Cybercriminals design malware to exploit vulnerable systems without user interaction being required – on the one hand, and craft attacks that take advantage of unaware (untrained) computer users, in which user interaction is required – on the other hand.
The second part, of this two part attack approach, can only be defeated if the computer user is aware of current Internet threats. So, knowledge and experience, are critical ingredients in the never ending and escalating battle against cybercriminals.
In order to defeat attacks which rely on exploiting vulnerable systems, the preferred method to do so is – the implementation of a layered security approach. Employing layered security should (I emphasize should), lead to the swift detection of malware, before any damage occurs on the targeted system.
Let’s talk real world:
Given existing technology, no single security application is capable of providing adequate computer system protection. Gaps exist in protection capabilities in even the most sophisticated security applications.
Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing those gaps. Keep in mind however, that even the best layered protection strategy will not make up for the lack of experience, and intuitiveness, of many computer users.
So, stopping the bad guys from gaining a foothold has to be a primary objective of that layered defense strategy that I mentioned earlier. And, part of that strategy includes, raising barriers at the doorway to the system – the Internet browser.
The Modern Malware Review (March 2013), a statistical analysis performed by Palo Alto Networks which focused on malware that – “industry-leading antivirus products” failed to detect – noted a persistent trend.
From the report:
90% of unknown malware delivered via web-browsing
Given that the samples were captured by the firewall, we were able to identify the application that carried the malware. While web-browsing was found to be the leading source of malware both in terms of total malware as well as undetected malware, the application mix was very different between the two groups.
For example, SMTP accounted for 25% of the total malware, but only 2% of the fully undetected malware. Comparatively, web-browsing dominated both
categories, accounting for 68% of total malware, but over 90% of undetected samples. This clearly shows that unknown malware is disproportionally more likely to be delivered from the web as opposed to email.
Another brick in the wall:
Malwarebytes Anti-Exploit (formerly Zero Vulnerability Labs ExploitShield) – a free “install and forget” Internet browser security application (which I installed several days ago) – is designed to protect users from unknown “zero-day” vulnerability exploits aimed at Firefox, Chrome, Internet Explorer, Opera……..
As well, protection is also included for selected browser components – Java, Adobe Reader, Flash, and Shockwave. Added protection is incorporated for Microsoft Office components – Word, Excel, PowerPoint.
Fast facts:
Malwarebytes Anti-Exploit protects users where traditional security measures fail. It consists of an innovative patent-pending application shielding technology that prevents malicious exploits from compromising computers through software vulnerabilities.
Malwarebytes Anti-Exploit is free for home users and non-profit organizations. It includes all protections needed to prevent drive-by download targeted attacks originating from commercial exploit kits and other web-based exploits.
These type of attacks are used as common infection vectors for financial malware, ransomware, rogue antivirus and other types of nastiest not commonly detected by traditional blacklisting antivirus and security products.
Installation is a breeze and, on application launch, a simple and uncomplicated interface is presented.
Clicking on the “Shields” tab will provide you with a list of applications protected by Anti-Exploit – as shown below.
As a reminder that Anti-Exploit is up and running, a new Icon – as shown in the following screen shot, will appear in the system tray.
System requirements: Windows 8, Windows 7, Windows Vista, and Windows XP.
Download at: MajorGeeks
The good news: Each of us, in our own way, has been changed by the world of wonders that the Internet has brought to us. Twenty years on, and I’m still awestruck. I suspect that many of us will be thunderstruck by applications and projects yet to be released.
The bad news: The Internet has more than it’s fair share of criminals, scam and fraud artists, and worse. These lowlifes occupy a world that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software.
When travelling in this often dangerous territory, please be guided by the following: Stop – Think – Click. The bad guys – including the corrupted American government – really are out to get you.
The Modern Malware Review is a 20 page PDF file packed with data which provides a real-world perspective on malware and cybercrime. I recommend that you read it.
Bill Mullins' Weblog - Tech Thoughts 
Reblogged this on All At One.
Thanks Mallik.
As always, I’m most appreciative.
Best,
Bill
Hi Bill:
If I use this, can I get rid of ThreatFire?
Hi Charlie,
If ThreatFire was still a standalone freebie – and, it ran on Win 8 – it would be on my systems rather than Malwarebytes Anti-Exploit. Just a comfort thing with a well established, and well used, piece of software.
Best,
Bill
Reblogged this on euzicasa and commented:
Great information for all internet users…
Hi George,
Thanks for the reblog – very much appreciated. 🙂
Best,
Bill
My pleasure
Thanks George.
Best,
Bill
My pleasure Bill!
“As well, protection is also included for selected browser components – Java, Adobe Reader, Flash, and Shockwave.”
Gpt rid of those some time ago, thank goodness. Thanks to you Bill I found a better PDF reader than Adobe.
Now this is in BETA does that mean I should hold off for a bit? I noticed on an earlier Tech Thoughts that MBAM has a rootkit software also but it is in BETA, too. How long does it usually take to get an official release?
Thanks Bill, and as I’ve said before you’ve revolutionized my Computer use.
Fred
Hi Fred,
There are some applications that never come out of Beta – or, spend years in that state. ThreatFire and HiJackThis come to mind as two of the latter.
I wouldn’t be at all surprised to see this app stay at the Beta stage for some time yet – given the rapidly changing technology being employed.
Good to hear from you.
Best,
Bill
Hi Bill,
I used Exploit Shield (beta) for a while and it was great apart from a few false positive detections that must have been sorted out by now. Then I decided to switch my firewall and installed Comodo Firewall and it caused Exploit Shield to play havoc with my installed browsers – (They wouldn’t launch). I subsequently read that the two programs cannot be installed and run alongside each other. Looking at the latest information from Malwarebytes on the subject it would appear that this is still the case. Personally I rate Comodo Firewall as excellent so I was sad to see that Comodo still haven’t sorted out their compatibility issues with Exploit Shield!
I guess I’ll have to stick with Microsoft’s EMET for now as I’ve tried a lot of other firewalls that work happily alongside Exploit Shield but still prefer Comodo Firewall at the moment.
Sometimes we can’t have our cake and eat it – or so it seems.
Rick J.
Hey Rick,
I agree – it’s frustrating when a top rated app refuses to peacefully coexist with another top rated app. Sadly, that’s a familiar story to guys like you and me.
Totally support your views on Comodo Firewall – excellent application.
Best,
Bill
Reblogged this on TCAT Shelbyville – Technical Blog and commented:
Excellent article!
Thanks Steve – much appreciated.
Hope all is well down south. 🙂
Best,
Bill
Hey Bill,
Installed. Thanks.
Want to read an ad(the sale is over) that would be funny if it weren’t so true.
LG 47″ or 55″ 1080p LED HDTV
What’s the biggest growing field? Watching people! If your child can stare at a big TV, your child can work for the government.
Hey Delenn13,
Good to hear that.
Nice piece of satire in your link. 🙂 And you’re right – “funny if it weren’t so true.” Sad.
Best,
Bill
Pingback: Malwarebytes Anti-Exploit | PHINOYesque
Hey Bill,
My favourite alternative to Threatfire, Emsisoft Mamutu, is biting the dust as a standalone behaviour blocker. It’s no longer for sale and support and updates will cease in December of this year.
But, there is an upside. Mamutu is incorporated into Emsisoft Antimalware, and they have kindly allowed Mamutu users to transfer their licence to the full version of Emsisoft Antimalware.
I’ve had this installed since yesterday, and man, I AM IMPRESSED. Light, non-intrusive, and stops threats dead in their tracks. I consider it better than my previous installation, Bitdefender, which is a great product but buggy and intrusive.
Hopefully I will stay with Emsisoft. I think this is about my fourth try at an antivirus app since I bought this box a few months ago lol. But I am allowed to be fussy.
Cheers
Hey Mal,
Yep, I recall your comment from last week on Mamutu, and for sure you’re allowed to be fussy. The fussier the better, yeah?
Emsisoft is a terrific company (your comment adds to their solid reputation), which offers a number of outstanding AV apps. Having reviewed a number of their apps over the last few years, I fully support you choice.
Thanks for the update.
Best,
Bill
P.S.
Get rid of that woman Gillard at the earliest opportunity. 🙂
Hey Bill,
She is gone, mate. Kevin Rudd beat her in a ballot tonight. I am happy about this.
Cheers
Thanks Mal – just read up on her ouster. What a loser! 🙂
Best,
Bill
Reblogged this on regthecomputerguy and commented:
Here is a must read article for everyone.
Thanks for this. I appreciate the reblog.
Best,
Bill
Reblogged this on security post and commented:
take a minute and read this article, it add so much information into my IT knowledge
Thanks ifreesecurity – appreciate the reblog.
Best,
Bill
Hey Bill,
Found out this weekend when I went to use IE that Malwarebytes Anti-Exploit thought IE was an exploit. It would not open. I went to the forum and found out it is a Beta false positve like Richard mentioned above. So you may have to stop the protection if you need to use IE.
The reason I had to use IE was….. I went to add paid time to my Hotspot Shield account on the web and it would not open with Firefox. So I went to try IE and that is how I found out about the IE FP. After about 2 hours of playing with this setting and this security program…etc. Finally figured out it was Malwarebytes’ Anti-Malware(paid lifetime account) that was blocking the page.
Anyways posting this so if anyone else is having problems with blocked browsers or websites, save yourself some time and look at Malwarebytes first.
So this was my weekend besides having a headache..
Hey Delenn13,
Yikes – that sucks! Good of you to post the prob/solution here though – hopefully, the info will save some frustration for others.
Just getting ready to do a new install with Win 8.1 on my home gamer. Shouldn’t take too long.
Have a super relaxing Canada Day – might help keep the headaches down to a dull roar today. Here’s hoping. 🙂
Best,
Bill