
Image via Wikipedia
Antivirus on the Cloud is an interesting topic for me. Six months back I was
reading a research paper by the researchers at the University of Michigan on the
topic of Antivirus on the Clouds (CloudAV: N-Version Antivirus in the Network
Cloud by Oberheide et. al.). They proposed a model where Antivirus runs on the
Cloud and the identification of malware and virus is done by tapping into
multiple heterogeneous detection engines running in parallel. The research
team deployed such an arrangement on the Cloud and their results indicated that
their deployment provided 35% better detection coverage against recent threats
compared to a single antivirus engine and a 98% detection rate across the full
dataset. At Cloud Ave, Dan Morrill has written about how Antivirus on the Clouds can help mitigate the risks in today’s
web working environment. He also wrote about F-Secure’s plans to move their security suite onto
the Clouds.
Antivirus on the Clouds have some distinct advantages which the traditional
desktop based Antivirus software cannot offer. I will briefly discuss it before
talking about the announcement by Panda Security (formerly called Panda Software).
- Antivirus on the Clouds moves the processing power from local desktop to the
Clouds. They use only 1/3 of the resources compared to traditional desktop based
Antivirus software. In this era of netbooks and SaaS usage, any software that
hogs the local resources are considered an outcast. A bloated antivirus on a
netbook with 1.6Ghz Atom processor and 1GB RAM will leave the user with a
horrible feeling. It only makes sense to use just the minimum resources on the
local machine and tap the Cloud for most of the processing. SaaSifying Antivirus
is the next natural evolution of the software. - Antivirus on the Clouds offer better deployment and management capabilities.
A Cloud based Antivirus is simpler to install than the traditional desktop
version. More importantly, it makes the management of this software easy. Users
rarely spend time and ensure that their Antivirus software is up to date on the
detection signatures and other new/improved capabilities. By keeping it on the
web, it is easy to ensure that users benefit from the latest updates without any
extra efforts on their side. - Antivirus on the Clouds offers near instantaneous deployment of new virus or
malware fixes. With the traditional software approach, the vendors have to wait
for the desktop installed software to dial in for the updates. Due to privacy
considerations, they cannot push the updates on the installed software in real
time. Any time lag could turn out to be critical and may result in huge losses
for individuals as well as businesses. A Cloud based Antivirus solves this
problem in a neat way and helps vendors deploy fixes in real time. - A parallel engine system or a crowdsourcing approach can be implemented only
if the Antivirus is on the Clouds. This helps in better detection of malicious
software and viruses. Plus, the availability of history helps vendors in
retrospective detection. In short, Antivirus on the Clouds is a better way to
tackle malware and viruses than the traditional desktop approach. - An Antivirus on the Cloud offers better forensic capabilities. Vendors will
be recording information about which host accesses what files and other
information like this from all the users. This offers them a rich database of
valuable information and might help in forensics. This is bound to raise privacy
fears and it is important to have a meaningful discussions to enhance security
without compromising on the privacy.
The advantages of having Antivirus on the Clouds are many. Panda Security has
released a free Antivirus software that taps into the Cloud for processing. This
leaves a very small footprint on the local machine, thereby, helping netbook
users enjoy greater security without compromising on their resources. Seth
Rosenblatt of CNet points out to the resource usage in his post.
The new program reportedly takes up around 50 MB on the hard drive and eats
around 17 MB of RAM when in use. That compares well against the industry average
that Panda provided of 60 MB, and Bustamante said that they’re aiming for 12 MB
of RAM when in use.
The software can be downloaded at their website. It will always
be free for personal use. What do you think? Are you comfortable using Antivirus
from the Clouds? Are you worried about privacy implications? Feel free to share
your thoughts in the comments section below.
I may sound a bit off base here, but please continue reading. Ok, so we have this new cloud antivirus application that had a 98% detect rate. How do we know it is 98%? I assume because there was a list of known threats on the computer matched up to the software, and the software only found 98% of those known threats. My question is this, if the list of bugs was known to those doing the test, why was it not known to the cloud antivirus software? Why are the definitions not complete on this cloud app? Call me crazy, but I want to to achieve that mythical 100% detection rate. I am much more interested in what it did NOT detect than what it did.
Have you considered that 2% might be false positives or that could have developed harmless test files the engine has not previously seen?
Although 100% would be great I doubt we will ever hit that mark.
Oberheide and the gang used a dataset of malware that was collected between November 11th, 2006 and November 11th, 2007. The signatures of their AV engines were set to November 11th, 2007. So with the knowledge that ALL samples in the dataset were malicious they could test the detection rate. The detection rate for one year old malware using ten engines was 98%. For more recent threads it decreased down to 88%. For details see http://jon.oberheide.org/research/