Not online yet, but here’s something extensive…potentially great and potentially confusing. All-in-all, good.
So, what is it? It’s a scanner you download. It then takes a snapshot of all the active files in use, and those with the ability to automatically execute by means of an auto-start procedure (like an extension, task, etc.). This report is (supposed) to be stripped of any identifiers and is sent to Project herdProtect for analysis.
At that point 68 (yep, sixty eight) scanners are put to work on it. Then,
“For known infections, these are then re-categorized based on the number of detections by each of the scanners and reported back to the user. All unknown files on the user's PC are then stripped of important metadata and sent to the herdProtect servers to be analyzed in real-time by each of these anti-malware scanners. Upon completion (which takes a few minutes), the reports are then sent back to the user and displayed in a final report.” http://www.herdprotect.com/downloads.aspx
Per herdProtect:
- herdProtect does not install or bundle any additional software, this of course includes malware, adware or toolbars (of course we don't but just want to make this clear).
- The program does not in anyway interact with the contents of a user's PC even if those contents are found to be infected with or are malware, this is just a diagnostic scanner.
- We do our best to make sure we strip all possible personally identifiable information (PII) from a file's metadata.
- If a file comes back as unknown ,in some cases we might need to upload the file to be remotely scanned (please refer to the Terms of Service for exact details).
- All reports and other communication between a user's PC and herdProtect's servers are encrypted.
- herdProtect is 100% free with no strings attached. herdProtect is a public service and we will never sell you anything or ask for your email address, etc.
Here’s an example of such a report from the herdProtect website:
Well, it’s free, and is meant to serve as a “second line of defense” as herdProtect puts it.
So…which engines do they use? The list is here: http://www.herdprotect.com/engines.aspx
Pretty impressive.
So, what are the drawbacks?
False positives. These are perfectly harmless files/processes/active processes identified by one or more engine as being suspect. That will generally occur because of too broad a definition in one or more engine.
But, remember: The results depend on updated definitions in those engines so, not finding something might be a “False Negative”.
It also depends on what’s ‘active’ at the time of the snapshot (just like an MRI scan or blood test – they’re a picture at one moment of time only). Also, it isn’t looking at your backups, and it isn’t “Active Protection”. That’s why it’s a second or even third line of defense.
That’s where common sense comes into it. If an active process is identified as potentially harmful by one or two engines, I’d say probably a ‘meh’. If more, it’d require some research.
So the next question is “how often to do the scan?”. I’d answer, “that depends”. It would depend on how actively you receive files and how active you are when it comes to clicking on links, etc. If not very active, maybe once a week or two. If active, more often.
Anyway, it’s something to take a look at.
By the way, the ‘herd’ in herdProtect refers to the herd of 68 search engines.
By the way, here's my report:
Source:
http://www.ghacks.net/2013/12/17/herdprotect-promising-cloud-based-malware-scanner-windows/?_m=3n%2e0038%2e1099%2ehj0ao01hy5%2e14vj
http://www.herdprotect.com/index.aspx
http://www.herdprotect.com/downloads.aspx (also the download link for the scanner)