Published: June 12th, 2014

IT security administrators are understandably confounded by zero-day attacks because these threats are hurled at their system’s vulnerabilities at a time when no patch or fix is yet available for the flaw. Think about paddling upstream in a canoe, without a paddle.

One way to prevent some zero-day exploits from wreaking havoc to a network is to employ a layered security setup that includes implementation of an access control list in the service itself, restricting network access through local server firewalling and using a hardware firewall.

Still, ability to knock out zero-day exploits before they can create trouble eludes many organizations because of the limitation of current tools.

Pedro Bustamante
Pedro Bustamante

Anti-malware and security company Malwarebytes Corp. says its new Anti-Exploit tool, which was released today, comes pretty close to providing real-time zero-day protection.

The company offers three flavours of Anti-Exploit:

-A free version of the security program for Windows that protects against browser exploits as well as attacks on add-ons ad Java.

  • -A premium version of the program is available for $24.95 which adds protection for PDF readers, Microsoft Office and media players, and allows users to add protection for custom third-party applications
  • -Anti-Exploit for Business which comes with features from the two previous versions and works with the Malwarebytes Management Console for enterprise deployment

Malwarebytes developed the tool from technology it acquired from its purchase last year of ZeroVulnerabilityLabs. Anti-Exploit is different from Malwarebytes flagship product Anti-Malware in that the older product blocks an exploit’s payload at the end of the attack while the new program prevents the exploit from delivering its payload.

In stoy malwarebytes

Anti-Exploit stops known and unknown zero-day exploits by using advanced technology to protectively ‘shield’ at-risk applications and stop these from executing malicious code without relying on whitelisting, blacklisting or sandboxing

“It looks for exploit-like behaviour to identify exploits, that’s why it is able to detect attacks rapidly,” said Pedro Bustamante, director of special projects for Malwarebytes. “Anti-Exploit stops any attempt to bypass the operating system level security, thwarts exploits executing from the computer’s memory and blocks payloads that contain malware.”

He said Anti-Exploit has been tested for several months with thousands of users and sometimes the program is able to catch exploits so fast that it’s difficult for Malwarebytes to record the block. The first beta version let three exploits through but “not a single zero-day” has managed to bypass Anti-Exploit since.

Scouting for exploit behaviours is a superior compared to the traditional method used by malware tools that search for exploits using known signatures from previous breaches.

“Traditional signature-based software is reactive. They can’t detect zero day exploits because they rely on signatures analyzed after an initial breach,” Bustamante said.

This leaves home users and companies completely exposed until the manufacturer of the vulnerable application issues a patch, which can take days or even weeks.

“Exploits have been responsible for a lot of headlines recently as they are a highly effective way of stealing confidential data from people and businesses,” said Marcin Kleczynski, CEO of Malwarebytes. “With the advanced threat landscape becoming increasingly exploit-led, this new proactive technology puts people and companies back on the front foot. This is especially important for those still running Windows XP.”