Imagine a world of Windows computer security where the latest zero-day exploits that seek to gain access to your computer are rendered ineffective before they can be used against you.
That world doesn't exist yet, but it took a giant step closer to reality with Malwarebytes Anti-Exploit, a new Windows security program released Thursday. It's powered by exploit-blocking technology that Malwarebytes acquired last year when it bought ZeroVulnerabilityLabs.
The free version of Anti-Exploit will protect against exploits in browsers, their add-ons, and Java, while the $24.95 premium version will also work in Microsoft Office, PDF readers, media players, and software selected by the owner. Anti-Exploit for Business works in conjunction with the Malwarebytes Management Console for enterprise deployment.
Anti-Exploit is "not about the product. It's about the problem," Kleczynski said during an interview at Malwarebyte's office in San Jose, Calif. "Sometimes it catches the exploit so early we can't show the alert" that it has stopped an exploit.Malwarebytes CEO and founder Marcin Kleczynski said that businesses will want to invest in Anti-Exploit as an extra layer of protection against the kinds of exploits that have been part of the major hacks of late.
If it works as advertised, Malwarebytes Anti-Exploit would be remarkable for preventing zero-day vulnerabilities -- previously unknown, unpatched software flaws -- from being exploited to steal data or gain control of your computer. Exploits that launch malicious code on your computer, known as remote code execution, combined with zero-days have been successfully used to target massive multinational corporations, financial institutions, and critical infrastructure, as well as private individuals.
Pedro Bustamante, director of special projects at Malwarebytes, said that even the beta version of Anti-Exploit that's been available for the past year has had a nearly-flawless record.
"Not a single zero-day has gotten through since the first beta, which let three vulnerabilities through. Even year-old versions" have protected against exploits attempting to use new zero-days, he said.
The beta has been running with "tens of thousands" of users, Kleczynski said.
He explained the difference between Anti-Exploit and his company's flagship product, Malwarebytes Anti-Malware, as one where Anti-Malware stops the final payload at the end of the attack, but Anti-Exploit stops how that payload gets delivered.
"It detects exploits because it looks at exploit-like behavior," Bustamante said. It blocks attempts to bypass the operating-system level security, protects against exploits executing from the computer's memory, and halts payloads that can install malware. Worried about giving away the keys to kingdom, Bustamante wouldn't go into further detail on how Anti-Exploit works.
ZeroVulnerabilityLabs introduced the technology in Anti-Exploit as ExploitShield two years ago. At the time, Bustamante -- who co-founded ZeroVulnerabilityLabs -- said, "It is not blacklisting, not whitelisting, and not sandboxing. We call it 'application shielding.'"
This sounds similar to Microsoft's exploit-blocking Enhanced Mitigation Experience Toolkit, or EMET.
"EMET is still in technical preview, and it's complicated as hell" to run, said Kleczynski said. As anyone running Windows with a third-party security suite knows, it wouldn't be the first time that Windows security was better handled by outside sources. Kleczynski asserted that EMET is "allowing through a lot of junk."
To support claims about his own product, Kleczynski hired the independent exploit analysis expert known as Kafeine to try to break the software. Instead, Anti-Exploit was able to stop Kafeine in every test he ran, more than 30 times over two months.
"Malwarebytes Anti-Exploit is working as expected against all widely used exploit kits. It works on Java exploit where EMET wouldn't," Kafeine concluded in his report. He added that Anti-Exploit defeated all 11 of the most commonly-used exploit kits, which are complete software packages to exploit a computer, and all 14 of the most commonly-seen exploits. It also protected five of the commonly-attacked software programs.
In 2012, Bustamante predicted to CNET that the technology behind Anti-Exploit would be at the vanguard of a new breed of security software. That claim has yet to bear fruit. But as remote code exploits continue to be successfully used in attacks and as Microsoft attempts to walk away from the notoriously hole-riddled Windows XP, businesses and individuals could end up turning to Anti-Exploit to reinforce their armor.
No comments:
Post a Comment