Review: Immunet Protectby Steve Ragan - Aug 25 2009, 18:00
The Tech Herald takes a close look at Immunet Protect. (Img: Immunet)
Immunet Protect is a free cloud-based security solution that uses the power of community to layer its protections. The software is meant to complement existing security if it is in place, or according to the company, can be run alone on a system. The Tech Herald downloaded a copy to give it a spin. With the testing complete, here are our results.
It should be noted that I recently wrote an editorial feature on Immunet that discussed the claims made by Oliver Friedrichs, Immunet Founder, and CEO. The claims center on a quote from Friedrichs that says, “Immunet’s Collective Immunity is the first to combine Community-based protection, Cloud Computing and Collective Intelligence to protect you better.” You can read that editorial here if you wish.
This review is not a companion piece to that editorial. I stand behind my claims and examples that several companies use cloud or community-based defense and that Immunet is not the first to offer such technology.
The purpose of this review is to offer a look into the protections afforded by Immunet Protect as a layer of security on a computer. So with that said upfront, Immunet Protect does everything that it claims to do. We had no problems during our tests and found it both easy to use, and small enough that it didn’t hamper system performance when paired with a full featured security product.
Immunet Protect works in the cloud, and harnesses the collective power of its users to mitigate new and existing threats. While it can act on its own, the software is actually better off being used as an additional layer of security. In our review, we paired Immunet Protect with AVG Internet Security 8.5. AVG was selected, as they are one of the vendors listed as a suggested product. In addition to AVG, Immunet also recommends McAfee and Symantec products on their website.
As it stands now, Immunet Protect is a beta product. To use the full weight of the community options, you will need to register for an account and wait for it to be activated. According to an email from Immunet, they are “making the product available in batches” and new users are activated each week. However, while this is a setback, as you cannot instantly use the community benefits, it does not affect the level of cloud-based and community-based protections that Immunet Protect offers by design.
Installing Immunet Protect
For this review Immunet Protect was installed on a Windows XP SP 3 system, with 1024MB of RAM, using an Intel Pentium D 3.4GHz CPU (Dual Core) processor. The installation of XP used Internet Explorer 8, and included all relevant software updates. The main anti-Virus engine comes from AVG, and includes all of the features listed in AVG Internet Security 8.5.
Installing Immunet Protect took no time at all. The program needs only 8 MB of space on the system, and installed in under two minutes. Once the installation was complete, you are prompted to run a Flash Scan, which scans start-up processes and registry keys for threats. This scan took exactly 1 minute 7 seconds to complete.
After this process is complete, that’s it. You’re ready to use Immunet Protect and taking advantage of the community-based cloud protection.
Using Immunet Protect
Usability wise, Immunet Protect offers a sleek interface with simple navigation. The main area to focus on is the Summary page. This is where you can see if Cloud Protection is active, as it is clearly marked with the symbols below. In addition, you can see the number of people connected to the cloud, as well as the number of threats that Immunet Protect is presently defending the system from.
To the left on the Summary screen is the number of clean programs installed within the last two weeks. This will show both the clean and malicious ones. This related to the History tab, where an overview of scans and threat detections from a set timeframe are displayed with detailed information.
The Scan tab is where on-demand scans are launched, as well as where you can enable or disable the ability to scan running or loadpoint processes. On demand scans during testing would complete in under a minute on average, but never went past one-minute seven seconds.
System Scan (Immunet Protect)
Scan 1 - 00:01:07
Scan 2 - 00:00:54
Scan 3 - 00:01:00
Scan 4 - 00:00:57
Scan 5 - 00:00:54
Average Scan Time: 00:58.4
[Note: One scan performed during testing of Malicious URLs lasted 2 minutes 4 seconds. However, this scan was not a part of the scan time trials and thus not counted here. It is noted because the scan took twice as long as the average.]
The settings tab allows for some extra control over the software. Here you can select the application settings, which include options for detection and notification. By default, Immunet Protect will not check applications as they start, and verbose notifications from the system tray are disabled as well.
We loaded 400 Malware samples on to the test system and scanned the folder first with AVG Internet Security 8.5 to see how much Malware was detected. What wasn’t flagged by AVG would be activated so that Immunet Protect could be tested.
What was interesting during this test was that Immunet Protect was flagging samples at the same time as AVG. Another interesting aspect to the test was that when Immunet Protect flagged the Bagle Worm for example, it reported that AVG had installed the Worm itself.
[Note: The report that AVG installed the Bagle Worm isn’t a false positive. Immunet Protect reported this correctly, because AVG did access the Worm and execute it while scanning. AVG triggered the Worm just as it was going to remove it, and once it launched, Immunet Protect recognized the threat and acted.]
When it came to the missed samples, which we will cover in a separate review, Immunet Protect did not detect them, until the “Monitor Application Start” was enabled. Once this was enabled, any Malware sample executed was blocked. However, it should be noted that when AVG was active, most samples were blocked by it before Immunet Protect had a chance to act.
We ran detection tests with Immunet Protect working with AVG and without AVG. As promised, the better performance came when Immunet Protect was used as a layer of protection, coupled with AVG. Yet, it didn’t do that bad on its own. The Worms and Trojans tossed at it were flagged and blocked with no problems to speak of.
Malicious URL Detection
Testing the coverage offered by Immunet Protect when visiting malicious domains was tricky with AVG’s LinkScanner and Web Shield running. Since it is supposed to run as an additional layer, the first round of domains were tested with Immunet Protect and AVG running together. The others were tested with both programs running, and with Immunet Protect by itself.
[Warning – as of 8/24/2009 the following domains were malicious and active, visit them at your own risk.]
AVG blocked the Banload Trojan served by this domain. This happened before Immunet Protect could act.
AVG blocked a Trojan named PHP/BackDoor.AH. This happened before Immunet Protect could act.
AVG blocked a Trojan named PSW.Generic7.VSQ. This happened before Immunet Protect could act.
This site hosts a Rogue anti-Virus application. At first the site was allowed to display warnings and fake alerts about infection, but when the application attempted to load, AVG blocked the installation. Removal required a reboot. Immunet Protect was inactive during the loading and processing of the site. As with previous URLs, AVG simply acted first.
When running alone, Immunet Protect allowed the “Total Security” Rogue anti-Virus to install completely. At no point did it attempt to block the installation of the application. Once installed, a scan was launched with Immunet Protect, to see if any processes were reported back as malicious. The scan lasted over 2 minutes and detected nothing.
On this site, Immunet Protect acted first. Once the page was loaded, the EXE file was presented for download and installation. Once the installation started, Immunet Protect flagged the Malware. Interestingly, AVG alerted us to the Malware just after Immunet Protect. Yet, when AVG went to remove the threat the file was missing. This is because Immunet Protect had already deleted it.
When tested alone, with no help from AVG, Immunet Protect blocked the Malware from this site.
Overall, Immunet Protect is a solid performer when it comes to the added layer of protection it offers. It has the advantage of using the experience of an entire community when dealing with threats, and since it is free, many will take advantage of all it has to offer.
While it performed fine on its own, Immunet Protect should really be used in conjunction with another rounded security offering. While we used AVG in our testing, there is no reason McAfee or Symantec wouldn’t work just as well.
As mentioned earlier in this review, the editorial on the promotional claims by Immunet as a company in no way reflect on Immunit Protect as a product. Immunet Protect performed exactly as expected, offered no system drain or false positives, and remained completely out of the way until it offered a notice about threat detection.
However, like any layer of defense, you must use Immunet Protect as recommended. While it will block a good deal of threats on its own, it is no replacement for a full fledged anti-Virus product.
Again, solid performance, rounded coverage and protection, and a total cost of zero, makes Immunet Protect worth using as a secondary layer of computer defense.comments powered by Disqus