ExploitShield: new anti-exploit software for Windows

Martin Brinkmann
Sep 28, 2012
Updated • Sep 28, 2012
Security, Software, Windows, Windows software

Traditional options to protect a computer from malware and exploits often rely on knowledge of the exploit or an exploit family to detect it. While that is effective to some degree, it usually falls short when it comes to new types of malware that signature or heuristic based applications can't detect until they are discovered. Most computer users and companies shy away from installing advanced protection technologies that protect the system via sandboxing or whitelisting from unidentified exploits. While effective, they are usually not that easy to set up and maintain.

ExploitShield by ZeroVulnerabilityLabs has made the round in the last 24 hour period. The available beta version protects popular web browsers, including Google Chrome, Mozilla Firefox, Opera and Internet Explorer automatically when it is running on the system.

You may ask yourself what it is doing exactly, and this is where things get blurry.  The developers claim that it shields applications against exploit attacks against software vulnerabilities, but do not go into detail how this is achieved.  All that is revealed is that it is not relying on blacklisting, whitelisting or sandboxing. This suggests some form of exploit mitigation technology similar to what Microsoft's EMET does.

Exploitshield in particular is said to

  • protect against all known and unknown zero-day arbitrary code execution vulnerability exploit attacks.
  • shields applications in a way that it cannot be exploited through any of its present or future zero-day vulnerabilities.
  • be malware agnostic, meaning that it will block exploits coming from malware that traditional antivirus solutions do not know yet.

Those are bold claims that need to be verified by trusted third parties. The beta version only protects web browsers, Java, and web browser components - which means plugins - from being exploited. A corporate edition furthermore adds programs such as Microsoft Office, Adobe Reader or Acrobat to the list of shielded applications.

ExploitShield protects the programs against exploits that result "in complete system compromise by running arbitrary malicious code and which are normally used by cyber criminals to infect users with financial-driven malware, botnet infections or corporate espionage malware". The program blocks the execution of malicious code once it detects exploitation attempts. The affected application will be closed for stability purposes, and information about the attack attempt are uploaded to company servers for statistical analysis. According to the FAQ, no personally identifiable information are sent to the server.

ExploitShield is an install and forget type of application that works silently in the background once it is running on the system.  The program is fully compatible with all recent versions of Windows, from XP to Windows 8.

Here is a video released by the company that is showing how exploits are blocked by the program.

I will keep an eye on the progress the company makes, and any third party research or validation of the claims that are made by the company. For now, I'd take the claims with a grain of salt until they have been confirmed by independent research. (via Techdows)


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Martin said on March 12, 2023 at 3:05 pm

    An even quicker way to open Task Manager is by pressing Ctrl+Shift+Esc.

  2. archie bald said on March 12, 2023 at 4:32 pm

    Win+Pause used to be the goto shortcut for me since… W95… Ms recently hijacked it and you now get Sysinfo. Device manager is still accessible this way: the second to last link at the bottom.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.