Ever since cloud became a buzzword many security companies started to make use of it in their products. This usually meant doing some of the scanning and verification remotely and not on the user computer.
While that has certain advantages, like an always up to date database and software, it also meant that users had to have an Internet connection at their disposal to make use of the feature. And some users did not like the privacy implications that went along with the move.
The new program herdProtect is a cloud-based scanner, which may keep some users from giving it a try. Unlike most other programs that rely on a single engine to test against malware, herdProtect uses 68 of them.
The engines are not listed as text on the website of the project unfortunately, but you may be able to identify some by looking at company logos placed on it. Among them are many heavyweights such as Kaspersky, Bitdefender, Avg, Eset, or Avira to name a few.
The current installment of herdProtect scans the PC for objects in critical locations, e.g. running processes but also desktop files, and scans those in the cloud.
While there is no confirmation of this on the project website, it appears that it is using a signature-based approach for that. This means that it generates a hash of each file and checks it against the project database hosted in the cloud. A found hash means that an identical file has already be scanned and the result is transferred back to the user PC.
If a file hash is not found, it needs to be uploaded to be scanned remotely.
The scan itself should not take longer than a couple of minutes. In the end, a scan result page is displayed listing all files that at least one of the supported engines marked as malicious or problematic.
The results are sorted into different groups like adware or inconclusive detection. In those groups, the files with the most hits are always displayed from top to bottom.
You can click on any result to display the engines that identified the file as malicious or problematic. The program itself displays a suggestion as to what you should do with the program, for instance to remove it if it is not needed on the PC.
A click on view opens the Windows Explorer folder of the file while details the results page on the heardProtect website. Here you find additional file details, the file's digital signature, its worldwide distribution, known variants, and other related information.
Note that all of the scan results are automatically moved to the cloud and from there to the company website where they are publicly accessible. There is no option to disable that, but the information that are posted there do not contain any identifiable information from what I can tell. The only possibility in this regard is that the file name may contain information.
The program does not offer any removal of its own at this point in time. That's a serious problem, considering that your resident anti-malware program may not even identify the detected files as such.
The company plans to release updates to the program which will improve it significantly. Plans are to integrate the removal of malware in the first quarter of 2014, and to add real-time protection of the system in the second quarter of the same year.
For now, it is an alternative to the popular Virustotal service and programs such as Virustotal Uploader.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.