Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. These solutions can protect you against Flash exploits and browser vulnerabilities, even new ones that haven’t been seen before or patched yet.
Windows users should install the free Malwarebytes Anti-Exploit program to help secure their web browsers. Unlike Microsoft’s also-useful EMET, Malwarebytes doesn’t require any special configuration — just install it and you’re done.
We recommend Malwarebytes Anti-Exploit for this. The free version shields web browsers like Internet Explorer, Chrome, Firefox, Opera, and their plug-ins like Flash and Silverlight, as well as Java. The paid version shields more applications, including the Adobe PDF reader and Microsoft Office applications. (If you’re using the free version, this is a good reason to just use the PDF viewer built into your browser. But the free version does shield Adobe Reader as long as it’s loaded as a browser plug-in.)
Anti-exploit programs can help protect you from serious attacks, and Malwarebytes Anti-Exploit offers a good free version, is easy to set up — just install it — and provides solid protection. Every Windows user can get additional protection against the main attacks online — browser and plug-in exploits — and should install this. It’s a good form of defense against all these Flash 0-days.
Malwarebytes notes that this application successfully stopped three big Flash zero-days near the start of 2015. They note “four layers” of protection enabled by Malwarebytes Anti-Exploit. In addition to ensuring DEP and ASLR are enabled for that application on a 64-bit operating system, the tool stops techniques used bypass operating system security protections as well as malicious API calls. It also watches an application and stops it if it behaves in a way that doesn’t seem appropriate to its type of application.
For example, if Internet Explorer decides to start using the CreateProcess API function in Windows, this tool can notice it’s doing something unusual and stop it. If Chrome or the Flash plug-in try to start writing to files they never should, they can be instantly terminated. Other protections help stop buffer overflows and other nasty, but common, techniques used by malware. This doesn’t use a signature database like an antivirus program — it hooks into certain vulnerable programs and just protects against potentially harmful behavior. This allows it to stop new attacks before signatures are created or patches are created.
Technically, MBAE works by injecting its DLL into these protected applications, as you can see with Process Explorer. It only affects those specific applications, so it won’t slow down or interfere with anything else on your system.