Saturday, June 20, 2015

Another Exploit Protection Option: HitmanPro.Alert

I take a layered approach to my personal Windows systems; defense in depth.

With beefy i5-i7 cores and lots of system RAM, strategically running multiple (complementary) security products has been fine so far.

One of the more “recent” set of layers added has been deployment of zero-day “anti-exploit” tools that monitor system activity and application behavior, particularly at the web-browser applications.

Malwarebytes Anti-Exploit (free version) seems to be doing quite a good job.

I couple that with Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). Although, on Lavie’s Windows 8.1 system I had to disable the IE browser protection (or heavily tweak it) to get it to play nicely with MAE.

So, while I was combing through my RSS feeds recently, I saw a mention in a HitmanPro blog posting that referenced another anti-exploit tool; HitmanPro.Alert.

The information on the SurfRight product page for HitmanPro.Alert gives a very good overview of the different exploit protections HitmanPro.Alert provides. They “handily” compare their product to four other products, general AV, MBAE, EMET, and PaloAlto Network’s TRAPS.

Unfortunately, while they do provide a free download link, it isn’t exactly clear that this is a trial version.

I installed it on my workhorse Win 7 x64 bit system “Alister” and it went on quick. The interface was easy to navigate (and I liked the Advanced view option).  It began with a scan that found a gajillion threats out of the box on my system. Sadly they were but a sample of the security, network scanning, and account recovery tools and utilities I keep handy. No true “threats” were actually found--which is a good thing I suppose. I’m sure I could have whitelisted apps, folders, etc. to cut down on these. It was great that it found so much so quickly, but on my system, this extra layer of AV protection was a bit more than I expected or needed from an anti-exploit product; EMET, MBAE, MBAM, MSSE, & CrytpoPrevent have me heavily covered.

I couldn’t find a purchase option for HitmanPro.Alert by itself. Rather it seems that you can purchase it as part of a licensing bundle with their HitmanPro subscription license.

That said, if you are looking to up your game for exploit protection and don’t wish to fiddle with the advanced management required by EMET, HitmanPro.Alert may be worth considering. It also seems to provide additional protections beyond both the free and premium ($) versions of MBAE.

Cheers,

--Claus Valca

No comments: