Workspace-Scanner

toggle-button
The various features that I'm looking forward to in a second opinion scanner are: 
 
1. Rootkit scan -  Type of malware that manipulates the system in a way that causes it not to show specific information/files anymore
2. Memory scan - Scans all currently loaded programs & their components for active malware
3. Malware traces scan - Test for manipulated registry settings or non executable malware data or configuration files that are indicative of an infection. 
4. PUP scan - Potentially Unwanted Programs that are not dangerous by definition but are usually unwanted by most users as they display ads or manipulate browsers
5. Compressed archive scan - Malware might hide in archives, but to scan them takes longer time
6. E-mail data scan - scan external e-Mail clients, however scanning of such files takes time
7. NTFS alternate data stream scan - hidden layers in regular files that may be used to hide malicious code
8. File types/Exclusion scan - scan only specific file types based on extension filters and exclude files that doesn't match extension
9. Quarantine feature - a safe place for detected objects where they can't do any harm. Must be able to delete objects permanently from here.
10. Logs - extensive reports with export options and mark items as false positives if they are safe.  
 
 
 
1. EEK - 
 
Installation
The download for the installer was a hefty 340MB and also consumed considerable hard disk space on install which was around 650MB. Barring all that, there was no bundled software to uncheck during install, however after each scan, a pop-up asks me if I want to install Emsisoft protection. 
 
Interface: 
Emsisoft has a visually appealing and clean GUI with no clutter whatsoever. There are 2 exe's inside EEK folder, the first to open a command line scanner and the second with a normal GUI. The main GUI presents 4 options: Update, Scan, Quarantine & Logs. The Logs section allows you to search by date, component and action name and has probably the best layout among all tested scanners. The Quarantine section let's you mark infections as false positives and also custom add files to the chest. 
 
Features: 
The scan options presents 3 different modes: Quick scan: only for active programs and checks for malware traces, Malware scan: scans all places where malware typically infects, Custom scan: for files/folders and optional scan settings. Emsisoft allows you to save, export and import settings for scan which is a neat feature. Quick scan took around 55 seconds (63341 files) to complete and Malware scan took around 5 minutes (76659 files) to finish.  The portable nature of the installer means that you can run it directly from a pen drive without leaving traces behind and is really helpful when you are running it on an infected PC. After each signature update, Emsisoft rescans the quaratine files. Scan exclusions can be defined using wildcards/environment variables.
 
Usability: 
Startup time is longer compared to other scanners as it tries to load malware signatures and also updating the signatures took considerable time & bandwidth.  Emsisoft has considerably good scan speeds, is great at detecting old malware, good at detecting PUP's/adware's, performs well in finding malicious registry keys. 
However the cloud implementation is limited that works only on file execution & not during scan. Emsisoft is poor at detecting new malware, and is weak against fileless malware. 
 
 
 
Scan options: 
- Active rootkits - Type of malware that manipulates the system in a way that causes it not to show specific information/files anymore
- Active malware in memory - scans all currently loaded programs & their components
- Malware traces - manipulated registry settings or non executable malware data or configuration files that are indicative of an infection. 
- PUPs - programs that are not dangerous by definition but are usually unwanted by most users as they display ads or manipulate browsers
- Scan in compressed archives - malware might hide here, but to scan them takes longer time
-Scan in email data files - external e-Mail clients, scanning of such files takes time
- Scan in NTFS alternate data streams - hidden layers in regular files that may be used to hide malicious code
- File extension filter - scan only specific file types
- Use direct disk access - more effective but slower alternate method of reading files from HDD for scanning. Only for finding rootkits it's great not for entire HDD
- Quarantine - safe place for detected objects where they can't do any harm. You can delete objects permanently from here.
- Logs - extensive with export and view details & clear 
 
Custom scan options available for file/folder/drives
 
2. NPE
 
Installation: 
NPE doesn't require installation and is a small 9MB download. It's completely free and doesn't bring pop-outs/banners to upgrade. However it's very powerful and should be used with caution. It asks to accept license agreement on execution everytime because of this.  
 
Interface: 
The user interface of NPE is easy on the eyes and to the point. The Main GUI lets you run different scans: Risk scan, Unwanted Application Scan and various Advanced scans like Reputation scan, Multi-boot scan and normal System scan. Provision to undo any previous fix is available right from the interface which is a handy feature. The log files generated by NPE aren't so intuitive however. For some reason NPE crashes for me everytime just before showing scan results. 
 
Features: NPE turns on rootkit scanning by default which requires computer restart everytime before you run the risk scan. This can be turned off in the settings, however other scan parameters like Multi-boot scan (if you are running multiple Windows OS) can be turned on from the same page. Norton has an Unwanted Application scan feature that detects unwanted softwares as well as browser plugins on your system. The Reputation scan feature performs a Norton cloud lookup feature for files/folders you specify. It's based on number of users using the software, how mature the product is through release date and finally favorable ratings from public. 
 
Usability
Note that since NPE is extremely aggressive, it might detect legitimate programs to be infected/unwanted, so caution must be excercised. The scans performed are extremely fast, and auto creates restore point before any system changes. There's also cloud lookup feature to send files to Symantec incase there's not much information. NPE works best on highly infected systems. NPE is fully portable, can detect malicious registry keys, detects new malware from reputation analysis, ,works good against fileless malwares and doesn't require signatures. However scans doesn't have a progress bar and requires multiple scan types for thorough check
 
- very powerful, especially for technicians
- multi-boot scan - for multiple Windows OS
- live scan with file paths 
- File insights - based on reputation (users in Norton community) 1. no:of users, 2. mature - release date, 3. rating - favorable
- send files to Symantec for cloud lookup (if not enough information is present)
- automatically creates system restore point
- Fast scan
 
 
* no progress bar
* mostly for highly infected systems
 
Pros'
-Doesn't require signature
-Functions based on file reputation analysis - can detect new malwares/safe files if they dont have sufficient number of users
-Can detect registry keys
-Very fast scanning speed
-Portable
 
Cons
-Requires manual update
-Requires 2 separate scans like Zemana
-Extremely prone to FP's, must be used by knowledgeable users
-Doesn't always indicate which is safe, which is malicious as it's reputation based
-Okay against fileless malwares, not as good as Zemana
 
3. Zemana
 
As for me Zemana comes in 2 flavours, the superior portable v2.74 and the inferior installer version v3.0. Since v3.0 has removed custom scan support, added a nag screen for premium version, has no portable installer and removed drag n drop scans for files, I will be reviewing v2.74 instead here. 
 
Installation: The portable installation of Zemana is a 24MB installer and has an extremely light footprint. However the portable installation has no stealth mode and leaves traces behind. You can disable promotional messages from Zemana from Settings->General section. 
 
Interface: Clean user interface showing a message that real-time protection has been turned off, which is not of concern for second opinion scanners. The main GUI reflects the current system status as "Clean" or "Infected", has last scan details as well as the last update check date. The log report shows the scan details with the last scan type and the results of the scan. 
 
Features: Scheduled scans are not available in the free portable version. Zemana allows you to create system restore points before cleaning infections but has to be manually turned on. Zemana has a unique feature to deep scan files and folders by drag n drop on its UI.  Simple file and folder exclusions can be defined for scans to whitelist them. Update checks has to be done manually. The advanced settings allows you to disable uploading unknown objects to scan cloud for analysis if needed. Detection of suspicious (CA root) certificates can be enabled from here. 
 
Usability:
Zemana is great at catching PUP's/adwares and still remains as one of the best scanners against fileless malware's and active malware processes. It has a good signature database but needs to be connected to cloud via internet for best detection. Zemana doesn't require signature updates and auto-updates itself. 
Zemana is not good against zero day malwares and time taken to scan is a bit long albeit thorough. It's prone to false positives and requires 2 scans for full effectiveness: a) full scan b) custom users folder scan
 
Installer
-Runs at windows startup (can disable)
-Auto upload unknown objects to scan cloud for analysis (can disable)
-Registration reminder
-Drag n drop/Custom scan no longer available in v3
-Promotional messages (can be turned off)
-Cloud detection (internet required)
 
-Has real-time protection, differentiating from competition (can be turned off)
-Browser cleanup
-Scan at Windows startup
-Cloud detection 
-Post scan: Quarantine, Delete, Exclude, Report as safe, Open file location, Log details
-Quarantine: Restore, Delete, Report as safe
-Whitelist
-Reports
 
Pros
-Good at PUP's/adwares, best scanner against fileless malwares & active processes, good signatures but not the best
-Doesnt require updates
-Blazing fast scans
-Portable vesrion available
-Auto-versoin update within app
 
Cons
-Not good against zero day malwares, doesn't always detect all old malwares
-Portable version still leaves traces behind
-Version 2 better than v3, no custom scan, drag drop scan
-Prone to false positives
-Requires 2 separate scans (1 full + 1 custom scan of "users" folder for full effect)
 
4. Malwarebytes
 
Installation:
Compared to other scanners, there is no portable installer for MBAM. The download size is around 65MB and takes around 160MB of HDD space. Install provides 2 options for Personal PC/Work PC. In the latest version, the premium trial is installed by default and starts itself with Windows. These settings can be changed post install. 
 
Interface: 
The main GUI has a system status pane that is color coded: Green for good status, Orange for warning of a condition and Red for immediate addition required. The left side pane is neatly tabbed with Dashboard, Scan, Quarantine, Reports & Settings. MBAM can be heavily customized by limiting user access, registering to Windows action center, setting scan impact through priority, notifications mode for full screen apps etc. The right side bar displays the protection layers (trial), scan status with reports, malware detections if any and finally update details. 
 
Features: 
Since the trial version is installed by default, you wont' be getting real-time protection (web, exploit, malware & ransomware) after trial period. Also scheduled scans doesn't work in free mode. Malwarebytes has a self protection module that prevents it's files & processes from being altered/damaged by malware (best for infected systems). There are 3 scan types; Threat scan: comprehensive and recommended option, Hyper scan: fastest scan mode for active malware and Custom scan that allows you to set scans for memory, startup, registry, archives, rootkits, PUP, PUM & filesystem objects. The exclusion settings are comprehensive and one of the best. Logs are available  while scan is ongoing. 
 
Usability: 
Malwarebytes has probably the best detection against PUP's and PUM's. MBAM performs well against new ransomware types, infected registry keys and has extremely good heuristics. Scan speeds are extremely good compared to other scanners. The premium features are turned on by default and requires UAC to turn them of. Malwarebytes performs badly against regular malware/viruses, lacks cloud engines and poor detection of zero-day malware.  
 
Pros
-Logs open during scans for identified threats
-Rootkit scans (need to be turned on)
-Archive scans
-Best PUP & PUM detection
-Self protection modules
-Signature-less anomaly detection for increased protection
-Exclusion: great exclusion settings: Files/Folder, Website, App that connects to Internet, Previously detected exploit. 
Files/Folder: Also options from detection as malware, ransomware or PUP
Website: URL/IP address
Exploit: exploit ash & associated application
 
-Very good at PUPs/adwares, new ransomware types, registry keys, very good heuristics
-Quite fast scanning speed
 
Cons
-Turns premium feature on by default (web, real-time,malware,ransomware protection)
-needs UAC to turn them off during trial & nag screen if turned off (turn off notification from Settings->Application)
-needs to download updates
-auto starts up on boot by default
- no portable version
 
-poor against regular malwares/viruses, zero-day malwares
-Has to be installed, no portable
-No cloud engine
-Longer launch time to load malware signature
 
-Trial version: RT protection (turned on by default->not necessary->disable it)
*Web protection: prevents connection to malicious/compromised websites
*Exploit protection: prevents vulnerability exploits and zero-day attacks
*Malware protection: prevents malware infection
*Ransomware protection: prevents ransomware from encrypting your files
Free vs Pro
-Scheduled scans (type, frequency, recurrence, start, end)
-Prevents virus, spyware, malware infection
-Stop ransomware attacks
-Shields programs & systems from hackers
-Safe web browsing
-Automatic protection updates

Please rate this article: 

Your rating: None
0
No votes yet