While the world’s largest antimalware labs are at their wit’s end trying to contrive a solution that would efficiently combat crypto ransomware, the Dutch company called SurfRight has got a response for this tough challenge. The new HitmanPro.Alert 3.5 product accommodates a unique CryptoGuard technology, which goes above and beyond the traditional virus detection paradigm. Rather than focus on static properties of file-encrypting ransom trojans, it revolves around specific behavioral traits that accompany such a compromise. Once the application spots suspicious activity attempting to scramble the inner structure of files on a computer, it instantly terminates the offending process and notifies the user. The tool proved to be highly effective in blocking the prevalent ransomware strains, including CTB-Locker, CryptoWall and VaultCrypt.
Aside from the CryptoGuard functionality, HitmanPro.Alert’s Risk Reduction module delivers supplementary system hardening functions, such as keystroke encryption, process hollowing prevention, backdoor traffic blocking, USB monitoring, webcam abuse notifier, the thwarting of privilege elevation, and process sandboxing. The idea is to mitigate the damage even if malicious code has ended up inside the system.
The software is also proactive in the domain of preventing the exploitation of vulnerabilities in unpatched software. Furthermore, the Safe Browsing functionality safeguards the web surfing environment against banking trojans and performs keystroke encryption to enhance the customer’s privacy. To its credit, this solution boasts small footprint and works smoothly in tandem with other antimalware utilities.
- 32-bit and 64-bit versions of Windows XP (SP3) / Windows Vista / Windows 7 / Windows 8 / Windows 10
Acquaintance with HitmanPro.Alert 3.5 starts with downloading a 4.5 MB stub installer and launching it. Once this is done, you are literally a few seconds away from completion of the setup process. The product initially requires as little as 5 MB of free space on drive C. In the course of installation, you are suggested to select the protection level: maximum (recommended) or anti-ransomware only. The trial license is valid for 30 days. There are currently 17 interface languages to select from.
At first, the application displays “You are at risk of cyber attacks” message on its main pane, since a scan has never been run on the computer. To rectify this uncomforting status, just select the ‘Scan computer’ option. It took the program 7 minutes and 49 seconds to perform a complete checkup of the 500 GB hard drive on our lab machine. That’s a commendable benchmark. Regarding the performance impact, HitmanPro.Alert 3.5 with CryptoGuard doesn’t cause any appreciable slowdowns. Some CPU consumption increase during scans is nothing out of the ordinary. During the test, there were no conflicts between this product and Windows Defender that was also running on the system.
The GUI is clean and quite streamlined. By default, the application opens up in standard mode, displaying the defense status, ‘Scan computer’ option, the number of alerts and last alert instance, as well as ‘Exploit protection’, ‘Benefits and advantages’, ‘Safety notification’, and license icons. By clicking the gear icon in the top right-hand part, you can switch to ‘Advanced interface’ mode. In this case, the app presents additional sections for safe browsing, exploit mitigation and risk reduction, with multiple toggling options inside. Although the advanced layout is claimed to be for experienced users, we recommend sticking with it for a better outlook of the protection arsenal.
The attendant graphical effects include semi-transparent system tray notifications that reflect the status of keystroke encryption when you are typing something in the browser. These momentary popups might be irritating at first, but you get used to them quite quickly. A small glitch that we noticed during the test had to do with switching between windows via the Alt+Tab shortcut. The task switcher interface would freeze once in a while.
As opposed to the plain HitmanPro edition which provides on-demand remediation only, the product in question accommodates real-time defenses via an abundance of extra features. Effectively, it is a toolkit delivering multi-layered protection in several critical areas. Below is a review of the most prominent constituents of this remarkable feature set.
- CryptoGuard is the module aimed at detecting ransomware plagues and preventing them from encrypting your personal files. This intelligent tool is able to identify the behavior of crypto infections while taking their static characteristics out of the equation. Such an approach makes it possible to spot and block a vast range of ransom trojans before they can impair damage to the filesystem and hold important data hostage.
- The Webcam Notifier feature is self-explanatory. It displays an alert whenever unauthorized webcam access on the computer is detected.
- Process Protection is a smart technique that thwarts process hollowing. Also referred to as dynamic forking, this offending tactic consists in high-profile obfuscation and subsequent execution of malicious code while making it look like the process is benign. HitmanPro.Alert 3.5 with CryptoGuard can easily recognize this backstage activity and terminate it.
- Keystroke Encryption makes it impossible for intruders to record your keystrokes and thus get hold of your sensitive data, such as passwords and other online credentials.
- Network Lockdown identifies attacks that are accompanied by attempts to reach out to a C2, or Command-and-Control server. By the way, most crypto ransomware samples operate this way, so this feature poses an additional layer to combat these nasty threats.
- BadUSB is SurfRight’s response to the compromise vector where an attacker emulates keyboard input through the use of reprogrammed firmware of a USB device.
- The Vaccination functionality simulates an environment set up for malware analysis. Consequently, sandbox-aware infections will discontinue the attack and self-destroy.
- Owing to the Safe Browsing module, you are protected against banking trojans and keyloggers when online.
- Exploit Mitigation poses an extra protection component, where web browsers, Java applications, media, office products and plugins are monitored for unpatched vulnerabilities that may be used by threat actors to run arbitrary code on the machine.
First and foremost, HitmanPro.Alert 3.5 with CryptoGuard is absolutely indispensable in terms of ransomware protection. The dedicated feature instantly identifies ransom trojan-specific behavior and prevents the offending code from applying cryptographic algorithms to make files inaccessible. The product fares much better in this regard than competitor solutions.
According to Real World Exploit Prevention Test conducted by MRG Effitas, an independent UK-based security research company, this software blocked 100% of the exploit kits and 0day threats fired at the test system.
HitmanPro.Alert detected a total of 341 threats on our lab workstation in a matter of minutes. Most of these were tracking cookies and browser hijackers that Windows Defender failed to spot even in the course of an hour-long full scan. Whereas these are low- to medium-impact infections, they are definitely not welcome on a healthy computer, so this isn’t a false positives type of thing. It took the program about 15 seconds to obliterate all the spotted entries. Furthermore, the fact that all keystrokes during Internet browsing sessions are encrypted adds some more confidence to the mix.
Help & Support
Unfortunately, HitmanPro.Alert 3.5 with CryptoGuard has no built-in support option. Instead, the whole troubleshooting assistance is hosted on the vendor’s official Support page. The topics covered there include licensing issues, system recovery tips, automatic update problems, and the use of the product on a business network. Live support is provided via the custom TeamViewer solution that can be downloaded on the same web page. This way, a certified expert can remotely access your system and rectify issues if any.
- Anti-ransomware CryptoGuard module
- Multiple risk reduction features
- Online security functionality
- Exploit mitigation
- Small footprint
- Quick scanning and cleanup
- No conflicts with third-party suites
- No support option built in
- Alt+Tab windows switching lags
HitmanPro.Alert 3.5 with CryptoGuard does an immaculate job protecting a Windows computer against uncatalogued threats and crypto ransomware. The product intelligently identifies malicious behavior beyond signature-based analysis, which makes it highly responsive to 0days. Furthermore, it safeguards the user’s privacy by utilizing a well-balanced combo of online security tools. Meanwhile, the considerable defense and damage mitigation power does not affect system performance to a noticeable degree.