hake

Damned right it is if you support your wife's two sisters' Windows laptops. There is nothing to match a sound night's sleep secure in the knowledge that MBAE is at work.

The link to the download for MBAE 1.08.1.1189 is here https://downloads.malwarebytes.org/file/mbae (found in Wilders Security forum)

It's not Google that has dropped Chrome on Windows XP and Vista. It is the Chromium project that has dictated this decision. Comodo has also ceased to offer Dragon after version 45 for XP and Vista.

In my experience, this behaviour by MBAE can be mitigated by allowing a little more time before logging on at system startup. I have also noticed that MBAM Premium has a bit of a tendency to do the same. A little patience actually reduces the time required for many systems to become ready for use.

With Windows 7 and Windows 8.1 (both 64-bit), MBAM Premium and MBAE Premium work in combination extremely well with Avast Free 2015 or 2016. I have noticed that MBAM Premium turns off Windows Defender.

Using MBAE on a system with a processor without an Nx bit is like using MBAE on a VM. Perhaps I should have worded my opening post this way in the first place and so achieved more success in sparking a discussion.

Thank you Pedro.

I expect that Malwarebytes will eventually cease producing software compatible with pre-SSE2 processors (e.g. AMD Athlon XP 3000+). Malwarebytes Anti-Malware is already at that point although Malwarebytes has provided a fix to enable users of older hardware to continue to use the latest MBAM version. The fix must be manually applied at each software update. However, whereas MBAM does not insist on updating at each new version (the option can be turned on or off in MBAM's Update Settings), Anti-Exploit effectively does so insist. At the point where a SSE-only compatible version of MBAE is superseded by a version which will only execute on a SSE2 (or later) processor, this will make things messy for those with SSE-only processors. Obviously, even though a SSE-only user would be unable to use a later MBAE SSE2 version, he/she would almost certainly wish to retain the use of the last SSE-only compatible version because it would continue to provide valuable protection, albeit of diminishing value. Will existing SSE-only processor users of MBAE have to cease using it or will provision be made in the update mechanism so that such users will not be 'reminded' to update to a version that they cannot use?

The ramblings and ravings of a demented Fortran programmer (I never did get the hang of OOP) I have a few old computers running Windows XP. The trouble with old computers is that they lack the hardware feature which allows DEP to work. I use an alternative to hardware DEP called BufferShield (created by Andreas Denter of sys-manage.com) which provides the equivalent of the Linux PaX solution through software. Unfortunately BufferShield's drivers can conflict with unidentified drivers (possibly sound card or display screen), especially on laptops so I am without protection against data execution on those computers. Nice thing the traditional PC. You can readily swap hardware to get round driver conflicts. This meandering preamble leads to my question which is that without data execution protection how much point is there in having the other protections that MBAE provides? I note that MBAE provides DEP bypass protection and wonder if this also makes it harder for an exploit to execute data on a machine without hardware DEP. MBAE now prevents finger printing of systems so I guess that one of the characteristics hackers are seeking to identify is lack of DEP, or are non-DEP systems now so rare as to be not worth the bother of finger print checking for the lack of DEP? Might finger printing look for the existence of BufferShield on a system? I have a feeling that BufferShield is now in the category of security through obscurity. Best wishes for a Happy New Year to you all and, by the grace of Malwarebytes, may you be untroubled by exploits.

It isn't necessary to treat all startups this way, just the heavier ones. I only select ones which run from shortcuts or bat files in the startup folders (not from the RUN registry entries). I was surprised how different .exes behave, for example, some let the DOS window exit and some don't. It's a matter of trial and error. I prefer to run a bat file in the same folder as the exe. These tweaks apply only to Windows XP. Here are a couple of bat file texts : - sleep 30 "C:\Program Files\POPFile\runpopfile.exe" /startup sleep 30 cd "C:\Program Files\GPSoftware\Directory Opus" C:\DropMyRights.exe Dopus.exe EXIT /B (I run GP Software's lovely Directory Opus version 6.2.5.15 using DropMyRights which is part of my toolkit to logon with Admin privileges but run Apps and the Directory Opus file manager in User mode. Shame that DropMyRights cannot handle command switches but AMUST 1-Defender 2.0 can.) Each of these is run using a shortcut in an appropriate startup folder. This is about as technically advanced as I can manage nowadays (Zzzzzzzzzzzzz).

I use MBAE on my three Windows PCs with AVG Free 2016 or 2016 without any problems or issues whatsoever. I did have an issue with my rather old PC (AMD Athlon XP 3000+ powered) running Windows XP and AVG Free 2015. Unless I allowed more than a minute before logging on after receiving the logon prompt, the MBAE icon would only rarely show in the system tray. I solved this by putting a 30 second delay on a number of software startups, this being made simple once I located the SLEEP program in Windows 2003 toolkit. The system now starts quicker than before and the MBAE icon never fails to show. The MBAE.exe icon was the only one with which I had a problem, all the other system tray icons appearing unfailingly even before my SLEEP fueled remedy.

Sounds like a scenario for MBAE to become a debugger.

I want the browser or application process to be halted instantly by MBAE on detection of an exploit. Time is of the essence in ensuring that an exploit is stopped and the sledgehammer method to crack the exploit nut is the way I would wish MBAE to work.

I checked all the RET ROP options and found that Mozilla Thunderbird 38.3.0 (MBAE application type 'Other') tripped RET ROP gadget detection with Windows XP SP3 on MBAE 1.08.1.1045 but did not with the previous MBAE 1.08.1.1044. There would therefore seem to be more changes made from version 1044 to version 1045 than simply disabling RET ROP gadget detection. On another XP SP3 system, Outlook Express (also MBAE application type 'Other') did not trip RET ROP gadget detection on either MBAE 1.08.1.1044 or 1045.

While I have had no problems with RET ROP gadget detection during several weeks of beta testing use, your caution in the disabling of the feature in MBAE 1.08.1.1045 is much appreciated. It is good for my peace of mind that those for whom I have installed MBAE Premium at some distance from my home are unlikely to be calling me about problems caused by your software. I would imagine that when the RET ROP issues are resolved that RET ROP will again be selectively enabled by version update. All the installations of MBAE which I have seen today updated quickly and silently at either startup or first logon.

I am no longer using EMET because DEP is ensured with MBAE. Regarding ASLR, Process Explorer 16.05 confirms that all applications that I protect with MBAE on Windows 7 (e.g. Google Chrome, Firefox, IE, Opera 12, SumatraPDF, OpenOffice) have been built with ASLR readiness. I would hazard a guess that ASLR readiness is universal among the well-known software producers. The process list is full of ASLR protected processes.

Does this extend to using EMET and MBAE at the same time but each protecting different applications?

Pedro will probably cheer on reading these words. EMET reduces system speed when used with MBAE. This is much more readily apparent on older slower hardware. Removing EMET adds some zip to system performance and the behaviour of the MBAE GUI (mbae.exe) not starting properly and failing to show its icon in the system tray seems to be eliminated. Web browser performance is definitely improved, especially apparent on newspaper web sites which are often notorious for their slow page loading. This suggests to me that there are probably conflicts between EMET and MBAE which slow things down and makes me wonder if it might cause inhibition of detection of exploits. I have in the past repeatedly trumpeted that I use both EMET and MBAE. All Heaven rejoices when a sinner repents, or so it is said.

I have observed this behaviour of mbae.exe since I started using MBAE. It happens with XP on older (slower) hardware. I allow at least 30 seconds to elapse from being presented with the logon prompt at startup before responding and this ensures that MBAE runs as it ought to. A little use of the command line 'taskkill' (available in Windows 2003 Resource Kit) and other command line stuff to restart mbae.exe through a convenient desktop shortcut should do the job.

No problems whatsoever.

I have seen this behaviour with XP for as long as I have been running MBAE. The system tray icon of mbae.exe can fail to show. At other times, mbae-svc.exe fails to start. I put a command to run the MBAE service in my startup folder. Problem solved. Waiting 30 seconds before clicking at logon also helps.

1043 works fine with XP and Windows 7 64-bit. Trusteer Rapport (v 3.5.1507.83) works OK with this MBAE on Windows 7 with Google Chrome, IE11 and Firefox. Running MBAE with EMET and all MBAE advanced settings enabled (mad reckless fool that I am).

1040 works without problem on XP and 7.

Thank you Pedro.

People are getting pretty wound up about Flash now. Are those who are using MBAE 1.07.1.1015 protected?