Ottawa PC Users' Group, Inc.
|While VirusTotal.com is an
excellent tool for checking a single file, it
cant be used to scan all files on your
computer. Wouldnt it be great if there was
a service that could efficiently scan all files
on your computer using multiple anti-malware
herdProtect from Reason Software is a free anti-malware service that does exactly that. It can scan all the files on your computer using 68 different anti-malware engines. The big ones are represented; Avast!, AVG, BitDefender, eSet, McAfee, Microsoft, Panda, Sophos, Trend, etc. All 68 are listed at the herdProtect web site.
I wondered how it would be possible to scan all your files using multiple anti-malware engines in a reasonable time-frame. The typical means of scanning files is to download an anti-malware engine to your computer and run it against all your files. I couldnt imagine doing this 68 times.
herdProtect takes a hash of all the executable files on your computer and send the hashes to the herdProtect server where they are compared to the hashes of known files good and bad. If no match is made, the file in question is examined in more depth to find out how it behaves. If required, the actual file will then be sent to the herdProtect server to be checked against all 68 anti-malware engines.
Once the scan finishes, which on my computer took about an hour, you are presented with a list of files that were identified as bad. You can click any line to get information about which anti-malware engines found the file to be infected. There are buttons to delete the file or to get additional details. (Fig.2 a PUP)
I am happy to say that although the program flagged a few files on my computer, there was nothing I was overly worried about. I had two flagged as Adware/PUPs PUP being Potentially Unwanted Program. True enough for my copy of Remote Administrator if I had not installed it, a remote control program would certainly be of concern. The other was a DLL associated with PopCap Games. I play games at Pogo.com and some of them are PopCap Games. If I want to play them, I will have the DLL on my computer. The lesson here is to not rush and assume everything identified by herdProtect should be wiped from your computer!
I also had 9 files on my computer flagged as Inconclusive. In each case only a single anti-malware engine identified the file as a problem. This, and given that the files all came from trustworthy sources and had been on my computer for some time, were pretty certain signs that they were false positives. While herdProtect has some built-in smarts for detecting many false positives, it seems to have missed on these 9.
Fig.2 a PUP
|You will almost certainly
run into cases where the scan reports xx
more currently scanning in the cloud. At
this point the client software has uploaded
copies of the files to the herdProtect servers
where they will be analysed by all 68
anti-malware engines. The next time you run a
scan, hopefully the files will have been
checked and you will then know if the files are
okay or not. I say hopefully because after weeks
of use, there were always some files still
scanning in the cloud.
I did run into a strange thing. As I mentioned, herdProtect identified 9 of my files as Inconclusive, an assessment that can result from very few of the anti-malware engines identifying a problem. Eight were part of the program DxO OpticsPro 10, a well-known program for editing digital photos. The 9th was the Camera Window program distributed with just about every Canon camera on the market. For all 9, only a single anti-malware engine identified the file as problematic. Yet for all 9, when I uploaded them to VirusTotal.com, they were given a clean bill-of-health including by the exact same engines that had declared them as bad in herdProtect.
I have no idea what to make of this.
For the Remote Administrator program (identified by 24 engines in herdProtect as Adware/PUP) and the PopCap DLL (identified by 15 engines in herdProtect as Adware/PUP), the results were more reassuring. There was only a single instance where an anti-malware engine in herdProtect identified the file as bad and the corresponding engine in VirsuTotal.com disagreed.
herdProtects web site mentions Protection Platform which is coming soon and will Scan and remove malware with real-time protection. To me, that is when things could get very interesting. If you could do away with your single-vendor anti-malware program and have every new program that arrives at your computer checked in real time against 68 anti-malware engines, before they get a chance to infect your computer wow!
I can think of at least one instance where Protection Platform might be problematic. herdProtect depends on an active connection to the herdProtect servers. What if they are down or unreachable for any reason? Is all your anti-malware protection gone? Only time and the release of Protection Platform will tell.
is developed by Andrew Newman, who was the co-founder and
chief software architect for GIANT Company Software,
makers of one of the most respected anti-spyware programs
on the market in its time. In fact, Microsoft bought the
company and used it as the basis for Windows Defender
(which became Microsoft Security Essentials, and with
Windows 8, Windows Defender again.) Newman plans on
keeping all versions of herdProtect free. The program
itself is ad-free. The web site has a few ads and they
accept donations via PayPal.
I think herdProtect is very valuable as a second line of anti-malware defence on top of your currently installed anti-malware. It is available as a regular installable program as well as a portable app not requiring installation.
Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON K2G 1S6
opinions expressed in these reviews do not necessarily
represent the views of the OPCUG or its members.
Send comments or suggestions to the .