a weekly computer column for the Guardian, and joined the staff to launch the newspaper's weekly computer supplement in 1985. This section launched the Guardian’s first website and, in 2001, its first real blog. When the printed section was dropped after 25 years and a couple of reincarnations, he felt it was a time for a change....

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Idea

    Sounds like a great idea to me. I'll have to try it.
    THavoc
    • malwarebytes

      Installed it ,MB Anti Exploit uses very few resources and offers real time protection
      and best of all it's FREE! ☺
      preferred user
  • Potential problems

    http://blog.trailofbits.com/2012/10/29/ending-the-love-affair-with-exploitshield/
    Here's a report explaining how it works and why its effective, but also why if targeted by malware writers it can be easily circumvented (note it is for an older version of Malwarebytes Anti-Exploit so things may have improved).
    mcm_ham
    • mb a exploit

      everything can be targeted and exploited
      preferred user
    • mb anti exploit

      That is until the next variant is developed !
      preferred user
    • Good question!

      Bustamante says it has improved a lot, but not how. As "preferred user" says, everything can be targeted and exploited, so it depends on whether that happens, and whether Malwarebytes can update MBAE to cope.

      Generally, malware writers go for the "low hanging fruit", which is people running XP and people who either don't update the OS or don't run updated antivirus software. There's no shortage of targets. Anything that distances you from this group is a benefit, even if it's not perfect.
      Jack Schofield
  • Elaborate, Please?

    @ Mr. Schofield:

    Ref. mem_ham's link to Andrew Ruff's blog, much of it is over the heads of casual computer users (me). Would love to see a future article where Malwarebytes can provide a reassuring rebuttal. Thanks.
    ReadandShare
    • mb anti exploit

      You know what they say in I.T. circles ? "By the time virus or exploit software protection comes out for something it's already too late !
      preferred user