Jump to content
puff_m_d

Email Program Profile

By puff_m_d, in Anti-Exploit Beta

Recommended Posts

puff_m_d   

puff_m_d
Posted

Hello,

 

I was wondering what would be the suggested profile to use with a custom shield for your email program...

I have tried three different profiles and they all seem to work fine but which one offers the highest degree of protection.

Here are the three profiles that I have tried and the reasoning that I had for doing so:

Office profile - Some office suites include email (such as Microsoft's Outlook)

Browser profile - Email programs do in many ways perform similar to a browser

Other profile - None of the specific profiles are for email programs

What is the highest security, best protection, and recommended profile to use with your email program?

Thanks in advance for your feedback...

 

Also, I have had other programs that would definitely fit into the Other profile but had many characteristics of a different specific profile. For instance, I use a program for time to time to update the FavIcons in my favorite/bookmark links in my browsers. It is not a browser but does function in many ways like one. The program will load the pages for the links in my favorites/bookmarks and if there is a FavIcon associated to the website, it will save them. Would the Browser profile or the Other profile be best to use? Or if a program you are wanting to shield does not specifically fall into a profile category, should you just always choose the Other profile? I realize from my own testing that many times several different profiles will work with a particular program. How do you decide which one will give you the best protection? I am probably over-complicating this, but my mind just got curious so I had to ask when different profiles work with the same program, how do you decide which one will be the best choice...

Share this post

Link to post
Share on other sites

pbust   

pbust
Posted

Hi Kent, this is a very good question and one we'll have to provide an in-depth answer to eventually.

 

In the meantime the rule of thumb would be to use the Office or Browser profile as it is more secure. However if that gives you any problems (FPs, conflicts, etc.) then you can fall back to the Other profile which is not as strict.

 

As for email clients, they are better and more securely covered by the Office profile.

Share this post

Link to post
Share on other sites

puff_m_d   

puff_m_d
Posted

Hello Pedro,

 

As always, thanks for your prompt and informative answer! I look forward for your more in-depth answer in the future...

Thanks again  ;)  ...

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

Hi Kent, this is a very good question and one we'll have to provide an in-depth answer to eventually.

 

In the meantime the rule of thumb would be to use the Office or Browser profile as it is more secure. However if that gives you any problems (FPs, conflicts, etc.) then you can fall back to the Other profile which is not as strict.

 

As for email clients, they are better and more securely covered by the Office profile.

 

Is the Office profile still the preferred (i.e. most secure) profile for email clients (in this case Thunderbird) ?  Your post mentions both Office & Browser ;)

Share this post

Link to post
Share on other sites

pbust   

pbust
Posted

With MBAE 1.05 there's some new techniques in different families. Therefore for email clients we recommend the following:

 

Start with the "browser" profile. If that causes problems or conflicts, fall back to the "other" profile.

 

The "office" profile is not recommended for email clients anymore.

Share this post

Link to post
Share on other sites

hsweet   

hsweet
Posted

Pedro,  According to release history and also the download from my upgrade to premium yesterday, MBAE - premium is at 1.04 -- not 1.05. 

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

Pedro,  According to release history and also the download from my upgrade to premium yesterday, MBAE - premium is at 1.04 -- not 1.05. 

 

1.05 is the experimental version of the next release, which has it's own release thread, README FIRST thread and sub forum.

 

https://forums.malwarebytes.org/index.php?/topic/160317-mbae-experimental-10531012/

 

https://forums.malwarebytes.org/index.php?/topic/150622-readme-first/

 

https://forums.malwarebytes.org/index.php?/forum/153-experimental-mbae-builds/

Share this post

Link to post
Share on other sites

hsweet   

hsweet
Posted

Thanks.

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

With MBAE 1.05 there's some new techniques in different families. Therefore for email clients we recommend the following:

 

Start with the "browser" profile. If that causes problems or conflicts, fall back to the "other" profile.

 

The "office" profile is not recommended for email clients anymore.

 

With a custom shield for Thunderbird using the "browser" profile, Thunderbird often crashes, when you click on a link in an email that would open in your browser (even if that browser is already started).

 

Using the "other" profile, Thunderbird doesn't crash when following those same links.

Share this post

Link to post
Share on other sites

pbust   

pbust
Posted

Hi Mark,

 

Is this with the current public version 1.04 or with the Experimental 1.05?

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

Hi Mark,

 

Is this with the current public version 1.04 or with the Experimental 1.05?

Hi Pedro,

That is with the Experimental 1.05 version.

Share this post

Link to post
Share on other sites

pbust   

pbust
Posted

Thanks for the info Mark. We'll investigate this further if required. In the meantime you can continue using the "other" profile which provides more than enough protection for email clients.

 

Btw you're not using any other exploit mitigation product such as EMET or HMPA are you?

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

 

Btw you're not using any other exploit mitigation product such as EMET or HMPA are you?

 

I'm not using EMET or HMPA.  The only security type software I use is Norton Internet Securty and MBAM Premum (I also use OpenDNS).  My OS is Win7 64 bit (fully patched).  Do you need any logs attaching ?

Share this post

Link to post
Share on other sites

MarkBevan   

MarkBevan
Posted

With a custom shield for Thunderbird using the "browser" profile, Thunderbird often crashes, when you click on a link in an email that would open in your browser (even if that browser is already started).

 

Using the "other" profile, Thunderbird doesn't crash when following those same links.

 

I have been using the "other" profile for Thunderbird for ages now, because of the crashes mentioned above when using the "browser" profile.  Having clean installed 1.06.1.1019 and recreated my Thunderbird custom shield using the "browser" profile, it seems to be working fine now.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept