Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Anti-Exploit Software...

  • Please log in to reply
3 replies to this topic

#1 Oxonsi


  • Members
  • 50 posts
  • Local time:03:59 AM

Posted 05 April 2017 - 02:04 PM

I happened across an interesting anti-exploit software called Morphisec.  This is still quite new as I understand they made an initial release in 2015, and it is apparently only an enterprise product to protect endpoints.  Not available as a single license to a home user.


What is interesting about it is that apparently it uses a polymorphic engine [yes, similar in concept to polymorphic malware] to dynamically conceal vulnerabilities to any exploit kits.  Therefore, non-fully patched software as well as 0-day vulnerabilities would be mitigated.  And this is very good because it "nips infections in the bud" so to speak.  Nothing malicious gets automatically downloaded because no vulnerabilities are found.




I believe this is basically similar to what anti-exploits like EMET, Malwarebytes Anti-exploit, and Hitman Alert do.  The difference in Morphisec is the use of a polymorphic engine, using one of malware's tricks against them, to hide vulnerabilities.


Advantages are that it is apparently very light weight in use of resources.  And unlike some of the better known anti-exploits, it is doubtful hackers have devised a systematic way to circumvent it.  For example, I use EMET myself.  And while I haven't had any issues [so far as I'm aware] of an exploit circumventing it, I have read that there are known loopholes and weaknesses in EMET, such that a determined hacker could probably penetrate it if they really wanted to.  And I believe all of the other anti-exploits I mentioned utilize significantly more resources than the 1MB Morphisec claims.


That said, is anyone familiar with Morphisec or aware of anything similar available to the home user?  This is something I'd like to at least trial.  Relatedly, why is it that most of the so-called "next gen" security products are only available in the enterprise space?  It may be that the "next gen" designation is mostly marketing hype, but it would be nice to trial some of these things in a home environment.

BC AdBot (Login to Remove)


#2 datwin-bordo


  • Banned
  • 60 posts
  • Local time:09:59 AM

Posted 23 April 2017 - 11:54 PM

I had mbae, hitmanpro alert and emet by microsoft

#3 cryogent


  • Members
  • 2 posts
  • Gender:Male
  • Location:Stars
  • Local time:10:59 AM

Posted 25 April 2017 - 06:49 AM

All of them installed on same pc?  :o

And no compatibility issue between them?

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:59 AM

Posted 25 April 2017 - 09:04 AM

Comments from Fabian Wosar, a Security Colleague and developer who works for Emsisoft.

EMET, HMP.Alert and MBAE can all be useful under certain circumstances. The most effective step to fending of exploits is to reduce your attack surface. Keep the software you use up-to-date and try to get rid of Java and Adobe plugins. If you can't get rid of them completely, at least turn them on only for the sites that you know won't work without them. All browsers that I have used in the past year have features which makes it very easy to limit plugins to just a few sites. If for some reason you can't do either of that, then adding exploit protection can be somewhat useful.
HMP.Alert & MBAE, Post #7

Comments from Elise, a Security Colleague and Emsisoft Employee.

Technically speaking, your computer is sufficiently protected by Emsisoft Anti-Malware/Internet Security. However, if you prefer an extra layer of security you could use this without any negative effects on your system.
The difference between the products is that they intercept potential malware attacks at different points. The result with or without HMP Alert is however the same, our behavior blocker will intercept threats resulting from exploits once they become active on the computer and eliminate them.
HitmanPro.Alert worth as a companion?, Post #3

Keep in mind that some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can Return-oriented programming (ROP), and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes.

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too
How-To Geek on Anti-exploit programs

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. It is an effective code reuse attack since it is among the most popular exploitation techniques used by attackers and there are few practical defenses that are able to stop such attacks without access to source code. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users