OPINION: Vendors such as Panda Security, McAfee and Trend Micro are looking into cloud security approaches. The volume and velocity of malware developments necessitate changes like this, and there are advantages to the cloud approach. It's also a risky move, but it's beginning to look inevitable.
has released a beta of its Panda Cloud Antivirus. It's a free
download at www.cloudantivirus.com
and there will be a free version of it even after it ships.
The idea of a "cloud" product here is not really a gimmick, even
if "cloud" is the buzzword of 2009. There are good reasons to move
detection and other parts of the product into the cloud, even putting aside the
reasons why the noncloud approach is not working anymore.
Note that McAfee
already has put at least some of this functionality into its own cloud
major companies are working on the cloud security concept.
Instead of keeping all the signatures for malware local, these products keep
a local whitelist of files. Very few of the files on the system actually change
over time. When a new file appears, especially one that appears from the
Internet, that's when an anti-malware product needs to take action. Cloud
products then send some hash of the file up into the cloud; if it's new,
perhaps they send the file also, but if it's already identified they can send a
thumbs-up or thumbs-down back to the client.
New malware and other threats are coming out at such high velocity that it's
folly to think you can distribute signatures to a large and worldwide user base
fast enough to be effective. The distribution of every signature to every user in
the world sucks huge bandwidth and still is too slow to detect well enough. And
as the volume and velocity of malware increase, local solutions will fall
The main advantage of the cloud approach is that the "signatures"
need only be in the cloud, not distributed to all users. There are other
advantages: The client becomes much smaller and lighter, and indeed Panda is
touting its as a "thin client." Plus there's an element of
collaboration that's improved through the cloud, in that the vendor can get a sense
much more quickly of how fast certain threats are spreading and how quickly
they should move new threats from automated to manual analysis.
Panda also has a feature called "retroscan" that kicks in when a
new file is determined to be malicious. In the time since it was first sent and
the determination, users may have been given a green light from Panda, but the
Panda cloud holds on to the fact that the file was detected on those systems.
It goes back to those clients and marks the file as bad.
There are definitely potential downsides too. The more you rely on the
cloud, the more your Internet connection and the speed of the cloud become an
issue in your system performance for what might seem like local operations.
There are still a lot of people out there with slow or high-latency
connections, and for them this may be too cutting-edge an approach. Of course,
the cloud products aren't completely cloudy; there are local signatures in
them, basically what the vendor thinks is the real hot list of malware most
likely to show up.
I was pretty harsh on McAfee's Artemis cloud project
as a concept, but I
suppose I should apologize to McAfee. Even if all the claims for performance
and efficacy of cloud solutions are exaggerated, the fact is that conventional
solutions are still an unsustainable approach. This is a prediction I've heard
for years and you might ask when those solutions will actually fall behind
malware, and the answer has to be in the rear-view mirror already. Conventional
anti-virus is not useless, but it's of diminishing usefulness, at least on its
own. More and more you need to supplement it with other approaches like IPS.
Cloud services may give the good guys a boost that could help us all.
Editor Larry Seltzer
has worked in and written about the computer industry since 1983.