MBAE 1.13 Build 186 and Outlook Express 6

[hake]

I have just become aware that the Outlook Express 6 executable msimn.exe (in Windows XP) has disappeared from the shield list.  I had previously (several years ago) manually included it in the shield list using the profile of 'Browsers'.   Assuming that I had accidentally deleted the shield, I tried to create a new shield for msimn.exe and MBAE declined to add it to the shield list, telling me the the application is already protected.

By coincidence, MBAE now has the capability to block potentially malicious email attachments.  Is Outlook Express treated as Outlook for this purpose?  Can it be confirmed that Outlook Express is still protected from exploits using the 'Browsers' profile?  There is no item shown in the shield list for Outlook so there seems to be no way of switching MBAE protection off, only the blocking of potentially malicious email attachments (I am unlikely to do this but I am unable to do so if I felt the need to).

Additional note:  Microsoft Outlook Express appears in the MBAE log as a protection event so it obviously receives some degree of protection but is it in the profile of 'Browsers'?

Edited May 23, 2020 by hake

[pbust]

Yes, a few years ago we added the most common and popular email clients as default internal shields for blocking malicious attachments.

 

[hake]

Thank you for that.  I regret to say that I am unable to use MBAE 1.13.1.186 or 164 because of the inability of those versions to start reliably with XP.  Consequently I have reverted to MBAE 1.12.1.109 for Windows XP.  This version has consistenty started reliably and is able to respond to my bat MBAE start script in the very rare cases when it doesn't start properly.  Sometimes MBAE starts and the system tray icon fails to show and sometimes mbae-svc.exe simply won't go.  I am intrigued as to why MBAE is so sensitive at startup.  Is there a timing issue?  Other startups are robust and survive the chaos of startup.  Fortunately MBAE in later versions of Windows seems immune to this

At least MBAE 1.12.1.109 allows every advanced setting option to be ticked and to remain ticked including those for RET ROP gadgets.  SumatraPDF is the only application to take exception to RET ROP gadget checking.   I guess that MBAE 1.12.1.109 is better than nothing.

Edited May 26, 2020 by hake

[pbust]

12 hours ago, hake said:

I regret to say that I am unable to use MBAE 1.13.1.186 or 164 because of the inability of those versions to start reliably with XP.

It is actually XP that starts unreliably and sometimes it takes longer than others, triggering the MBAE service timeout.

If you really want to run the latest, try switching the MBAE service to Manual, and then creating a batch script that runs at boot, sleeps for a few minutes, then starts the MBAE service and then runs the mbae UI executable.

[hake]

Thanks Pedro.  I have found that XP on faster hardware than my 18 year-old system also has uncertainty in starting MBAE.

I will try your suggestion.

Edited May 26, 2020 by hake

[exile360]

That's not surprising.  XP has some severe limitations when it comes to more modern/faster hardware.  Vista and newer Windows versions by comparison are far better at taking advantage of more powerful hardware.

[hake]

I won't waste you guy's time any more by asking questions about XP.  MBAE sticks at version 1.12.1.109 which works jolly well.  Out of idle curiosity, I am interested to see if XP can remain untouched by malware and it is now the only system I have which provides a platform for Agnitum Outpost Firewall Pro 9.3 which runs with maximum security settings.  To me it's the equivalent of driving a classic car.

[exile360]

I wouldn't risk it with anything important, honestly.  It is so far out of date now and with so many known unpatched vulnerabilities that I wouldn't trust it on the web at all, regardless of any security apps I might have installed.

[hake]

I wish that I knew why my Winows XP SP3 has managed to avoid any attempts to exploit it since 2004 (when the present incarnation was installed) and that includes after April 2014 since when I used POSReady updates (until MS broke its own rules in August 2018 and ceased to update this pre-SSE2 processor equipped system).

I just cannot understand how I could have acquired this apparent immunity for any Windows systems I have installed from installation media?  The Windows 8.1 and 10 systems which I have installed and currently maintain for myself and friends and relatives also enjoy such apparent immunity.  One observation common to all these installations, including XP and now 7, is that no alarms/warnings have yet been shown of attempted exploitations or violations. 

Needless to say, I do NOT use unsupported Windows systems for any purpose which would put at risk privacy and confidentiality or failing due diligence as is required by banks.  I have yet to be aware of having private information being stolen or accessed, i.e. I have not experienced any effects of such events.

[exile360]

It likely has a lot to do with the kinds of sites you visit.  If you stay away from the less safe corners of the web and don't participate in high risk activities then you're much less likely to encounter malware, though it is of course still possible.

[hake]

I have made an error of omission.  I forgot to mention the reporting of a Bottom-Up ASLR Exploit Blocked in Windows XP not long ago.  I love this one which appears to show some evidence of modest randomisation of base addresses in Windows XP.  It's a nice curiosity if nothing else.  It has only happened once.

 

I have been known to stumble across web sites which depict young ladies in bathing custumes .  I use MVPS HOSTS and OpenDNS which I have used for many years as do all my 'customers'.  We all have OpenDNS 208.67.222.222 and 208.67.220.220 added to our network DNS settings.

Edited June 3, 2020 by hake

[hake]

Come on lad!  You've only got 70 yards to go.

Edited June 4, 2020 by hake