Hitman Pro 3.5 is a new type of cloud antivirus that offers a “second option” approach. First, a cloud antivirus functions by submitting suspicious files to a server farm (cloud). Once on the cloud or uploaded to the server farm, the immense computing power at the Hitman Pro’s offices can be used to scan a file with 5 different antivirus scanners at once. The “second option” means that Hitman Pro should be used in addition to existing antivirus. The premise is that even well secured computers with antivirus and firewalls tend to miss 32.5% of viruses and malware. Therefore, Hitman should be used as a “second option” and run upon every computer startup.
Virus Detection and Scanning:
Hitman Pro utilizes 5 different antivirus engines the Prevx, ESET NOD32, G-DATA, Avira AntiVir, and A-squared antivirus engines. What’s ironic is the 5 antivirus engines are in fact 6 engines because G-DATA concurrently utilizes Bitdefender’s and Avast’s antivirus engines. Basically, all of these antivirus engines were chosen specifically for their individual strengths. Prevx runs the initial behavior scan on the target computer. This is how Hitman Pro 3.5 determines if a file is of suspicious nature determined by whether the file has uninstall capabilities, autostart methods, faking a trusted files name, and suspicious encryption and compression. The full list is posted below. Once a suspicious file is found it will be automatically uploaded to the Hitman Pro servers for an indepth scan with the remaining engines. All of the engines have extremely high detection rates and low false positive rates. In particular, G-DATA’s engine has a 98% detection rate while Avira AntiVir was antivirus of the year for 2008. A-Squared also has some of the best Trojan horse detection capabilities available.
Hitman Pro has excellent virus removal capabilities. Hitman Pro 3.5 can reboot a system and remove the malware when the process isn’t locked, utilizes low level hard drive sector deletion capability for really stubborn malware processes, and can close all active handles (dll’s).
The virus scanning speed of Hitman Pro 3.5 was extremely fast; completing in about 5 minutes and 6 seconds on the test system. The second scan only took 2 minutes and 38 seconds, which is even more amazing (clearly utilizing memory scan technology aka Prevx). This scanning speed is excellent and perfect for a system startup. Hitman Pro discovered one suspicious file on the test system. The suspicious file was compressed and sent to the cloud/server farm for extensive scanning. The upload speed averaged about 36 KB/sec which is slower than the cable line capacity of about 100KB/sec. Unfortunately, the upload servers seemed to be lacking in speed probably because they are located in the Netherlands. Since the program relies on frequently uploading suspicious files , this could be viewed as a disadvantage. Finally, Hitman Pro 3.5 didn’t detect any viruses on the test system.
Hitman Pro 3.5 uses about 3.2 megabytes while idle. When scanning, Hitman Pro will up to 60 megabytes of memory. CPU usage will hover around 30% to 40% which is about average for an antivirus scanner.
The download size of Hitman Pro was very small at only 6 megabytes; significantly smaller than most free antivirus. Hitman Pro does not have a large file size because all of the antivirus definitions are located on the company’s servers and consequently do not need to be downloaded.
The Hitman Pro 3.5 Interface is very simplistic and has settings and a scan button. To start a scan, a user simply needs to hit scan. In the settings menu a user can set if the uploaded files utilize SSL (slower but safer than a normal connection) and to have a scan run on every computer startup. In addition to the settings menu, there is a history list where users see all of the viruses detected
Hitman 3.5 is an excellent free antivirus scanner. Unfortunately, the upload speed to the Hitman Servers are probably too slow creating a bottleneck. In addition, there are some privacy concerns with uploading files from ones computer to a foreign server. However, I tend to believe the “second option” as an excellent way at mitigating a serious virus infection.