Heard of “herdProject”? MS Cloud Based Antimalware Scanner

By on December 19, 2013 10:16:55 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2162

 

Not online yet, but here’s something extensive…potentially great and potentially confusing. All-in-all, good.

So, what is it? It’s a scanner you download. It then takes a snapshot of all the active files in use, and those with the ability to automatically execute by means of an auto-start procedure (like an extension, task, etc.). This report is (supposed) to be stripped of any identifiers and is sent to Project herdProtect for analysis.

At that point 68 (yep, sixty eight) scanners are put to work on it. Then,

“For known infections, these are then re-categorized based on the number of detections by each of the scanners and reported back to the user. All unknown files on the user's PC are then stripped of important metadata and sent to the herdProtect servers to be analyzed in real-time by each of these anti-malware scanners. Upon completion (which takes a few minutes), the reports are then sent back to the user and displayed in a final report.” http://www.herdprotect.com/downloads.aspx

Per herdProtect:

  • herdProtect does not install or bundle any additional software, this of course includes malware, adware or toolbars (of course we don't but just want to make this clear).
  • The program does not in anyway interact with the contents of a user's PC even if those contents are found to be infected with or are malware, this is just a diagnostic scanner.
  • We do our best to make sure we strip all possible personally identifiable information (PII) from a file's metadata.
  • If a file comes back as unknown ,in some cases we might need to upload the file to be remotely scanned (please refer to the Terms of Service for exact details).
  • All reports and other communication between a user's PC and herdProtect's servers are encrypted.
  • herdProtect is 100% free with no strings attached. herdProtect is a public service and we will never sell you anything or ask for your email address, etc.

Here’s an example of such a report from the herdProtect website:

Well, it’s free, and is meant to serve as a “second line of defense” as herdProtect puts it.

So…which engines do they use? The list is here: http://www.herdprotect.com/engines.aspx

Pretty impressive.

So, what are the drawbacks?

False positives. These are perfectly harmless files/processes/active processes identified by one or more engine as being suspect. That will generally occur because of too broad a definition in one or more engine.

But, remember: The results depend on updated definitions in those engines so, not finding something might be a “False Negative”.

It also depends on what’s ‘active’ at the time of the snapshot (just like an MRI scan or blood test – they’re a picture at one moment of time only). Also, it isn’t looking at your backups, and it isn’t “Active Protection”. That’s why it’s a second or even third line of defense.

That’s where common sense comes into it. If an active process is identified as potentially harmful by one or two engines, I’d say probably a ‘meh’. If more, it’d require some research.

So the next question is “how often to do the scan?”. I’d answer, “that depends”. It would depend on how actively you receive files and how active you are when it comes to clicking on links, etc. If not very active, maybe once a week or two. If active, more often.

Anyway, it’s something to take a look at.

By the way, the ‘herd’ in herdProtect refers to the herd of 68 search engines.

By the way, here's my report:

Source:

http://www.ghacks.net/2013/12/17/herdprotect-promising-cloud-based-malware-scanner-windows/?_m=3n%2e0038%2e1099%2ehj0ao01hy5%2e14vj

http://www.herdprotect.com/index.aspx

http://www.herdprotect.com/downloads.aspx (also the download link for the scanner)

3 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
December 19, 2013 10:51:34 AM from WinCustomize Forums WinCustomize Forums

Thanks Doc! Running it now, hope it comes back clean!

 

It did, it did! Not one single sign of Malware!

Reason for Karma (Optional)
Successfully updated karma reason!
December 19, 2013 3:12:49 PM from WinCustomize Forums WinCustomize Forums

Looks promising! 

Reason for Karma (Optional)
Successfully updated karma reason!
December 19, 2013 9:10:29 PM from WinCustomize Forums WinCustomize Forums

 Clean bill of health here.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
Stardock Forums v1.0.0.0    #108432  walnut2   Server Load Time: 00:00:00.0000140   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.