CrystalAEP: Anti-Exploit Protection tool

Crystal Anti-Exploit Protection is a first beta version. The program adds another layer of defense to the system that protects applications that it protects from a number of exploits that they may be vulnerable for. The anti-exploit functionality provided by CrystalAEP has been tested with all the leading browsers as well as a varied selection of media playing, word processing and email software. Presently the product only provides support for browser traffic filtering to Internet Explorer although in future editions it is planned that this support will be extended to Google Chrome, Firefox and Safari running on Windows.
CrystalAEP operates by running within every instance of a protected program (for example the web browser), performing checks at key points within the program’s life-time in an attempt to ensure that it is not under attack. CrystalAEP also alters the behaviour of protected programs to render them more difficult targets for malicious software seeking to be installed on a user’s system – if the vulnerable program malware is targeting is in an unknown and constantly changing state many traditional methods for exploiting flaws within the software are made significantly more difficult.

Malicious software is generally installed in one of two ways which CrystalAEP identifies. The first way involves a user receiving an attachment or a link to download a file which is malicious but is sent to the user under the guise of being something they might wish to see. If a user downloads the software, ignoring the warnings given by the browser or email client about the risks of opening files which are not expected or are not obtained from trusted sources, the software will be installed. It is generally impossible to protect against this type of user error without creating a system which is highly restrictive and removes a great deal of user freedom. Anti-virus will often block threats of this nature – recognising downloaded software as malicious and preventing it from running – however it can only do so if signatures are published for a specific threat.  This is where CrystalAEP helps
A second way in which malicious software is installed is through “drive-by download” style attacks. In attacks of this kind an unsuspecting user visits a website which triggers a security flaw within a piece of software the user has installed. Many flaws in completely legitimate software packages (for example the web browser, or word processing package) can permit a malicious website to force the installation of malicious software. These issues are altogether more sinister as even computer savvy users who would not download and run an obviously untrustworthy email attachment or file can be attacked through this method. Often when a computer user is surfing the Internet and then just discovers malware has been installed, a drive-by download is how it occurred. Again CrystalAEP helps us to protect.
We cannot consider CrystalAEP an replacement for antivirus program or other security software but can protect the system from exploits that target vulnerabilities that have not been fixed yet.

List of level and their use for CrystalAEP.

1. Minimum CrystalAEP – Provides only the basic protection, none of which should be invasive or disrupt delicate programs. This mode provides a backstop against some classes of threat and is surprisingly effective considering the limited features that it enables, but is not recommended for most programs as little is done to disrupt exploit attempts.
2. Moderate CrystalAEP – A good improvement on Minimum, this mode aims to provide a compromise between reliability and security, erring on the side of reliability. This mode is recommended for applications which do not cope well with the High mode of protection, but is otherwise not recommended.
3. High CrystalAEP – Provides an equal balance between reliability and security. Most of the particularly effective anti-exploit techniques are enabled when using this mode. This is the recommended mode for most users.
4. Maximum CrystalAEP – This mode provides the highest level of protection which Crystal affords, enabling nearly all of the protection features the product can offer. Occasionally Maximum protection provides too locked-down an environment for flexible programs to operate under, and is therefore not recommended above High for most users. Maximum can be enabled for systems for which security is absolutely paramount above software reliability.

Download CrystalAEP:

CrystalAEP V1.0 – crystal_aep_installer_1_0.exe – http://www.crystalaep.com/crystal_aep_installer_1_0.exe