While almost all major security products implement a variety of techniques to protect against unknown malware, so called “zero day” attacks have been especially successful in penetrating most security utilities. Most of us have security software that is frequently updated with the latest collections of the digital signatures that have been detected and analyzed by the security companies; these frequent updates, which we often see taking place, give us a sense of security that our protective software is busily at work protecting us from all of the evils that can threaten our computing safety. While we may be incrementally more secure with each of the frequent updates, we are typically vulnerable to the very latest threats prowling the net for victims.
A traditional analogy about security software updates is to our daily newspaper; today’s newspaper in the driveway is actually yesterday’s news; likewise today’s security update may include malware discovered yesterday, but will not likely include new malware that just started circulating. These security updates are more often “reactive” and generally not “proactive.” Published tests on the updates of the major security software indicate that it may often be hours, if not days, before newly detected malware is analyzed and countered, and updates are pushed to the user. An update just received may be for threats discovered several hours ago, leaving us little or no protection for new threats that appeared since the previous threats were detected.
Another type of threat that we are often vulnerable to is the “zero day” threat. According to Wikipedia, “A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on ‘day zero’ of awareness of the vulnerability. ... Zero-day attacks occur during the vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop and publish a counter to that threat.” Since these threats are spread prior to detection and the implementation of protective measures, they can easily infect and compromise otherwise well protected computers. Many of the recent zero day threats are also designed and written to target weaknesses in specific brands of security software, thus rendering them helpless in stopping these attacks.
When malware infects an otherwise protected computer, it often neutralizes the installed security software, opening the computer to a coordinated follow-up attack. It is well documented that some of the better malware authors make enormous profits selling access to the computers that they have compromised, allowing identity thieves and other cyber crooks roaming access (for a fee) of the purloined machine. The victim is typically unaware, as their trusted security software gives no indication of the attack (it is often effectively dead, in terms of protection), but to the user, still appears to be alive and well, even looking like it is still completing its periodic updates. If the user performs either a scheduled or manual security scan using the unknowingly deactivated security software, the malware infection will not be detected. This is precisely why it is often vital to perform frequent security scans with unrelated third party security software.
In recent months, a new breed of third-party security scanner and malware removal utility has started to become popular. These new security products, generally free, are using cloud based technologies to perform fast and effective security scans. Being cloud based (on powerful Internet servers) allows these scanners to include in their databases a much larger number of potential threats than the databases typically included on PC based security systems. The threat data in the cloud is continuously updated, minimizing the threat gaps common in the PC based systems. Two of the free, cloud based scanners that I recently experimented with and found effective were Comodo Cloud Scanner and Panda Cloud Cleaner.
Comodo Cloud Scanner (www.comodo.com ) was extremely fast. In addition to effectively scanning and removing viruses, worms, trojans, and other malware, Comodo can also detect junk files, suspicious items in the registry, and hidden processes that may be running on your computer, a possible indicator of an active malware infection. This utility can also detect and alert the user of privacy issues and threats, and can identify traces of private information on the hard drive that may possibly be waiting for retrieval by a cyber crook. Combining the power and features of two of Comodo’s popular desktop utilities, Comodo Internet Security and Comodo System Utilities, Cloud Scanner connects to Comodo’s servers to run the scan, rather than consuming the processing power of the PC, allowing it to run much faster. Comodo Cloud Scanner will run on all 32bit and 64bit builds of Windows XP, Vista, Windows 7, Server 2003 and Server 2008. As with all of the other on-demand scanning utilities, this is not a substitute for a full-time security suite, but instead an adjunct utility to verify protection, and to detect any malware that may have penetrated the installed security software.
The other free online cloud scanner that I experimented with was Panda Cloud Cleaner (pandacloudcleaner.pandasecurity.com). According to its webpage, “Panda Cloud Cleaner is an advanced disinfector based on Collective Intelligence (scanning in the cloud) that detects malware that traditional security solutions cannot detect.” Once downloaded and installed, this utility has a very clean interface that requires no complicated configurations; simply clicking on the large “SCAN” button will start the process. As are most other cloud scanners, Panda Cloud Cleaner is very fast. In addition to scanning all types of files for malware, Panda also scans the registry for any additional indications of malware infection. Upon completion of the comprehensive cloud scan, Panda will present the user with a list of findings and threats that can be immediately neutralized. As with most of the other cloud scanners, Panda Cloud Cleaner is explicitly designed to coexist with the other security software installed on the computer, and will not interfere with it.
If a major malware infection is found by these cloud based utilities, it will be necessary to reinstall the original security software that was on the computer, as it had likely been compromised. Both Panda and Comodo cloud utilities can be installed and run alongside the existing security software without interference. Neither product offers continuous protection (there are other cloud based products that perform that task), and are strictly on demand scanners, only active when manually run by the user. The actual files on the hard drive are not uploaded to the cloud for analysis; only a digital signature of those files is sent, thus personal data is not sent to the cloud by these utilities. While both utilities offer excellent malware detection and removal, the Comodo Cloud Scanner product also performs other necessary maintenance tasks in addition to malware scanning.
It would be a wise “good practice” to install either (or both) of these free utilities and periodically verify the integrity of the computer’s security system by detecting any malware which may have penetrated the protective screen. If a material problem or threat is found, the user can then take appropriate corrective action.