It’s not often that fate conspires to show me how new software changes system behavior, without me having to jump through lots of extra hoops to gather the necessary data. But because of the confluence of two sets of unrelated events this week, that’s exactly what happened as I started learning my way into the latest release of the PC Tools product lineup for 2011 (yes, it’s that time of year again, when security vendors start popping out and plumping up the next year’s version of their Internet protection stuff, PC Tools included).
This time around, I looked at PC Tools Spyware Doctor with AntiVirus because it’s what I have a paid subscription for on a couple of my test machines (I still have one unused license, but I just ordered parts for a new machine from Newegg yesterday, so I have a pretty good idea where that unused license will be going in the relatively near future). PC Tools has devoted some obvious effort to a couple of different areas of improvement within the product and my recent interactions with Soluto (a Windows boot optimization tool that’s still in beta, and the subject of recent blogs here on September 13 and September 16). Here’s a box shot of the new Internet Security Suite for 2011:
Because Soluto monitors how much time various start-up elements consume during the Windows boot process, I was able to observe that the startup time for Spyware Doctor with AntiVirus (which I’ll abbreviate, as PC Tools itself does, as SDAV henceforth) declined from 20 seconds in the previous version to 11 seconds in the current version (a 45% improvement). I don’t have any formal measurements to back up my other observation — namely, that the new version completes scans and generally runs faster than the old one — but I plan to gather some in the near future to provide a better formal basis for comparison.
In talking to some of the principals at PC Tools, I also learned that the company devoted a lot of effort to improving their malware protection on the “behavior monitor” side. This is a part of the software that observes what programs are doing as they run on a PC, and that pay special attention to various classes of suspect behavior (creating, altering or deleting certain registry keys, accessing files in various important Windows directories, manipulating certain key .exe or .dll files, and so forth, all potentially indicative of malware at work) and can intervene to block potentially dangerous behaviors from occurring, or even shut down processes with what you might call “extreme rogue potential.”
The overall behavior of this side of antimalware software generally falls into the heuristics and behavioral side of protection and prevention, rather than using specific signatures to conclusively identify malware at work. Of course, as suspects are rounded up and profiled, the software creates and develops “behavioral profiles” based on detection of various malware-like specifics or characteristics, so PC Tools can learn from its customer’s experiences, and keep developing matching signatures as new malware items are identified and associated with various files, registry keys, and so forth. This kind of capability is much like TripWire, which observes system file and state changes associated with software behavior, and then provides ways to identify what has been changed, and how, over time.
For the 2011 version, PC Tools has also added a download manager to its software environment, so that a 500K program bootstraps the download and install processes, and can selectively download components suitable to specific licenses and operating systems as needed. There’s also a threat expert memory scanner that looks for active malware of a type known as “AV-killers” (designed to disable or otherwise shut down or defeat antivirus and antispyware packages) that kills the processes associated with such malware and goes on to deactivate them so they can be removed and cleaned up on infested systems. For more info, check out threatexpert.com.
PC Tools has also updated its toolbox software to create something called PC Tools Performance Toolkit 2011, about which I’ll write more soon — once I get the chance to play with it myself, that is. Stay tuned!