Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. These solutions can protect you against Flash exploits and browser vulnerabilities, even new ones that haven’t been seen before or patched yet.
Windows users should install the free Malwarebytes Anti-Exploit program to help secure their web browsers. Unlike Microsoft’s also-useful EMET, Malwarebytes doesn’t require any special configuration — just install it and you’re done.
Update: On Windows 10, the built-in Windows Defender antivirus now includes exploit protection. This replaces Microsoft’s EMET, and is installed by default for everyone. Malwarebytes Premium now includes anti-exploit features, too—it’s no longer a separate tool.
We recommend Malwarebytes Anti-Exploit for this. The free version shields web browsers like Internet Explorer, Chrome, Firefox, Opera, and their plug-ins like Flash and Silverlight, as well as Java. The paid version shields more applications, including the Adobe PDF reader and Microsoft Office applications. (If you’re using the free version, this is a good reason to just use the PDF viewer built into your browser. But the free version does shield Adobe Reader as long as it’s loaded as a browser plug-in.)
Anti-exploit programs can help protect you from serious attacks, and Malwarebytes Anti-Exploit offers a good free version, is easy to set up — just install it — and provides solid protection. Every Windows user can get additional protection against the main attacks online — browser and plug-in exploits — and should install this. It’s a good form of defense against all these Flash 0-days.
Malwarebytes notes that this application successfully stopped three big Flash zero-days near the start of 2015. They note “four layers” of protection enabled by Malwarebytes Anti-Exploit. In addition to ensuring DEP and ASLR are enabled for that application on a 64-bit operating system, the tool stops techniques used bypass operating system security protections as well as malicious API calls. It also watches an application and stops it if it behaves in a way that doesn’t seem appropriate to its type of application.
For example, if Internet Explorer decides to start using the CreateProcess API function in Windows, this tool can notice it’s doing something unusual and stop it. If Chrome or the Flash plug-in try to start writing to files they never should, they can be instantly terminated. Other protections help stop buffer overflows and other nasty, but common, techniques used by malware. This doesn’t use a signature database like an antivirus program — it hooks into certain vulnerable programs and just protects against potentially harmful behavior. This allows it to stop new attacks before signatures are created or patches are created.
Technically, MBAE works by injecting its DLL into these protected applications, as you can see with Process Explorer. It only affects those specific applications, so it won’t slow down or interfere with anything else on your system.
Microsoft has been providing a free tool known as EMET, or the Enhanced Mitigation Experience Toolkit, for longer than Malwarebyes Anti-Exploit has been available. Microsoft primarily targets this tool at system administrators, who can use it to secure many PCs on larger networks. While there’s a decent chance EMET has been set up on a work PC you have access to, you probably aren’t already using it at home.
There’s nothing to stop you from using EMET at home, however. It’s free and provides a wizard that makes it not too hard to set up.
EMET works similarly to Malwarebytes Anti-Exploit, forcing certain protections to be enabled for potentially vulnerable applications like your web browser and plug-ins and blocking common memory exploit techniques. You can use it to lock down other applications if you’re willing to get your hands dirty. Overall, though, it’s nowhere near as user-friendly or set-it-and-forget-it as Malwarebytes Anti-Exploit. Malwarebytes Anti-Exploit also seems to offer more layers of defense, according to this comparison of EMET and MBAE from Malwarebytes.
HitmanPro.Alert offers similar anti-exploit protections to those found in Malwarebytes Anti-Exploit and EMET. This is the most recent option available here, and — unlike the above tools — these protections aren’t available in the free version. You’ll need a paid license to benefit from the anti-exploit protections in HitmanPro.Alert. We don’t have as much experience with this solution, as HitmanPro.Alert just recently gained these features.
We include this here just for the sake of completeness — most people will be fine with a free anti-exploit tool to protect their browsers. While HitmanPro.Alert may tout some more specific memory protections over other solutions, it won’t necessarily perform better than MBAE or EMET against real-world threats.
While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs. It may be possible to rig Malwarebytes Anti-Exploit and EMET to work together, but you aren’t necessarily getting twice the protection — there’s a lot of overlap.
These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too.