Is Hitman Pro really outdated for Malware experts?

Discussion in 'other anti-malware software' started by yongsua, Jun 10, 2011.

Thread Status:
Not open for further replies.
  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    If you scan with Early Warning Scoring (EWS) you should find the Rogue files.
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I think that the EWS scanning option should be more prominent in the GUI given it's potential usefulness.
     
  3. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Hitman Pro is a second opinion scanner. But how does it do against a file virus like virut. Did it survive?
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Hitman Pro is a made for novice computer users. Its goal is to provide a non-conflicting second opinion and allow novice users to take out the broadest range of malware without consulting an expert or resort to malware specific removal tools.

    Hitman Pro is a very modern multi-threaded scanner that combines a unique behavioral scan with a very strong cloud component that is used to provide file reputation, advice on miniport dehooking and AV partner scanning.

    Hitman Pro does not read files but reads low-level sector data. It has its own file system parsing routines in order to find very complex rootkits (e.g. TDL3/4 and MEBroot/Sinowal).

    Hitman Pro's malware removal process uses the output of the behavioral scan to build a recipe to take out the malware. No need for malware specific rules/definitions, everything is generic. The removal is capable in taking out rootkit watchdogs and is able to restore infected system files with clean versions at the sector level.

    Now Hitman Pro hides many of the mentioned complex internals for the end user to make the scan and malware removal process as fast, easy and understandable as possible.

    Early Warning Scoring (EWS) is a mode that exposes the internal scoring value of the behavioral scan to the end user. The end user must evaluate the listed file and its scoring (e.g. to recognize zero-day malware). The higher the score the more likely the file is malware. This means that the end user must be an expert. Novice users have no clue about common Windows files. Note: EWS can also be used when no internet connection is available.

    Because EWS is for experts, making EWS more accessible for novice users might do more harm than good because they might end up deleting files that should not be deleted.

    Hope this helps.
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks for clearing this up! I know completely understand the meaning of EWS.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I liked that explanation :thumb:
     
  7. Matthijs5nl

    Matthijs5nl Guest

    What is actually the domain of the suspicion score? And from what score will it be displayed in the results?
     
  8. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    To make that short it make use of Gmner catchme rootkit detector which everyone uses from Tdskiller to Combofix they all use it.
     
  9. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    I think you blew it for their developers lol your not suppose to give so much detail how it works I think the guy who makes Combofix choked on his tea reading that lol
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    LOL.

    Everything in Hitman Pro is built in-house. Hitman Pro 3.5 does not use third party software.
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    1. I am one of the developers of Hitman Pro.
    2. I did not give any more information besides the stuff that can already be found in our thread.
    3. You think when I say: disables rootkit watchdogs any developer is able to make that without details? Its like saying 'we've built a flying car' but I did not detail how. Without the specifics and skills its rather hard to make.
    I just listed the features again because people got it in their mind thinking Hitman Pro is outdated.
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The score comes from the behavioral scan.

    When a file scores < 21 AND particular behavior is detected it is listed in EWS (blue shield).
    When a file scores >= 21 or higher it is listed as Suspicious (yellow shield).
    When a file is recognized in the cloud it is listed as Malware (red shield).
     
  13. Matthijs5nl

    Matthijs5nl Guest

    Great, exactly the answer I wanted to get :D
     
  14. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    oh didn't know that. Some products if you ask what does it do more or less they go crazy like you were asking the CIA who shot Kennedy. Thx for the info. Defo going to give it a try.
     
  15. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Great Product with a nice detection Rate

    I like to see more stuff like it
     
  16. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    What about the use of 'force breach' mode, should it be promoted more?

    Eg. 'For systems with suspected active malware, holding the left ctrl key when launching Hitman Pro will shut down all non-essential Windows processes'...

    On the other hand, as Erik pointed out, doing more harm than good, that is a likely situation that could result. Like various AVs, maybe Hitman Pro can have the option of 'expert' or 'novice' mode from the main interface, which changes the main screen information and options.

    Expert mode could provide info such as what Erik listed:

    When a file scores < 21 AND particular behavior is detected it is listed in EWS (blue shield).
    When a file scores >= 21 or higher it is listed as Suspicious (yellow shield).
    When a file is recognized in the cloud it is listed as Malware (red shield).
     
  17. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Actually, the easiest option would be providing info like when using EWS and the rating system on an additional tab, called 'Expert users'.

    This could have a few bullet points, defining when to use EWS, the ratings, and how to employ force breach mode.

    HMP.jpg

    If us long-time users didn't know about the scoring system etc, many others may want to know this stuff as well, and might not be stopping by wilders. Best to have a few sentences in the main settings interface. :)

    Off-topic, I've used EWS before when a friend's system had no internet connection. EWS restored the connection and found various suspicious files. With a connection restored, HMP then found additional rootkits/trojans. When experts say it has no use, they might be talking about specific examples, for the majority of systems infected, does a fine job.
     
  18. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    100% Agree! :thumb:
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Hitman Pro could use a Help function indeed (supported by a few YouTube video's like the Force Breach demo). We are looking into that for version 3.6.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ahh,

    There will be a 3.6 before the 4.0? Will the 4.0 have a real time heuristics which rates intrusions according the early warning system methodology?

    (I hope so :D )

    Regards Kees
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    that will be very interesting
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Version 3.6 and 4.0 are developed simultaneously. Several key parts of 4.0 are already done but we decided to push out 3.6 with remnant cleanup. Some new technology (supported by research papers) will appear in 3.6 that lies at the core of remnant cleanup.

    Version 4.0 will have the bells and whistles ;)
     
  23. Nekromantik

    Nekromantik Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    107
    hope you guys do a special offer for wilders memebers :)
    like 50% off or something that includes the UK
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    good idea
     
  25. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    indeed.. and include canada, usa, uk :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.