Tuesday, September 19, 2017

AppCheck Free

Developed by the Korean security company CheckMAL, AppCheck is a comprehensive and easy-to-use anti-ransomware tool for Windows.

AppCheck offers three layers of protection. The first is a real-time detection system which monitors processes for ransomware-like behaviour, and blocks anything suspect. This doesn't use signatures, so in theory should catch even brand new and undiscovered threats.

It takes time for any anti-ransomware tool to realize you're under attack, and that means some of your files may already be encrypted. AppCheck's Ransomware Guard deals with this by tracking changes made to vulnerable files, allowing them to be recovered later.

The third layer of protection, Ransom Shelter, can back up important files in real-time as they're being modified. That requires a little extra disk space, but not as much as you might think. Most of your important files – JPGs, MP3s, videos and so on – are saved or overwritten, but then never get modified.

All these features are free for personal use. Upgrading to AppCheck Pro adds MBR (Master Boot Record) and GPT (GUID Partition Table) protection, automated malware removal, and an extra backup function to regularly save your most important data.

AppCheck's free build will probably be enough for experienced home users, but if you need its extra features, AppCheck Pro is relatively cheap. Prices start at $11 (£8.80) for the first year of a one PC, one-year subscription, and paying just $54 (£43) covers five PCs for two years.

Setup

AppCheck is a very lightweight package, taking under 15MB of space on our test PC. From what we could tell it uses a maximum of two background processes. The main AppCheck Windows service normally uses around 5MB RAM, while the interface grabs 5-10MB.

Browsing the AppCheck program files revealed no issues. Everything was well organized, the files were correctly digitally signed, there was no apparent reliance on third-party products.

We tested AppCheck's vulnerability to attacks, which might allow ransomware to disable the program. Attempts to delete AppCheck's files, change its registry settings or close its process in Task Manager were blocked with an 'Access Denied' message, and didn't affect performance.

In regular use AppCheck was very well-behaved. It didn't interfere with our antivirus, or trigger any false alarms. Mostly it was just another icon in our system tray, and we could forget it was there. The only activity we noticed was an occasional alert to tell us about a program update, but even that didn't force us to do anything. If it was inconvenient we could just close the message and carry on with whatever we were doing.

Performance

Measuring the performance of anti-ransomware apps is a challenge, especially in a single review. The tools normally sell themselves on the claim that they can detect brand new and undiscovered ransomware, but we can't assess this until we have samples of the threats.

What we can do is test the product against a known ransomware strain, just to confirm it works as expected. We pitted AppCheck against a recent sample of Cerber, and the program correctly detected the threat, blocked the offending process and recovered our files.

Unfortunately, our test virtual machine was still seriously affected, locking up and refusing to boot properly next time. This might reflect an issue with AppCheck, but it could also be something to do with our setup, so we're not going to count it as a major point against the program.

Next, we turned to a couple of test programs which simulate ransomware activity, but in a controlled way: KnowBe4's RanSim, and RanTest, a custom tool of our own.

RanSim runs 10 tests covering different types of ransomware behaviour, and AppCheck blocked nine on our Windows system. It runs two further tests which it says should be allowed, but AppCheck blocked one. Not quite perfect, then, but enough to show that AppCheck was providing very real extra protection for our PC.

One problem with using RanSim is that it's a very well-known simulator, and it's possible that anti-ransomware developers may have tweaked their products to pass its tests. To counter this we developed RanTest, a simple ransomware-like program that no security product in the world will ever have seen before. Would it be able to bypass AppCheck's defenses?

Well, no. We launched RanTest and AppCheck killed it in a fraction of a second, after it had destroyed only 20 files, and every one of those was recovered immediately.

The free version of AppCheck doesn't remove malware files, but has a few tools which might help. A log showed us the name of the file responsible for the attack, we could open its folder in a couple of clicks, and investigate the file further.

RanSim and RanTest make no attempt to hide what they're doing, so AppCheck's success here doesn't guarantee protection against stealthier malware. But again, this demonstrates that AppCheck detects even brand new threats, and ensured we didn't lose a single file.

Final verdict

AppCheck is lightweight, easy-to-use, and blocked known and brand new threats during testing. It didn't fully recover our system after one attack, but this was easy to fix manually, and overall AppCheck is well worth a try.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive