How is Herdprotect doing it?

Discussion in 'other anti-malware software' started by metmichallica, Mar 28, 2015.

  1. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    You think the program has over 60 engines and is still free. That leaves people wondering where all the money is coming from. You also have to worry about false positives and the files it collects.

    I don't know maybe if I didn't have Zemana Antimalware I'd try it. Have you tried it and what do you think if you did or do you have your doubts about Herdprotect like I do. Please share your thoughts. Thank you.

    Michelle
     
  2. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    People assumed it had some kind of deal with Virustotal, however that part is cloudy and it appears that the development has stopped (I don't think the software recieved any recent updates for several months)
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    The money comes from Andrew Newman, who recieved roughly $400,000,000.00 from Microsoft when they purchased his flagship "Giant Antispyware".. It's bored, so he made Herdprotect when his non-compete ran out with Microsoft.
     
  4. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    Thank you, people are saying it is not going to stay free though I love freebies but I guess it shouldn't. I got a lifetime license of Zemana Antimalware and have been using that. It was free, because they gave beta testers a lifetime license. I ran Hitman Pro which I do not have a license for (I am using the free version which scans for and only removes like tracking cookies). It detected something in google chrome from ask.com and deleted it. I think it deleted a file called Web Data. I don't know how the hell it detected something Zemana missed, but it didn't categorize it as a threat. That's why it deleted it. Who the hell is going to pay for only two antivirus engines in Hitman? Oh believe me I wrote them. I also e-mailed them about the lie on the page saying it scans with all those engines.http://www.surfright.nl/en/hitmanpro/. It only uses two. Zemana made a wise decision to stop using them.

    Do you mind if I post a Trustport promo for a year of Trustport free? The only thing is I am not sure if everyone can get the promo or if it is only limited to a reader of a mag or something. I didn't get the offer. I use Norton, but maybe someone really wants a year free. I'll send you the link so you can check it out if there is a way to pm someone on here.
     
    Last edited: Mar 28, 2015
  5. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    You know I tried Herd Protect, but when it got to the point that it wanted to cloud scan over 8,000 files I canceled the scan. I am not waiting through all that. That is when they upload the file to the cloud. My bandwidth is limited from my isp also.
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    433
    Location:
    Hengelo
    The
    Apparently there is a big misunderstanding on how HitmanPro works. HitmanPro does not require antivirus engines or virus signatures to catch threats. Our product is technically very different compared to other solutions in the antivirus and antimalware industry.

    At the core HitmanPro is based on a forensic behavioral scan and does not work with virus signatures. Actually, this means that HitmanPro does not look for verified malware at all. That may be a shocker but it makes perfect sense. We designed HitmanPro as a second opinion solution, to kill threats that your antivirus missed. In order to be able to do that it has to be fundamentally different, and as a result HitmanPro can also catch malware that no one knows about yet and where antivirus solutions have no signature for (the zero-day or early-life threats). Since most antivirus solutions rely on signatures (incl. most heuristic signatures), they are always lagging behind attackers. Antivirus solutions do not target what they haven’t seen before – they are in a cat-and-mouse game and this is a fundamental difference compared to HitmanPro.

    With its forensics based core, HitmanPro basically works like a crime scene investigator or incident responder. It analyzes the programs on your computer and looks for unethical behaviors – including the behaviors that happened back in time, in the past when HitmanPro was not even on the computer. It tries to get answers to many questions, like (not a complete list):
    • Is it a known legitimate and trusted program?
    • When did it enter your system (date, time)?
    • How did it enter your system?
    • Did the program came from the internet? What address?
    • Did the program came automatically on the computer at the same time the user was browsing the web (e.g. drive-by exploit attack)
    • Can the user uninstall the program using the regular steps?
    • Does it try to survive on your system?
    • How does it run automatically when you start the computer? (there are many ways and tricks to look for)
    • Is the program encrypted, perhaps to evade security researchers?
    • Does it show version information and origin data?
    • Is it signed with a crafted certificate to thwart antivirus solutions?
    • What is it currently doing (is it active)?
    • Does its process reveal where or if it’s on the disk?
    • Is it communicating or listening for inbound connections?
    • Can the user interact with the program (does it e.g. have a window with controls)?
    • Is the program visible for the user, Windows processes and antivirus software?
    • What other things happened at the same time when the program came on the computer?
    • What is its relation to other programs and their behaviors?
    When you ponder this list, you can understand that you should not run HitmanPro in safe mode, as it affects the ‘mining’ of behaviors; in safe mode, malware may not be active which affects the results. You could say that the more tricks malware has or tries to hide, the sooner it will be picked up. And HitmanPro can show you this data. Just double click on a detected item and you will get a list of some of the evidence it found, including registry and process objects, forensic cluster and a threat severity score. A knowledgeable person can also use this information to determine if a program belongs on the computer or not. Some examples:
    nbccom_citadel.png

    HitmanPro also has several unique cloud components:
    1. Our CAMHB technology (Cloud-Assisted Miniport Hook Bypass) provides new communication addresses for HitmanPro, so it can communicate directly with the lowest hard disk driver on your computer. This comes in handy when a rootkit is manipulating the Windows device stack to prevent the user and antivirus software from accessing the sectors where the malware lives. HitmanPro can compare the data on the raw sectors with information it gets back from the Windows API’s. HitmanPro has its own Direct Disk Access module, which also contains e.g. a NTFS disk parser, so it does not have to rely on functions offered by the system (which are often manipulated).

    2. Our Prestine cloud service returns safe clean versions of infected system files, when HitmanPro was unable to find a safe clean version locally. Because instead of trying to remove an infection, HitmanPro replaces it with a non-infected version downloaded from our server. Because attackers have unlimited ways to infect files, it is impossible to create a disinfection solution for each virus type. So HitmanPro does not need to know how a virus works in order to recover you from it.

    3. Our Gossip cloud service helps HitmanPro to target e.g. fake antivirus software. These types of malware (Fake AV) behave like legitimate software. These infections are often discussed on security forums way before antivirus solutions have a signature for them. Our Gossip technology leverages search engines to ‘hear’ what people are talking about in security forums.

    4. Our Excalibur remnant cloud service offers users with clean-up detections for cases where e.g. your antivirus software (only) removed the malicious program at an earlier point in time. Since the forensic scan relies on this malicious program to come up with evidence and a thorough removal recipe, the remnant scan offers a way to remove the remaining objects that the antivirus solution was not aware of. This technology is also particularly effective against potentially unwanted programs (PUPs) as well.

    5. Our Strider third opinion cloud service offers signature-based knowledge of threats that HitmanPro found on your computer and found before on other people’s computers. This can be helpful so users can know what kind of threat their computers were infected with. This also helps in case HitmanPro could not find enough evidence to flag a file as malware. This is apparently the service some people judge our solution for – the detection by Kaspersky and Bitdefender, which are our trusted signature partners.
    Crusader
    After HitmanPro created the list of objects to attack, it engages its Crusader removal engine. This is another technology of ours that works with the evidence gathered during the forensic behavioral scan and, when needed, will also involve our CAMHB and Prestine technologies. Because depending on this information it takes different steps to ensure proper removal of the threats. It also deploys locks on the malicious objects so the active malware cannot re-infect the system during the removal process.

    More is not better
    I’d like to point out that introducing more engines does not simply improve malware detection or removal. It also increases the likelihood of false positives on legitimate programs. Since we do not use any Kaspersky and Bitdefender code in our client software, we do not benefit or inherit issues either.

    Judging HitmanPro on the amount of engines sounds great, but Kaspersky and Bitdefender are not the ‘engines’ you should be talking about. E.g. if a sector or file is actively camouflaged by malware, it does not matter how many engines you have. You need the technology to be able to read the data in the first place. And removing malware is a totally different game. Doing it wrong can wreck a computer, making problems worse than the malware infection. Threat removal also has little to do with how many ‘engines’ a product has. These are some nice examples:
    So, as you can see, there is a lot more involved than meets your eye. And I haven't even talked about our other stuff, like Force Breach, Kickstart, or technologies like CryptoGuard and Hardware-Assisted Exploit Mitigations in our new real-time product called HitmanPro.Alert (which is a free solution when you already own a HitmanPro license). And you can help us while we build HitmanPro.Alert. Just chime in here: https://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/
     
    Last edited: Mar 29, 2015
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Also Andrew is building his own engine using algorithms, and signature results from Herdprotect, and his "Should I remove it" product. "Reason Engine"

    Ultimately, I believe his goal is to release a complementary product to AV's with very advanced reputation, signatures, and heuristics.
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    I was going to add that the hitman pro scanner comes with a free exploit protection licence until mark posted.
    But its worth mentioning again :)

    Major plus for me and some thing malwarebytes should look at.

    I have both product licences.
     
  9. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    You know what I thought of when I read your post. Symantec their detection rating sucks, but I was told their program doesn't rely solely on antivirus signatures to catch a threat. I don't know your program sounds state of the art, but when your program cannot detect a simple eicar string placed on your desktop when running a scan you begin to question this program.

    Edit: It should also be noted that both Kaspersky and Bitdefender detect eicar. It is possible your program may not be scanning the desktop or something. I thought your program would detect it. I wanted to see if your program would actually make me pay to remove eicar. I could have deleted it myself, but I was the one who put it there. I had to disable Norton to do that.
     
    Last edited: Mar 29, 2015
  10. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,280
    So, what's the verdict. Is herdProtect alive and well and worth my time ?
    fwiw ~ herdProtect Contact Us never replied to my email
    fwiw ~ herdProtect knowledgeBase is current
     
  12. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    Lets hope you don't have a lot of files to be cloud scanned. It would have been worth it, but I did.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    I meant to say that they the two are included for the price of one.
    Malwarebytes you have to buy both or use the free version.
     
  14. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    I have a lifetime license of Malwarebytes Anti-Malware which was purchased I think in 2010. I will expect to use that license till I die. If they'd offer lifetime licenses I may consider buying it. The same with Hitman Pro. I just cannot see buying Hitman when I already have Zemana Anti-malware. I am a person who likes getting stuff for free, legally. And I will support a company if they give free stuff. For example if Hitman had promos I would be on top of that in a second and then I would see if their program was as good as they say it is and then I may consider purchasing it, but they have no promos that I ever seen. The only reason I am sitting and talking about Hitman is because Zemana gave lifetime licenses away. Otherwise I wouldn't be talking about anti-malware suites at all. So Hitman can thank Zemana for me testing their program at all.
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Mark, great reply :thumb:
     
  16. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    Yes, but it is still not making me reach in my pocket. Norton has advanced protection features too and I use that for free legally because it is free from my isp.

    Once I bought an antivirus out of what a company says it can do and I ended up regretting it. It said it could protect you from all these viruses and it just ended up being a load of crap. Another time I bought Mcafee Virusscan 7.0 and was left with a bunch of bsods. You have to watch what you buy online or you may end up regretting it.
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,235
    @metmichallica That's what trial versions are for. In my opinion you should never buy a security product without thoroughly testing it first to see if it has any problems on your computer.
     
  18. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    With the Mcafee program I didn't really notice it till after I bought it. One time years ago a Mcafee moderator that I used to talk to told me he used Mcafee only because it was free for his company he worked for. He told me he would have used a free solution if he didn't get to use Mcafee for free. Then my internet provider started offering Mcafee for free years ago. Then they changed to Norton. Symantec seems to be be more concerned about losing my isp. One time they called here to see if I got the program activated, because they knew I was having problems. I did an online chat one day and they were having server problems. The online chat guy said to try in 24 hours and it worked, but they still called to make sure.
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You joined Wilders in 2005...but it doesn't sound like you have been actively interested in this area for a long time.
    Surfright have had several promos through the years, last one IIRC was around last years blackfriday.
    Yes, Free is sweet right, but some stuff are not free, and are worth paying for. It's all about what you want to spend your money on and how you prioritize, hobbies, cars, software.... The money e.g Surfright get from people buying their product (or supporting the company as you put it) allows them to stay in business, and maintaining their current products but also develop new products. Take Malwarebytes for example, they offered lifetime licenses for many years, but long term it's bad business model, especially when the company have grown and employee more people.

    Besides, it's quite hard to test out HMP to "see if their program was as good as they say it is" unless you do it properly. Installing it on your computer that I assume is clean and perform a scan will not show you much about it's capabilities.
    I hope you understand that Symantec didn't contact your ISP so they can offer Norton for free to you and other customers just like that. Your ISP and Symantec has a deal of course that makes this possible. Free for you, but not for your ISP. And I take it that you trust what you have read about Norton and it's "advanced" features, but Mark's very detailed reply above about how HMP really works wasn't enough. I am not trying to convince you to like HMP because you can do your own research, and there is probably enough posted about HMP on Wilders alone that will give you all the info you need about it if you search around a little.
    If you research and test out (if possible) the software you are interested in before you actually buy them, it can save from all that.
     
  20. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    I have been interested in staying protected online ever since the first year I came online back in 1998 or 1999. You can say what you want about Malwarebytes, but their on-demand scanner is free. Another example: Super Antispyware. Sure they don't give you real time protection unless you pay but it's still something. I know my isp pays Symantec. I never thought Symantec wanted to keep only my isp protected for free. Plus it was publicized how much Mcafee lost when they switched to Norton.

    I spend a lot of money on games, but the company gives me what I want. I wish I could say I spend a lot on Metallica, because they are my favorite band. That is not the case though. I like free promotions and stuff like that
     
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,280
    Yeah, the upload to the cloud / delayed result is an issue. I seldom re-scan for those items uploaded for analysis and needing re-scan. So, when I scan I'm always starting from scratch.
    @markloman Super great info #6. Pro n' Pro.AlertRC user. Thanks
     
  22. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    LOL, they gave me some explanation as to why their program doesn't detect the eicar test file. They explained it is not a virus which I already knew. Then they sent me to some blog saying more antivirus engines doesn't mean better protection. If Hitman Pro is using the kaspersky and Bitdefender engine their program should have detected it.
     
  23. Tarantula

    Tarantula Registered Member

    Joined:
    Jul 23, 2010
    Posts:
    357
    Thank you for all this info!
     
  24. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    232
    HitmanPro is free too, you do not have to activate the trial until you find any malware on your pc, altough i personally would always pay for what i like so that it will stay in business being actively developed the option to freeload is there if you like HMP.
     
  25. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    175
    I honestly don't know how I feel about the program enough to buy it. You can call me what you want, but everything mostly cookies and one file it removed for free. It would be stupid for me to pay for something I don't need. I would honestly rather support Zemana, because they did give me something for free. I use Zemana Antilogger free too, I been thinking about upgrading to the pro when I get the money.

    Edit: In Hitman's defense they told me not to go looking around for things it won't remove for free so they basically told me to freeload, lol.
     
Loading...