So here’s the question.
If 52 percent of the nearly 40,000 samples of new viruses, worms, Trojans and other types of Internet threats identified every day, only last 24 hours, how do security applications that rely on a definition database to identify malware files (most anti-malware applications), keep up with this onslaught?
The simple answer is; they don’t.
The relentless evolution of these increasingly more powerful, and destructive attacks, against computer systems, has disclosed a gaping hole; a vulnerability to zero-day threats in many users’ Internet security defenses.
Zero-day threats are those that are defined as malware that has been written and distributed to take advantage of system vulnerabilities, before security developers can create, and release, counter measures.
So where does this leave you and me?
Without tools that will identify and eliminate these malware threats, we (you and I), run the risk of infection by these constantly evolving zero day security risks to our computers, and operating systems.
One such free, powerful tool, reviewed here previously, is ThreatFire from PC Tools – the developers of the highly regarded PC Tools Internet Security 2010, which blocks malware (including zero-day threats) by analyzing program behavior (heuristics), instead of relying only on a signature based database.
ThreatFire works together with your signature based security applications, to increase the effectiveness of your total security arsenal.
When ThreatFire detects a behavior based threat, it goes into analysis overdrive by comparing the threat against its signature database; those threats that are recognized by the database are quarantined immediately.
Unrecognized threats, or unrecognized behaviors, are assigned a calculated risk level (set by the user), at which point the user has the option of confirming, or blocking, the action.
A good example of the effectiveness of this application was made clear to me, recently, while I was checking all of the ports on my home Windows machine. ThreatFire immediately advised me that the Port Checker was attempting to send email from port 25.
Of course it actually wasn’t, it was simply opening it for testing purposes. But if this port was being opened, and was being used by malware, ThreatFire would have identified this danger by its behavior, and given me the necessary warning.
The following chart gives a good indication of how ThreatFire can supplement your existing security applications. (Chart courtesy of ThreatFire)
Immediately Effective with No Complicated Set Up
Proactive Defense against Both Known and Unknown Threats
PC Tools AntiVirus Included for On-demand Scanning
Quarantine and Permanently Remove Threats from Your System
Rootkit Scanner Seeks Out Deeply Hidden Files, Objects and Registry Keys
View Detailed Process Information on All Running Processes
Complementary to Your Existing Antivirus Software
Advanced Custom Configuration Options and Rules Settings
Virtually No Impact on System Performance
More Technical Details Provided on Alerts
Continually Improving Protection Technology
Free email and web-based technical support
If you read “An Anti-malware Test – Common Sense Wins”, on this site, you’ll note that during this one year test, ThreatFire was a primary security component on the test machine. In fact, each of my home machines is protected against infection by ThreatFire.
I highly recommend ThreatFire as a critical component in your overall Internet security toolbox.
System Requirements: Windows 7 32-bit and 64-bit, Windows Vista 64-bit, Vista 32-bit, Windows XP SP1, SP2 or SP3 (Home, Pro & Media Center Editions), Windows 2003, Windows 2008.
Download at: ThreatFire
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.