It used to be so simple. To secure your PC, you simply shelled out 30 or 40 notes for an internet security suite, it checked your system's files against a database of known malware, and then removed any that matched up. Safe.
Actually, it was never that straightforward. Take a quick glance through PC Advisor's reviews of security products, and you'll see that even the best miss some things. In the world of the zero-day threat, that's not good enough.
Now, more than ever, the only 100 percent secure PC is one that's switched of - even taken offline, you run a risk every time you introduce a portable storage device to your computer.
What you and your PC need is a layered approach. Signature-based detection is merely the first gauntlet that incoming files should have to run. And the trick is to pile on the layers without slowing down your system.
Because of this, an interesting breed of product is starting to mature. These can be loosely termed 'cloud-based behavioural antimalware'. And you can expect them to proliferate.
Software tools with limited system footprints that are designed to run alongside mainstream internet security suites. They weed out malware by spotting dodgy behaviour, and share information about the nasty files they find with their userbases, further reducing the effort required to filter out digital filth.
I've recently seen new examples of this kind of product: behavioural antimalware from Symantec-owned Aussie security vendor PC Tools, and a behavioural scanner from Dutch firm SurfRight that exists to catch the nasties that make it past your security software.
PC Tools ThreatFire is an established, free product, now at version 4.5. Threatfire is behavioural antimalware, designed not to replace signature-based AV, but to supplement it - although PC Tools feels that it could work as a primary defence on resource-light systems such as netbooks.
Threatfire uses statistical analysis of the behaviour of software throughout its extensive userbase, as well as black- and whitelists. It then catches the up to 300 new threats PC Tools reports each day. As a consequence Threatfire is pretty light on its feet, and users should notice it only when a marginal potential threat is identified and a decision has to be made as to whether to proceed.
Threatfire tracks the behaviour of such threats, so it can rewind them and remove all traces. This is crucial in a world where most malware is exponential, seeding multiple threats as it goes. (Removing only the original, offending file rarely solves the underlying problem.)
SurfRight's Hitman Pro 3.5 is, on the face of it, not dissimilar. It too is behavioural antimalware. It too is cloud based, although it goes a step further than Threatfire, teaming up with G-Data, Prevx (another behavioural AV firm), Eset, Avira and A-Squared to share information and make more educated judgments on the threat posed by suspicious software. In addition it scans online forums to find out what malware people are talking about.
SurfRight describes Hitman as a 'second opinion scanner'. It's not intended to supplant signature-based antivirus, but to work alongside it, catching files that make it through your defences. It can be installed on a memory stick and run only when the user suspects something is wrong. Scans can be run on demand, but by default scans will happen every time a PC is booted, taking less than two minutes.
SurfRight told me that Hitman differs from Threatfire because its use of multiple AV databases means it requires far less user intervention. More importantly, SurfRight told PC Advisor: "Hitman Pro is not a behavioural blocker but a behavioural scanner. Our unique scanner is designed to reveal threats using behavioural analysis whereas ThreatFire’s behavioural analysis only works by actively monitoring the PC and block malware once it attempts a malicious task.
"Once the user gives an incorrect answer to a ThreatFire question, damage is done and ThreatFire cannot be used to get rid of infections because of that wrong decision. Getting rid of infections is not where behavioural blocking programs are built for, and PC Tools (the developer of ThreatFire) is advertising their Spyware Doctor software for that particular task. As far as we know, no one created a behavioural scanner before.
"Hitman Pro is designed to remove active threats from a PC, where the malware has slipped past by the existing security software."
True or not, there is one other, significant way in which the products differ: where Threatfire is totally free, Hitman Pro 3.5 is free only as a scanner. If it finds something nasty that your internet security software has missed, you have to pay to remove it. In fairness, you get 30 days of free malware removal before you have to shell out your £14, during which time Hitman Pro will overwrite any net nasties it finds. So if your existing security setup is robust, you may never need to pay for Hitman - and if you do, £14 will be a small price to pay.
(How come security vendors can give such products away for free? Well beyond the download data charges it costs them nothing, they get loads of new users, and the data about malware is invaluable.)
So should you be using one or both of these, or a similar product? Frankly, given that they're free, I can't see a good reason not to try them out. If there is a system impact, or you find you're getting too many false positives, you can always uninstall either or both of them.
You really can't have too many layers of protection, and you might even find that the additional protection means you can use free signature-based AV and spyware tools when next you come to internet security suite renewal time.