ExploitShield Browser Edition v0.7 released – The anti-exploit solution –
ExploitShield protects users where traditional security measures fail. It consists of an innovative patent-pending application shielding technology that prevents malicious exploits from compromising computers through software vulnerabilities.
The type of malicious behavior we are interested in testing is basically malicious drive-by download infections from exploit kits (Blackhole Exploit Kit, Phoenix, Incognito, Eleonore, Sakura, etc.). These type of exploit kits incorporate a variety of exploits for different vulnerable applications such as the browsers themselves, Java, Acrobat Reader, etc.
TESTING SETUP: We recommend running detection tests under a Virtual Machine. To ease detection testing beta testers might want to create a VM with older versions of vulnerable applications (IE, FF, Java, WMP, Acrobat, etc.) which can be downloaded from oldapps.com.
HOW TO TEST: In order to test exploits we recommend visiting exploit kits in-the-wild. Every day we post some fresh exploit kit URLs in our Malicious / Drive-by URLs forum. Note that in-the-wild URLs are short-lived, thus only a handful of the most recent entries might try to infect reliably. In order to test ExploitShield more reliably against vulnerability exploits we recommend using Metasploit. In order to reproduce in-the-wild exploits from drive-by Exploit Kits, the “windows/download_exec” payload should be used under Metasploit. To join the ExploitShield Corporate Edition private beta which blocks meterpreter and reverse shells type payloads please contact us.
WHAT NOT TO TEST: ExploitShield blocks exploitation of vulnerabilities by shielding applications. We do not intend to replace the antivirus or security suite but rather to complement and enhance it. Therefore manually downloading and executing a PE file (EXE, DLL, etc.) is not a valid test as it is the job of the antivirus to detect malicious binaries. The only exception are maliciously crafted PDF/DOC/XLS/PPT/etc documents that do exploit vulnerabilities in the host application (Acrobat Reader, Microsoft Word, Excel, etc.) and which should be blocked by ExploitShield Corporate Edition upon execution.
Usability testing encompasses using a shielded application while ExploitShield is running and using all its features to make sure no adverse effect is noticed. Testers should click and use all possible options of the shielded application, especially updating and upgrading of the applications. The list of applications we are interested in testing are the following:
- Web browsers (Internet Explorer, Firefox, Chrome, Opera)
- Media players (Windows Media Player, VLC, QuickTime, Winamp)
- Microsoft Office (Word, Excel and Powerpoint)
- PDF readers (Adobe Acrobat, Reader & Foxit Reader)