CrowdInspect: second-opinion malware scanner with Virustotal integration
CrowdInspect is a free portable program for Microsoft Windows devices that enables you to give your system a thorough second opinion malware scan.
While you may have all the confidence in the world in resident security software, it may be a good security precaution to run second opinion scans regularly on machines just to confirm that confidence.
The reason for scanning the system with other security software is simple: no solution is perfect. What one product may detect, may be totally unknown to another.
There are numerous tools that you can use to run second opinion scans, for instance Malwarebytes 3.0, Dr. Web CureIt, or Microsoft Security Scanner.
CrowdInspect is an on-demand scanner for Windows. You can download the program from the developer website, and run it from any location on supported Windows machines.
The program displays an EULA on start, an an option to switch from the integrated Virustotal API key to a custom one. The main benefit doing so is that CrowdInspect displays only total scores and not individual scores if the built-in key is used.
The program lists all running processes on start, and begins to scan them right away. Each process is listed with its name, and a variety of useful information.
The four columns that begin right after process name and ID highlight code injection status, the Virustotal score, the Team Cymru malware hash registry result, and Web of Trust for remote connections.
These scores are color coded, and indicate right away if the file checked out fine, or if it requires further attention.
CrowdInspect checks the network status of each process as well, displays the type and state, and local and remote IP addresses.
The scans happen in real-time while CrowdInspect is up and running. If a new program is launched for instance, it is scanned by the program eventually.
You may pause the scanning at any time with a click on the pause button. You may also add or hide information from the interface. A click on full path replaces the file name with the full path and file name for instance.
Buttons are provided to kill selected processes or close network connections. You may right-click on processes instead to run the termination or close commands using the context menu.
A click on VT results opens score details and a link to the Virustotal website to look it up online. This is useful if at least one of the antivirus engines that Virustotal supports reports a hit.
CrowdInspect supports a history feature that you can switch to from the live view. History lists processes, scans and all of that sorted by date and time.
CrowdInspect is a handy second opinion scanner for Microsoft Windows that scans running processes and network connections using a variety of services. You may still need other software if hits are reported, as CrowdInspect does not offer much in terms of handling threats other than killing processes and cutting network connections.
Now You: Do you use second opinion scanners?
Surely a software with better privacy EULA…
What Rob refers to is probably this sentence:
“For each entry discovered and transmitted by You, the Software collects and transmits â€” and Company may retain and use â€” the full directory, file name, SHA256 hash, /create/ timestamp of the above; /last accessed/ timestamp; /last write/ timestamp; digital signature information, as well as your connection information.”
and that there is no way to opt out of this.
I assume any malware company that is engaged in trying to discover and analyze emerging threats has similar terms in its EULA. Here’s the relevant sentence from MalwareBytes:
I was going to suggest using the VirusTotal integration in Process Explorer, but the relevant section from their (Microsoft’s, go figure) EULA is even more vague than MalwareBytes’.
None of the above alternatives notify the user about code injection status (as far as I can tell) or include Web of Trust ratings.
They collect as much data about you as they can, so even if you used a PowerShell script or something to create hashes of all running processes and then upload them to VirusTotal, you still have the same privacy concerns with them.
So, as far as I can find, there doesn’t seem to be similar software with a better privacy EULA. If anyone knows of one, I’d be interested to hear about it.
Eddy, a most interesting comment. Even got to put a smile on my face when jumping from bad practices to worse, nicely detailed :)
How do you call it when you have to pay (be it with your privacy) to get protected?
Personally I use HitmanPro for second opinion malware scans. Of course the developer knows a lot, what exactly I don’t know, is it shared? No idea.
I should have added that I’m not personally concerned about these privacy issues. I assume that most anti-malware companies offer free versions of their tools in part to collect data and respond to new malware. If no one were collecting data like this, we would almost certainly have far more malware problems.
I felt even more confident using CroudInspect after reading the EULA, and their blog at https://www.crowdstrike.com/blog/virustotal-lookups-are-back-in-crowdinspect-crowdstrikes-popular-free-tool/
deploy.akamaitechnologies Biggest virus of them all.
Windows, Firefox: ClamWin, FireClam – Hope this addon stays.
Linux, Firefox: Clam Tk, FireClam, (for eg, videos, music, ebooks downloaded from web sites – for mainly Windows viruses, yes, still good insurance).
If the addon does go, in Windows, Clam Win is Open Source standalone scanner.