So here’s the question.
If 52 percent of the nearly 40,000 samples of new viruses, worms, Trojans and other types of Internet threats identified every day, only last 24 hours, how do security applications that rely on a definition database to identify malware files (most anti-malware applications), keep up with this onslaught?
The simple answer is; they don’t.
The relentless evolution of these increasingly more powerful, and destructive attacks, against computer systems, has disclosed a gaping hole; a vulnerability to zero-day threats in many users’ Internet security defenses.
Zero-day threats are those that are defined as malware that has been written and distributed to take advantage of system vulnerabilities, before security developers can create, and release, counter measures.
So where does this leave you?
Without tools that will identify and eliminate these malware threats, you run the risk of infection by these constantly evolving zero day security risks to our computers, and operating systems.
One such free, powerful tool, reviewed here previously, is ThreatFire from PC Tools – the developers of the highly regarded PC Tools Internet Security 2010, which blocks malware (including zero-day threats) by analyzing program behavior (if it looks like a crook, and acts like a crook, it’s probably a crook), instead of relying only on a signature based database.
ThreatFire works together with your signature based security applications, to increase the effectiveness of your total security arsenal.
When ThreatFire detects a behavior based threat, it goes into analysis overdrive by comparing the threat against its signature database; those threats that are recognized by the database are quarantined immediately.
Unrecognized threats, or unrecognized behaviors, are assigned a calculated risk level (set by the user), at which point the user has the option of confirming, or blocking, the action.
A good example of the effectiveness of this application was made clear to me, recently, while I was checking all of the ports on my home Windows machine. ThreatFire immediately advised me that the Port Checker was attempting to send email from port 25.
Of course it actually wasn’t, it was simply opening it for testing purposes. But if this port was being opened, and was being used by malware, ThreatFire would have identified this danger by its behavior, and given me the necessary warning.
The following chart gives a good indication of how ThreatFire can supplement your existing security applications. (Chart courtesy of ThreatFire)
Fast facts:
Persistent zero-day threat protection made easy for every one – even novice users!
Displays detailed data on all running processes and allows you to terminate any process on demand.
Malware quarantine and removal, rootkit scanner, advanced custom rules settings and more!
Patent-pending ActiveDefense technology intelligently scans and analyzes computer processes to detect and block any malicious activity – without false positives!
Runs in background without impacting system performance.
Highest level of out-of-the-box accuracy. No need to configure baffling, technical security settings: just turn ThreatFire on and start blocking malware.
Perpetually ready for the next malware outbreak – detects malware by watching for malicious behaviors.
Enhanced user interface elements provide more technical details on alerts and interactive reports in ThreatFire’s main control panel.
Automatic updates run silently in the background so ThreatFire is always up-to-date.
Protects against viruses, worms, Trojans, spyware, keyloggers, buffer overflows, and rootkits – even if the threats are brand new and have never been seen before.
Works alongside your other security programs – in most cases you can use ThreatFire with your other antivirus, anti-spyware, firewall or other security programs.
If you read “An Anti-malware Test – Common Sense Wins”, on this site, you’ll note that during this one year test, ThreatFire was a primary security component on the test machine. In fact, each of my home machines is protected against infection by ThreatFire.
I highly recommend ThreatFire as a critical component in your overall Internet security toolbox.
System Requirements: Windows 7 32-bit and 64-bit, Windows Vista 64-bit, Vista 32-bit, Windows XP SP1, SP2 or SP3 (Home, Pro & Media Center Editions), Windows 2003, Windows 2008.
Download at: ThreatFire
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.