Monday, March 12, 2007

HijackThis 2.0.0 Beta Released--with a Twist!

I was checking my RSS feed for and was surprised to find that HijackThis was just now being offered at a 2.0.0 Beta level.

This was exciting stuff for a malware-fight'n dude...especially since the last release version has been at 1.99.1 for many years.

Then my socks came off!

Seems the developer, Merijn, had decided to sell HijackThis to TrendMicro under their TrendSecure online services label.


First I popped over to Merijn's website to see if this was true:

As some of you might have seen several IT news websites are offering Trend Micro HijackThis 2.00 beta. An official statement will be posted on their website soon, but since this is a public beta of theirs I figured it'd be best if I answered the question I'm going to get asked a lot, right now.

This is not fake, I sold HijackThis to TrendMicro. Their product incorporates all changes, updates and fixes that I was planning on adding in the v1.99.2 release. I made sure of that and I hope no one will be disappointed with it.


I sold HijackThis because I had been sitting on an unfinished update for over a year and I still could not make enough time to finish it. My uni classes are taking up a lot of time and I want to set my goals a bit wider than just the antispyware business (though I still love it). Sitting on an unfinished product until it becomes obsolete is not useful, so I decided to transfer the responsibility to TrendMicro (who have also taken care of my CWShredder) so they can give it proper attention and support. Where the will take HijackThis, I do not know - but I am sure they will respect its goals and what it stands for.

Yep. How about that!

So I popped over to take a look at the the new Trend Micro Hijack This page.

Yep. Looks nice and slickly presented.

So I downloaded it and gave it a whirl.

So's pretty much the same as before.

Some of my my initial observations are

  1. It ran a fast scan (but not necessarily faster than the previous version).
  2. There is now a button on the scan page to upload items to TrendMicro for "AnalyzeThis"
  3. There is now a button on the scan page to return directly to the main menu.
  4. Everything else looks pretty much the same.

While it is exciting in a poignant way to see that HijackThis is reaching what will (hopefully be) fresh development in the anti-malware arms-race...this 2.0.0 beta version doesn't have much to get excited about...yet.

Some on the web are posting about the death of HijackThis since it has gone "commercial". Others are wondering why Merijn didn't just make it OpenSource. I don't know. For now, I'm keeping an open mind and attitude and will wait and see. I've been using the last Merijn version (v1.99.1) for a long time and it has held up well. It will be floating around the Internet tubes for those unsatisfied with the "new" TrendMicro builds. So far, the 2.0.0 beta version seems like a nice development. I'm just sad taht Merijn couldn't keep it going himself. But I understand.

HijackThis is one of my "holy horsemen of the Apocalypse" of malware fighting and assessment tools. I never approach a compromised Windows machine with out this one. It isn't for amateurs, and there are many similar tool available now that do what it accomplishes...but it my humble of the very best of it's kind.

So I wish the very best for Merijn and appreciate all he has done to develop this tool. And I look forward to seeing more development and enhancements to HijackThis from TrendSecure in the the future.

Happy hunting...


Update: Here are the changes reported to be made to version 2.0.0 beta since the last version:

Latest Changes:
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check

No comments: