Security Tool HijackThis Goes Open Source 101
wiredmikey writes "The popular free security tool HijackThis has been open sourced by its owner, Trend Micro. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems. Downloaded over 10 million times, HijackThis generates reports to help users analyze and fix an infected or problem computer. But the tool is not designed for novices – and doesn't actually determine what's good or bad. That's up to you, but it is a good way to keep an eye on things and possibly locate anomalies that may have been missed by other security products. Trend Micro warns that if you don't know what you're doing, it's probably not a good idea to make any changes to your computer settings and system files. Trend Micro acquired the tool from creator Merijn Bellekom in 2007, and has offered it for free ever since, but now is making the code available to the public. The code, originally written in Visual Basic, is now officially available at Sourceforge here."
Re:Free = no good (Score:5, Insightful)
More likely he says that free stuff without vendor support is no good, and for most businesses he is right.
Re:Java trapped (Score:4, Insightful)
You could always get a life, realize that operating systems are not the end all of existence, and use a Windows machine to scan the hard drive.
Many thanks to HijackThis's creator! (Score:4, Insightful)
I think the IT world collectively owes Merijn Bellekom some beers. Think about how many of us his tool has helped out over the years!
Re:Free = no good (Score:5, Insightful)
That is if you need to have accountability, such as selling or providing to a customer (this would be the latter - IT provides for its "customers" which are end users to them) but I think our developers use notepad++ for editing files more than any other program, so there are exceptions, and let's face it - if that tool breaks, there's always notepad. It is on our site license approved software download page even (for free and commercial tools we have a site license to download and self install), so it has passed through upper management and legal, but I'll admit the one there is an old GPL-2 licensed version - I don't know if it hasn't been updated because of legal concerns about GPL-3 or they just haven't gotten around to it, though (I know GPL-3 libraries are forbidden, but not sure about apps).
In the case of HijackThis you are responsible for your own accountability, since it doesn't remove anything unless you tell it to, and a good IT person will back up the registry before making any changes to it (and know what is and is not a legit program).
Re:Free = no good (Score:2, Insightful)
More likely he says that free stuff without vendor support is no good, and for most businesses he is right.
It's not just about Vendor support; it's also about Tool capabilities, Tool quality, and meeting a business need. Businesses don't want to spend a lot of time manuallg "cleaning up" after malware infections; they want to prevent them.
If the infection beats the protection, then the cleanup must be fast and fully automated, otherwise it's more efficient to re-image in this situation.
HJT is for home users and hackers not working on company time, who can afford to spend hours upon hours manually digging through a log and removing suspicious components, at risk of breaking the system further.
For day-to-day business use, HijackThis has nothing on Trend Micro OfficeScan, Malwarebytes Pro, PrevX Business, Webroot Secureanywhere Endpoint, eEye Blink, Defensewall/Parador, SuperAntiSpyware PRO, ESET, and plenty of others.
Real-time protection, automation/periodic scans, and central monitoring capabilities are a must for good endpoint security.
HJT has limited use cases. Symantec's product don't make the Top10 list.
Perhaps since they've open sourced HJT now, there will be more developers working on it, and its capabilities could improve -- for example, automatically identifying items that are suspicious, and automatically identifying items that are system critical, and verifying their integrity.
Re:Free = no good (Score:4, Insightful)
Does the hours upon hours someone spend re-installing and re-configuring their system after a re-image count?
The image is supposed to be taken after the install is fully configured with all the role-specific software.
What about the time spent reloading data from backups?
No data requiring backup is allowed to be on endpoints. Any documents should be in the user's profile which gets redirected to a place on the server.