ExploitShield Browser Edition
The first ever install and forget vulnerability-agnostic anti-exploit solution
Minimum installation requirements
- Current version: 0.9.1 beta.
- Windows 8, Windows 7, Windows Vista or Windows XP.
- ExploitShield runs as both 32bit and native 64bit.
- Hard disk space: 10MB.
- This beta 0.9.1 expires December 31, 2013. Check back to download a new version once expired.
We are looking for beta testers. Active reporters will receive a complimentary license once the product is released commercially. We are interested in detection and usability testing (see below for detailed information). You can read a list of known issues. Please provide all ExploitShield testing feedback directly to us via our Support Forum.
The type of malicious behavior we are interested in testing is basically malicious drive-by download infections from exploit kits (Blackhole Exploit Kit, Phoenix, Incognito, Eleonore, Sakura, etc.). These type of exploit kits incorporate a variety of exploits for different vulnerable applications such as the browsers themselves, Java, Acrobat Reader, etc.
TESTING SETUP: We recommend running detection tests under a Virtual Machine. To ease detection testing beta testers might want to create a VM with older versions of vulnerable applications (IE, FF, Java, WMP, Acrobat, etc.) which can be downloaded from oldapps.com.
HOW TO TEST: In order to test exploits we recommend visiting exploit kits in-the-wild. Every day we post some fresh exploit kit URLs in our Malicious / Drive-by URLs forum. Note that in-the-wild URLs are short-lived, thus only a handful of the most recent entries might try to infect reliably. In order to test ExploitShield more reliably against vulnerability exploits we recommend using Metasploit. In order to reproduce in-the-wild exploits from drive-by Exploit Kits, the “windows/download_exec” payload should be used under Metasploit. To join the ExploitShield Corporate Edition private beta which blocks meterpreter and reverse shells type payloads please contact us.
WHAT NOT TO TEST: ExploitShield blocks exploitation of vulnerabilities by shielding applications. We do not intend to replace the antivirus or security suite but rather to complement and enhance it. Therefore manually downloading and executing a PE file (EXE, DLL, etc.) is not a valid test as it is the job of the antivirus to detect malicious binaries. The only exception are maliciously crafted PDF/DOC/XLS/PPT/etc documents that do exploit vulnerabilities in the host application (Acrobat Reader, Microsoft Word, Excel, etc.) and which should be blocked by ExploitShield Corporate Edition upon execution.
Usability testing encompasses using a shielded application while ExploitShield is running and using all its features to make sure no adverse effect is noticed. Testers should click and use all possible options of the shielded application, especially updating and upgrading of the applications. The list of applications we are interested in testing are the following:
- Web browsers (Internet Explorer, Firefox, Chrome, Opera)
- Media players (Windows Media Player, VLC, QuickTime, Winamp)
- Microsoft Office (Word, Excel and Powerpoint)
- PDF readers (Adobe Acrobat, Reader & Foxit Reader)