This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can you explain the failure in this test?

  • Hello Pickle,

    "Q3 2017"

    The document lists Surfright Hitmanpro.Alert which now is officially a part of Sophos. We have recently launched CIX 2.0 (should be GA by end of this month) which has considerable improvements. You can join the group - https://community.sophos.com/products/intercept/early-access-preview/

    Hitmanpro.Alert(which only houses prevention against ero day exploits and ransoware based on behavior) is compared against the products which have more layer of defenses hence the tests does not seem to be impartial. The entire suite of Sophos Endpoint Protection should have passed the test.  I am confident that the next tests by them using Sophos - should have positive results.

    I hope this answers your query.

    Thanks,

    Vikas

  • Looking at the failure of the test, your answer does not explain why it failed.  The failure occured during API Hooking of the IE browser to steal banking password data.  I thought that the whole "YOUR BROWSER IS PROTECTED" portion of the Hitman Pro Alert suite was designed to protect against just that kind of scenario.  If it does not then why even employ Hitman Pro Alert?  It's the same MRG EFFITAS that failed hitman pro alert at the latest banking certification as the one that is mentioned in your marketing...should you not change your marketing then to reflect the latest failure of the test?

     

    Based on your marketing:

     

    Preventing Program Exploits

    There are many helpful programs for any number of uses found on Windows PCs. Unfortunately, the programs could have vulnerabilities that provide backdoors for hackers to gain access to your system.

    HitmanPro.Alert adds an additional layer of security around vulnerable programs, watching for behavior that is malicious in nature. Infections are found and promptly removed. HitmanPro.Alert then replaces infected Windows resources with safe, original versions. This prevents these programs from being exploited and used against the user

    Keeping Your Privacy

    Just like certain programs, webcams, keyboards, and web browsers are also susceptible to hacking. Simple infection techniques could give hackers access to the passwords and credit card numbers you type, the web pages you visit, and anything that’s happening in front of your webcam.

    HitmanPro.Alert blocks unauthorized access to your webcam, keeping your private life private. It beefs up browser security and warns you if the browser has been compromised in anyway. It also encrypts your keystrokes, rendering keyloggers useless and keeping what you type safe. These advanced privacy features led MRG Effitas to award HitmanPro.Alert their Secure Online Banking certification.

     

    Details of the test:

    API hooking test
    (HTTPSendRequestW)
    Financial  malware  developers  always  find  new  ways  to  bypass  current  protection  technologies.  However,  the
    traditional way is to do so via the API hooking technique. This technique is a twostep process. First, the malware
    injects itself into the browser process, then hooks (redirects) the API calls, where the password can be found in a
    buffer passed to the function as a parameter. After a successful attack, the attacker can either extract passwords,
    session cookies, credit card/CVV numbers from the web sessions, or inject html forms into the web sessions (e.g.
    credit card number and CVC/CVV code), because the TLS encryption takes place after the API calls. The purpose
    of  testing  with  simulators  is  that  the  simulator is unknown to the security solution and thus it won’t detect the
    simulator using traditional AV methods, which are known to be bypassed easily. This test measures the protection capabilities against zero day threats.
    This test used inline hooking method to hook either the HTTPSendrequestW or the EncryptMessage Windows API calls. These calls contain cleartext data before TLS encryption.

     
  • So what of those members who purchased a 3 year lic of HMPA?!  Are we left in the dirt?   I don't want to use SOPHOS HOME it's soo freaking resource heavy it's not even funny.   I have bought HMPA to augment my ESET Internet Security setup and not invest all my eggs into a SOPHOS basket.   Just like in retirement and in stock market....for a cyber secure safety and security, one should diversify.  

     

     

    P.S.

     

    I don't expect any answer to this question since theese forums are being watched by Sophos staff as frequently as a begger on a street begging for change.