Crystal Anti-Exploit Protection exposes malware tricks

Most antivirus programs focus on identifying malicious files and preventing them from reaching (or executing on) your PC, which works to an extent, but will fail if you run into brand new malware that hasn’t been discovered yet.

Crystal Anti-Exploit Protection (CAEP) is a new security tool that tries to protect you in a very different way. There’s no scanning here, no signatures, no virus database: instead the program uses its understanding of common malware tricks to try and prevent anything nasty from infecting your system in the first place.

Drive-by downloads may often result in code being executed from unusual locations, for instance. And so CAEP can block programs from running in the temporary folder, your Downloads folder or other unlikely places. You’ll be alerted if this happens, and if you don’t give your permission then the file won’t run and you could avoid infection.

A Connection Monitor can examine your incoming and outgoing network connections, applying a variety of filters to decide whether they should be permitted or denied.

The Memory Monitor uses a range of protections to reduce the number of possible exploits (memory allocation sizes are varied, process DEP is enabled, heap memory is cleared, and more).

And a more standard COM/ActiveX Monitor can filter ActiveX components on a per application basis, either via black or white listing.

The first problem with all this is that, as you’ve probably realised, it’s quite a technical program. You don’t have to understand every single detail – run CAEP and it just works – but to get the most from the system you’ll need a considerable amount of low-level Windows knowledge.

A significant weakness at the moment is that CAEP can monitor 32-bit programs only (although it runs happily on both 32 and 64-bit versions of Windows).

Another problem is that every time we launch Outlook 2010, we’re asked whether we really want a couple of tools to be executed (they’re launched by an addon). It’s only two clicks and then business as usual, but this is still annoying: once you’ve given your permission then the program should be able to remember that decision next time.

And if you try the program yourself, be very careful where you install it. Anything which works at as low a level as CAEP has great scope for breaking any Windows installation, so don’t run the program anywhere unless you’ve a full and up-to-date backup available.

All this aside, though, Crystal Anti-Exploit Protection remains an interesting tool, a free and very configurable HIPS which can add a welcome extra layer of security to any PC. If you’re an experienced user with the time to investigate it properly (including tweaking the settings sufficiently to avoid unnecessary alerts) then the program could be a very useful addition to your PC, and an excellent manual (Help > Users Guide) will explain everything you need to know.

Photo Credit:  Vladimir Mucibabic/Shutterstock

One Response to Crystal Anti-Exploit Protection exposes malware tricks

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.