EMET or Malwarebytes Anti exploit?

I'd like more explanation on this quote from the link:

One of the core design goals of the guides's hardening approach is to deny attacks even if the attacker knows your admin password. This could be result of shoulder surfing - simply noting your password as you type it by looking over your shoulder. Or it can be that a keylogger has been installed on your system.

what does this really mean ?

let's ignore the looking over the shoulder idea, that's, well, i won't comment.

how did the attacker get an admin pw if the user logs in with a standard account ?
if you already have a key logger installed, aren't you already in serious trouble, no matter what ?
does MBAE or EMET protect against keyloggers ?

DavidE said:

I'd like more explanation on this quote from the link:


what does this really mean ?

let's ignore the looking over the shoulder idea, that's, well, i won't comment.

how did the attacker get an admin pw if the user logs in with a standard account ?
if you already have a key logger installed, aren't you already in serious trouble, no matter what ?
does MBAE or EMET protect against keyloggers ?

Maybe a keylogger can get into your system on a standard account and log the admin password if it's entered? Does really make much sense to me either.

Does MBAE or EMET protect against keyloggers? I'll have to let someone else answer that...

I've noticed that no one has replied to my thread "Is a standard user account really necessary for extra security" What are your guys opinions? Is it an overkill for the home user or just an extra security measure that can be taken?

Hi:

Does MBAE or EMET protect against keyloggers? I'll have to let someone else answer that...

I do not know about EMET.

MBAE does not protect against keyloggers, but MBAM does-- at least illegal ones (there are certain legal keyloggers used for legitimate purposes, e.g. in an Enterprise environment).
Your AV may also protect against some of them.

Unlike MBAM and your AV, MBAE does not protect against the "what" of malware.
It protects against the "how" of malware.
It is a pre-infection, preventative protection mechanism.
There are a number of informative pinned topics and webinars/videos on the internet that explain further.

>>As an aside: to work properly (as with most security software), MBAE (and MBAM) need to be installed and configured from a Windows Admin account.

Cheers,
MM

Hi:

I apologize for back-to-back posts, but I have received confirmation from the VP of Technology (and former Senior Technical Product Manager for MBAE), Pedro Bustamante.

So, for the OP, for @DavidE and for anyone else who might read this thread....

1) Yes, if "auto upgrade" is disabled, the user will be shown a dialogbox that says "new version available, do you want to install [ok/cancel]" when a new version is available.

That confirms the behavior I reported earlier.

2) This applies to all Premium, Free and Trial.

Ditto.

3) Yes, MBAE needs to be installed from an Admin account as it needs to install a Windows Service. Once installed, to make any changes to the configuration, it also needs to be done from an admin account.

Ditto. So, if the program was installed under a limited/standard user account, it should be cleanly removed and reinstalled from an Admin account in order for the program to perform correctly. I would be happy to provide tips/best practices for such a clean reinstall, if needed.

Thank you again,

MM

Thanks for that info.
I unchecked Automatically upgrade to new versions
I'll see if that change makes any difference the next time a new version is available.

The problem for me is there is no way for me to manually Check for new versions and run the update when i want to.
The Auto check only happens once per day, so i can't control when the update is offered and i can choose to update.

I normally log in with a Standard account, and that's when i get notified of a new version.
If i log off and log back in as an Admin, i don't get the new update message for a day or so, and i can't manually check and update to the new version.

I don't want to be logged in as an Admin for a day waiting for the message/option to update MBAE is re-offered.
I don't want to update the program when i am logged is with a Standard account.

Most programs i use have a "Check for updates" option.
I don't see this option in MBAE (free).

I don't think this affects most users, they probably normally log in with an Admin account.
They can do the program update when it is offered if they want to.
I consider my situation a one-off personal problem because of the way i use Windows, with a Standard account.

Well I still don't have an answer to whether I should do away with EMET due to the secondary logon vulnerability. Anyone?

Hi, @DavidE:

A "check for updates" button has been an RFF by one or two users for future program versions. I do not know if or when it will be implemented. However, the best place to reiterate such a request would be at the MBAE Forum (Questions/Comments) section. That way, your request will be seen by the developers.

Having said that, MBAE does not use definitions or databases. So, the only updates are PROGRAM updates. Those occur only a few times a year. There's really no need to perform manual, frequent update checks. As previously explained, the ~once day automatic and silent update check is more than sufficient. You will be notified when/if a new program version is available. If you have auto-updates disabled and choose not to update at that time, you will be notified again ~a day (or a system cold start) later. Other strategies include checking the MBAE forum from time to time -- new beta and release builds, with changelogs, are posted there. There is a dedicated forum pinned topic devoted solely to MBAE updates. And one can always manually download the latest release build from the MBAE product page. Unless it's announced otherwise by the developers, new builds may be installed on top of one's existing installation. But, again, new program updates are released only a handful of times a year.

And, to respectfully reiterate the information here, it's critically important that MBAE be installed and configured from an Admin account. This includes any configuration changes. Once installed and configured from that Admin account, it will run pretty much silently, with no user interaction needed by any user. There should be no need for a standard/limited user to interact with or change anything in the program. Attempts to do so may cause performance or stability problems, as such accounts do not have access to the system files needed for the program's operation.

Thank you again,

MM

@MoxieMomma
Thank-you.

DavidE said:

The auto-update program updates are the problem.
For me for, in the free version, i don't see a choice to be notified of a new update and have any control.
If I'm logged in as a Limited account, MBAE wants to update the program.
I can't/won't do that without doing a system image backup first, and logging in as an Admin before updating ANY Security program.
I think i tried updating the program logged in as Limited a long time ago, and that never worked
Well, when i decline the "update now" for the MBAE program update, it takes at least a day to get offered the update again.
And by then I'm logged in as a Limiter User again, I'm not going to stay logged in as an Admin, just for an MBAE update.
Yea, I've downloaded the latest MBAE version for a pgm update as admin, and using that is another experience

Automatic upgrade can be turned off.