- Dec 29, 2012
- 235
HitmanPro.Alert 3 delivers comprehensive exploit protections and anti-espionage technologies to both home users and IT professionals. The software works in real-time and does not rely on signatures or the cloud.
During development we planned and released four versions of HitmanPro.Alert 3 as open beta to a limited group, a security software enthusiast community. With each of these Community Technology Preview (CTP) builds we introduced new features for directed and focused testing of the planned features.
CTP1, released in July 2014, was our first development release of HitmanPro.Alert 3 wherein we introduced our hardware-assisted exploit mitigations. A few weeks later, with CTP2, we added the ability for users to add and protect custom applications through an easy-to-use Running Applications interface. In CTP3 we enabled our network inspection driver and delivered Network Lockdown for Java applications, while we also expanded support to all Intel® Core™ i3, i5 and i7 processors for our hardware-assisted exploit protection. With the fourth and last Community Technology Preview (CTP4), released in September 2014, we introduced Application Lockdown, Virtual Machine Simulation (part of Active Vaccination) and a second (default) Simplified User Interface. In addition we applied Network Lockdown not only to Java but also Office applications, while we improved compatibility with applications reported by the security community.
Release Candidate
This Release Candidate introduces BadUSB Protection, Import Address Table Filtering (IAF) (part of Control-Flow Integrity), Heap Spray Pre-Allocation (part of Dynamic Heap Spray), default Keystroke Encryption for password manager applications and several improvements to CryptoGuard and Application Lockdown. The program is now feature complete and comes with 10 built-in languages. Though, depending on feedback, minor things might still change before the General Availability release.
Exploit Test Tool:
http://test.hitmanpr...hmpalert3rc.zip
During development we planned and released four versions of HitmanPro.Alert 3 as open beta to a limited group, a security software enthusiast community. With each of these Community Technology Preview (CTP) builds we introduced new features for directed and focused testing of the planned features.
CTP1, released in July 2014, was our first development release of HitmanPro.Alert 3 wherein we introduced our hardware-assisted exploit mitigations. A few weeks later, with CTP2, we added the ability for users to add and protect custom applications through an easy-to-use Running Applications interface. In CTP3 we enabled our network inspection driver and delivered Network Lockdown for Java applications, while we also expanded support to all Intel® Core™ i3, i5 and i7 processors for our hardware-assisted exploit protection. With the fourth and last Community Technology Preview (CTP4), released in September 2014, we introduced Application Lockdown, Virtual Machine Simulation (part of Active Vaccination) and a second (default) Simplified User Interface. In addition we applied Network Lockdown not only to Java but also Office applications, while we improved compatibility with applications reported by the security community.
Release Candidate
This Release Candidate introduces BadUSB Protection, Import Address Table Filtering (IAF) (part of Control-Flow Integrity), Heap Spray Pre-Allocation (part of Dynamic Heap Spray), default Keystroke Encryption for password manager applications and several improvements to CryptoGuard and Application Lockdown. The program is now feature complete and comes with 10 built-in languages. Though, depending on feedback, minor things might still change before the General Availability release.
- Added BadUSB Protection, which warns users when they connect a USB device with keyboard functionality. USB devices can potentially contain hostile firmware to infect the computer with malware, or open it for remote attackers. New connected USB keyboards are blocked until the user recognizes and allows them.
Background information on BadUSB: http://www.wired.com...ble-usb-attack/ - Added Import Address Table Filtering (IAF) to the Control-Flow Integrity module. This new exploit mitigation feature hides IAT function addresses (e.g. VirtualProtect) and validates that both IAT function caller and IAT table belong to the same module. This effectively helps prevent attackers from bypassing Windows security features like ASLR.
- Added ability to unblock objects blocked by CryptoGuard. It allows users to view and unblock processes or remote computers that were attacking local photos, documents, or other data.
- Added automatic exploit protection and Keystroke Encryption for password manager applications, including KeePass, 1Password, Password Safe and Enpass.
Background: http://arstechnica.c...asterpasswords/ - Added Heap Spray Pre-Allocation to the Dynamic Heap Spray module. Whereas the Dynamic Heap Spray mitigation handles the larger heap spray attack, the Heap Spray PreAllocation mitigation pre-allocates commonly used memory addresses, like 0x0c0c0c0c, to stop less-creative attackers from spraying it with hostile code.
- Added DEP (Data Execution Prevention) alerts when attackers try to execute code in memory areas marked for read/write only.
- Added 9 languages: Portuguese (Brazil), Chinese (Simplified), Chinese (Traditional), Dutch, French, German, Italian, Russian and Spanish.
- Improved Application Lockdown to block attacks that abuse Microsoft PowerShell or macros in Office documents.
- Improved Webcam Notifier, which now practically supports every webcam (not only camera’s that rely on usbvideo.sys). HitmanPro.Alert will warn the user and block the video stream until the user allows it.
- Improved the CryptoGuard detection logic to handle crypto-ransomware that rename the attacked data, like CTB-Locker.
- Improved protection of the 32-bit Internet Explorer browser on 64-bit Windows.
- Improved detection of running (interactive) applications so more software can be manually added Exploit Mitigations.
- Improved the safety notification border around protected applications. It will now reveal which modules are active when the user clicks on the HitmanPro.Alert icon in the lower right corner of the border. In addition, when the border is visible and the user types in e.g. the web browser, the encrypted keystrokes are shown in real-time.
- Improved the security of Alert’s modules in applications to prevent skilled attackers from disarming protection.
- Improved network performance on Windows 8 (WFP driver).
- Improved HTTP filtering (TDI and WFP drivers).
- Improved the “Attack Intercepted” dialog, which now automatically resizes depending on the alert contents.
- Improved high-DPI display support.
- Improved compatibility with Microsoft EMET 5.1.
- Improved upgrade from HitmanPro.Alert version 2 to version 3.
Exploit Test Tool:
- Added the ability to detonate exploit tests in other applications like Internet Explorer, so it’s now even easier to check the pc’s security posture (i.e. verify capabilities of all installed security software combined).
- Added ROP – CALL preceded VirtualProtect() test, which can only be blocked by HitmanPro.Alert when performed on physical hardware (i.e. not in a virtual environment).
- Added DEP, IAT Filtering, and two Lockdown tests.
- Improved ROP and Heap Spray tests in the Exploit Test Tools so they no longer trigger incorrect security features of Microsoft EMET.
- HitmanPro.Alert 3 is not compatible with Sandboxie on Windows Vista.
- Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
http://test.hitmanpr...hmpalert3rc.zip