[Stephanie Small]

PERIMETER SCAN Novel antivirus product works in the cloud By Ryan Russell I've been hearing about a new community-centric AV program that purports to use your social network to fight malware. The free version I looked at has some intriguing features, such as the ability to run along side other AV programs, but the community part seems something of a stretch. The full text of this column is posted at WindowsSecrets.com/2010/07/22/07 (paid content, opens in a new window/tab). Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

This post has been edited by Tony Johnston: 2010-08-30 15:19

[Fran Parker]

Hi Ryan,

This Immunet sounds very much like PrevX when they first started.

[Bob Primak]

First, let me note that in all my years of using Windows XP Pro on my old laptop, the only times I had to completely reinstall Windows were when I used Prevx CSI. The damned thing was not compatible with Zone Alarm Firewall, and killed Windows to the point where it could not even boot into Safe Mode. So much for on line scanners.

If Immunet is anything like Threatfire, it is not a Native 64-bit program. I worry that this means it cannot do as good a job of protecting 64-bit Windows as a true Native 64-bit security program.

As for a lack of rootkit scanning, I do not count this against a cloud-based AV product or service. Rootkits are best detected and removed when not connected to the Internet, due to their tendency to download additional malware when you are trying to remove them. And these infections often block your access to the AV vendors' web sites and servers anyway, so cloud-AV is not good for dealing with rootkits in any event. Threatfire does block many rootkits before they can become installed, and that is where it may offer a degree of protection not yet found in Immunet.

Overall, as a secondary AV product, I like the idea of Immunet. And for those who never remember to update their AV products, this type of service is certainly better than an out of date desktop AV product. Let's keep watching this product and see where it ends up.

[Fran Parker]

I stopped using PrevX when they moved to the PrevX CSI model but others have used the free version with no ill effects and many used ZoneAlarm Free too.

Still I am sure there are others who have had a problem with it. It was getting too hoggy for me. But you are right, it does great with prevention on rootkit installation.

I like the idea of Immunet too. Certainly bears watching for sure. Great idea.

[Ryan Russell]

I didn't know anything about PrevX, I'll look it over, thanks.

It's worth noting that Zone Alarm is NOT on Immunet's compatible list, and has had problems at least in the past. Here's the Google cache of the KB article, I can't get the page to load at the moment:
http://webcache.goog...n&ct=clnk&gl=us

I did not look into what Immunet does with 32/64-bit drivers. In fact, I didn't look into how it hooks and scans at all. If there's interest, I can follow up on that.

At lot of malware will kill AV programs. If I had to guess, I'd say Immunet probably is enjoying a little obscurity right now, compared to other AV products. In terms of malware spotting it and shutting it down, anyway.

[mblankenship]

Ryan asked for feedback - hope this is the right place: after reading about Immunet, I installed it & ran a full scan = no threats. The next morning it had found 2 "threats", both in an external drive used only for backups. One was in Display Fusion setup files (which I have used for about a year) & the other was from a recently downloaded program Free Studio/DVD VideoSoft. I am assuming these are false positives ... but how do I know for sure? I use MS Security Essentials as my main AV. I run Win7 64 bit OS.

[Ryan Russell]

Hey mblankenship, yes, this is where I was looking for feedback, thanks!

My favorite tactic to measure malware (shot of actually disassembling it myself) is to submit to virustotal.com and see what all the AV programs have to say about it.