Unsolved
This post is more than 5 years old
1 Rookie
•
5.8K Posts
0
11921
HitmanPro Updates, and Re-assessment
HMP has had several updates recently, the latest yesterday. You can view the changelogs here:
http://www.surfright.nl/en/hitmanpro/whatsnew
For those not familiar with HMP, it is a free "cloud-based" on-demand security scanner that utilizes several AV engines, to supplement your real-time AV. It does not replace your real-time AV, nor will it conflict with it. It scans only key areas of your system targeted by malware, and reports what it finds. The free version has no malware-removal capability, and provides no real-time protection (the paid version has both). More info here:
http://www.surfright.nl/en/hitmanpro/
It has been about 2 years since I last reviewed HMP, and a few things have changed since then.
1) HMP now uses the scan engines from 5 AVs for detection:
- Emsisoft (formerly a-squared)
- Ikarus
- Dr.Web
- GData
- Bitdefender (recently added)
It has dropped the ESET AV engine. But you get a "second opinion" from 5 reputable AV engines. The addition of Bitdefender is welcome, as it scored particularly well in tests by AV-Comparatives, and AV-Test in 2011.
2) When installing the download, you now have the option to activate a free fully functional 30-day trial version, after which it reverts to the free version. Alternatively, you can hold off activating the free trial until the on-demand scanner detects something. This is the option I have chosen. This option removes the chances that a false posive detection removes some critical system file, thus possibly disabling your operating system. (I have yet to see such a FP from HMP, after 3 years of use). I consider this option a "plus" feature for new users.
3) HMP now auto-updates to the latest version or build - but only when you open the program. This keeps control of software installed in your hands. At the same time, there is no need to manually uninstall old versions or builds, or download/install new versions.
Those are the major changes.
After 3 years of use I continue to use the free version as well because:
- It has caused no conflicts or grief with any of my other security programs in XP or Win 7
- Its on-demand scans remain fast: 2-5 minutes max (faster than MBAM or SAS Free)
- Its false positive detection rate remains low, and it removes/quarantines nothing automatically
- As an on-demand scanner, it consumes no resources or memory when not running.
- As a "cloud-based" scanner, there is no need to download new signature files.
- It comes with no unwanted bundled software or toolbars, or intrusive ads to update to the paid version.
I still can't think of any reason to not install it for an occasional second opinion. At the same time, I see no reason to purchase it (I cannot vouch for the paid version's ability to block or remove malware, and the malware-removal community has yet to embrace it).
As always, YMMV.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
April 20th, 2012 16:00
My understanding is that GDATA = Avast! + BitDefender ; in other words, GDATA's definition database includes BitDefender's --- so there's no need to explicitly list BitDefender after mentioning GData... except for the fact that the BitDefender "brand name" is more well-known and respected than GData's. See http://en.wikipedia.org/wiki/GDATA
Indeed, the Wikipedia article on HitMan Pro http://en.wikipedia.org/wiki/Hitman_Pro says that "Hitman Pro (version 3) uses [4 engines:] Dr Web, Emsisoft Anti-Malware, G Data AntiVirus, and IKARUS".
Of course, by what we've said about GData, we could equivalently write that "Hitman Pro (version 3) uses [5 engines:] Dr Web, Emsisoft Anti-Malware, Avast! AntiVirus, BitDefender, and IKARUS" --- and personally, I think this list of 5 (i.e., citing avast rather than Gdata) would receive even more favorable public recognition. [Perhaps the reason why HitMan Pro doesn't do so is that it has a license agreement directly with GData rather than with avast ???]
-----------------------------------------------------------------------
On a related theme, my understanding is that Emisoft Anti-Malware includes what used to be the Emisoft A2-FREE engine along with the Ikarus Anti-Virus Engine... see http://www.pcmag.com/article2/0,2817,2364196,00.asp , as well as Joe's 3-year old post http://en.community.dell.com/support-forums/virus-spyware/f/3522/p/19286290/19524250.aspx#19524250 --- both of which were very critical of A2-AM (at that time). [So does that mean HMP uses only 3 or 4 distinct engines?]
-----------------------------------------------------------------------
All this raises a key point: when multi-anti-virus engines are used, hoping to increase the likelihood that (at least) one will catch "the bad stuff", they simultaneously raise the likelihood that (at least) one will generate a false-positive result. I don't know how HMP handles/decides matters, when its 3 (or 4 or 5) engines disagree on a file's safety status. I am especially curious about Joe's comment above that HMP's "false positive detection rate remains low" vs. what he encountered 3-years ago with A2-AM, where "False Positives (FP) Detections... [are] its major problem, compared to competitors". Perhaps HMP has solved the F/P problem over the years??
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
April 20th, 2012 20:00
ky331 raises some valid points. I don't know exactly how many distinctly different engines are incorporated in HMP currently.
Whether it it is 3, 4 or 5 distinct different AV engines, the fact remains I have used HMP without problems for a number of years now. Like all my scanners, it has never detected much. Take this for what it is worth.
I would not place much value in any opinion I expressed 3 years ago about a-squared. I continue to use it (as Emsisoft Anti-malware), and can attest that it has a much more rapid on-denand scanner these days, with fewer FPs.
For what it's worth here are some on-demand quick-scan times with XP:
- HitmanPro Free Quick Scan: 00:39
- Emsisoft Anti-malware Free Quick Scan: 01:17
- SAS Free Quick Scan: 05:05
- MBAM Quick Scan: 11:52
Here are the same times using my Win 7 System:
- Emsisoft Anti-malware Free Quick Scan: 00:35
- HitmanPro Free Quick Scan: 00:51
- SAS Free Quick Scan: 01:30
- MBAM Quick Scan: 02:08
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
April 23rd, 2012 07:00
I just gave HMP a quick try.
They offer the user the option to run the scan, without actually saving the program on disk. Very nice for testing purposes. (Anyone who wants to keep and regularly use it should save it.)
It's "cute" the way it uploaded files "to the cloud" for testing.
The scan took 4 3/4 minutes, and (aside from 14 Tracking Cookies,) it found two "Suspicious Objects":
Autoback.exe (part of ERUNT's Registry Backup Program): "There are indications that this file is a threat. However, it can also be benign. Contains high amount of malware related properties. It is potentially malicious software."
Chrome_Updater.exe: "There are indications that this file is a threat. However, it can also be benign. The digital signature on this file is invalid." It further asserted "Program is altered or corrupted since it was code signed by its author".
It defaulted to ignoring these two items (and deleting the tracking cookies).
------
Joe, I know that you use ERUNT... did HMP question yours? [For those who don't use it, it's absolutely legitimate... and can be a life-saver at times!]
I'll have to investigate the Chrome Updater further... while the program itself should be legitimate, it's surprising to read that it's been altered/corrupted.
EDIT: Virus Total's 42 anti-virus engines deem the Chrome Updater file clean
https://www.virustotal.com/file/ceee39dd86d256cea63914433f0f5c97c04795f418fd42d125f00697de11e6ee/analysis/1335189387/
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
April 23rd, 2012 12:00
No, HMP does not detect Autoback.exe (or erunt.exe) as suspicious on my XP system.
I even right-clicked on Autoback.exe and scanned the file with HMP from the context menu, and it passed. Curious that it detected your copy. It is possible that it did detect this file at some point, and I told it to ignore it, I suppose. It would have been 2-3 years ago, and the History setting is inactive in the free version.
I can say that HMP has detected the odd obvious FP on occasion, but since the free version lacks removal/quarantine capability these have never proved problematic. I like that Failsafe option in a "2nd opinion" scanner.
Your longer scan time puzzled me, until I realized you scanned online. When I did so, it also took about 5 minutes, and I suspect it used the longer default scan. (This scan didn't detect anything from erunt either).
When you save the program, and run it from your disk, it offers 2 scans: the Default scan (recommended), which takes 2-3 minutes, and a Quick scan, which consistently takes well under one minute. As with all my on-demand scanners, I generally only run the Quick scan when all is well.
iroc9555
1K Posts
0
April 23rd, 2012 14:00
Ky331 may I ask where did you find that option ? I only found the instaler to run or save, or do I have to execute it and the option comes afterward ?
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
April 23rd, 2012 15:00
Hernan,
To clarify, you can either run or save the "installer". ("Run" places it in a temp file which will eventually be removed; "save" to the disk area of your choice)
Upon running (or saving/executing) the "installer", you will be given the options I cited above.
iroc9555
1K Posts
0
April 23rd, 2012 17:00
David.
Thank you.
The way I read it. I thought it was like an on-line scanners so I was a bit confused when I could not find anything related to it.