Detailed explanation of "PC Matic" whitelisting antivirus
Next, I would like to talk about the fact that this software is lightweight. Basically, this software only performs MD5 verification, so there is no need to examine large executable files, so the burden is low.
In addition, this software does not include the original firewall function that is included in many of the recent antivirus software. This is because the firewall function that is installed as standard in Windows is deeply involved in the system and is built in, and the performance is also good, so it was decided that there was no need to prepare it in-house. Therefore, Windows firewall coexists when using this software.
Some of the firewalls of anti-virus software made by other companies have IDS (intrusion detection) and IPS (intrusion prevention) functions. Since these check items numbering in the tens of thousands are performed for each packet, the load on the PC increases. PC Matic, which claims to improve PC comfort, judges that the implementation of IDS and IPS is not suitable.
Instead, this software has an automatic update function for applications and drivers. Prevent the existence of security holes by keeping the PC software environment up-to-date. Also, all software is scanned with a whitelist method when it is installed, so dangerous software will not work in the first place. Even if dangerous software such as viruses can enter the PC, it will not work. Therefore, security can be maintained without monitoring communications with an IDS or IPS.
This mechanism is also effective against attacks that exploit unknown security holes, so-called zero-day attacks. Even if a tool such as VNC (remote desktop) is sent to your PC by a zero-day attack, its startup is blocked, so you can maintain a relatively high level of security.
Another concern for PC gamers is the handling of online updated games. With the whitelist method, the updated files have been modified and cannot pass the check. I tried running a recently updated online game in my environment, and I still got a warning that it wasn't on the whitelist.
In this case, if you set the "Display execution/blocking (recommended value)" mentioned earlier, you can choose whether or not to start. If you select "Allow" at this time, you can start it only once, but if you set "Always allow", the warning will not be displayed after that. You don't have to worry about it, as it only requires the first one-click.