SafeGroup

Całkiem niedawno objawił się w sieci program nazwie Crystal Anti-Exploit Protectioni został stworzony jako pierwsza linia obrony przed atakami/infekcjami wykorzystującymi luki w oprogramowaniu - szczególnie chodzi o ataki "drive-by download" . Tak o programie i ogólnie o jego możliwościach mówi producent

Cytat: CrystalAEP is designed to provide frontline protection against Internet-borne threats such as viruses and malware. Unlike the typical anti-virus program, Crystal does not attempt to recognise threats based on signatures, and does not require constant updating to protect against the latest threats. Crystal works instead by manipulating at-risk software while it runs to help form an environment which is hostile to Internet worms, malware and other types of malicious code.
(...)
As CrystalAEP does not require signatures to be effective, instead seeking to undermine the launch mechanisms employed by malicious code to install itself on a user''s system, Crystal can be effective against the most novel threats right from day one.

Cytat: CrystalAEP operates by running within every instance of a protected program (for example the web browser), performing checks at key points within the program''s life-time in an attempt to ensure that it is not under attack. Crystal also alters the behaviour of protected programs to render them more difficult targets for malicious software seeking to be installed on a user''s system - if the vulnerable program malware is targeting is in an unknown and constantly changing state many traditional methods for exploiting flaws within the software are made significantly more difficult.

The software is designed first and foremost to protect against so called "drive-by download" exploits, in which an unsuspecting user visits a website which attempts to trigger a software vulnerability within an application the user has legitimately installed to force the silent installation of malicious software. While CrystalAEP is effective in blocking attacks which originate without user interaction, Crystal is not able to prevent users from being tricked into consciously downloading and installing malicious software and therefore is best used in tandem with an anti-virus program by less experienced computer users.
(...)
CrystalAEP does not verify downloaded files or email attachments against a list of recognised viruses. Instead Crystal scuppers the ability of drive-by download attacks to succeed. It does this by altering the behaviour of the most at risk software programs (such as the email client and the web browser) to introduce checks at key points at which malicious software can be installed or observed in the first stages of execution, and preventing it preemptively from succeeding.

Program wygląda raczej surowo i prezentuje się jako zaawansowane narzędzie...posiada co prawda podstawowe ustawienia, ale już w ilości oferowanych zaawansowanych ustawień można się pogubić Smile

Poza tym nie da się ukryć, że bardzo łatwo w wyniku tego coś popsuć w działaniu aplikacji, które podlegają ochronie. Najogólniej mówiąc jest to narzędzie, które na Wildersach określono tak

Cytat: From the looks of the advanced options windows

1. EMET/Buffer Overflow guard like functionality
2. Monitors (allow/block) process creation (same process name spawning is often legitemate but is also used to hijack process credentials)
3. Blocks code execution from obvious drive by drop zones (temp, download, netshare,etc)
4. Whitelist/blacklist function for protected programs to allow execution of specified dll''s (e.g. only allow your browser to run flash and pdf)
5. Active-X and Content filtering for IE. Content filtering involves data formats which could have code in it like images and streaming media. The author has planned some more options (but I think he might a bit over ambitious in his goals).

All in all really interesting application

Poniżej kilka zrzutów z programu (okno główne, opcje podstawowe i zaawansowane, okno rejestrowanych zdarzeń, zużycie zasobów...jak widać program nie jest bardzo lekki - w stałe procesy tle i pond 30 MB zużycia RAM). Pierwszy ze zrzutów to tutorial, który uruchamia się zaraz po instalacji i wprowadza na kolejnych stronach w podstawowe funkcje i możliwości programu...bardziej szczegółowe informacje można znaleźć w pliku pomocy lub w obszernym przewodniku w postaci pliku PDF.

[Aby zobaczyć linki, zarejestruj się tutaj]

Istotna informacja znaleziona w pliku pomocy

Cytat: Which operating systems and products does Crystal support?
Crystal is designed to support Windows XP, Vista and 7, both 32-bit and 64-bit versions. Crystal AEP does not
protect 64-bit applications and will, on 64-bit Windows, protect only 32-bit processes.
(...)
Which web browsers does Crystal provide content filtering protection to?
Crystal only provides content filtering protection to Internet Explorer 6 – 9 (IE9 is the latest version at the
time of writing). Crystal provides anti-exploit protection to all web browsers, however the content filtering
protection method can only be applied to Internet Explorer at present.

If you do not use Internet Explorer it is still worthwhile using Crystal as content filtering is at present a
secondary feature of the product and is not relied on heavily to block malicious software.

Producent wspomina również o znanych konfliktach/problemach (wskazania FP) z oprogramowaniem AV:
- Panda Cloud AV
- AVG (free i płatne)
- Avast Free

Cytaty pochodzą ze strony producenta

[Aby zobaczyć linki, zarejestruj się tutaj]

oraz z wątku o Crystal AEP na Wildersach

[Aby zobaczyć linki, zarejestruj się tutaj]

ichito