OPINION: Vendors such as Panda Security, McAfee and Trend Micro are looking into cloud security approaches. The volume and velocity of malware developments necessitate changes like this, and there are advantages to the cloud approach. It's also a risky move, but it's beginning to look inevitable.
Panda Security has released a beta of its Panda Cloud Antivirus. It's a free
download at www.cloudantivirus.com
and there will be a free version of it even after it ships.
The idea of a "cloud" product here is not really a gimmick, even
if "cloud" is the buzzword of 2009. There are good reasons to move
detection and other parts of the product into the cloud, even putting aside the
reasons why the noncloud approach is not working anymore.
Instead of keeping all the signatures for malware local, these products keep
a local whitelist of files. Very few of the files on the system actually change
over time. When a new file appears, especially one that appears from the
Internet, that's when an anti-malware product needs to take action. Cloud
products then send some hash of the file up into the cloud; if it's new,
perhaps they send the file also, but if it's already identified they can send a
thumbs-up or thumbs-down back to the client.
New malware and other threats are coming out at such high velocity that it's
folly to think you can distribute signatures to a large and worldwide user base
fast enough to be effective. The distribution of every signature to every user in
the world sucks huge bandwidth and still is too slow to detect well enough. And
as the volume and velocity of malware increase, local solutions will fall
The main advantage of the cloud approach is that the "signatures"
need only be in the cloud, not distributed to all users. There are other
advantages: The client becomes much smaller and lighter, and indeed Panda is
touting its as a "thin client." Plus there's an element of
collaboration that's improved through the cloud, in that the vendor can get a sense
much more quickly of how fast certain threats are spreading and how quickly
they should move new threats from automated to manual analysis.
Panda also has a feature called "retroscan" that kicks in when a
new file is determined to be malicious. In the time since it was first sent and
the determination, users may have been given a green light from Panda, but the
Panda cloud holds on to the fact that the file was detected on those systems.
It goes back to those clients and marks the file as bad.
There are definitely potential downsides too. The more you rely on the
cloud, the more your Internet connection and the speed of the cloud become an
issue in your system performance for what might seem like local operations.
There are still a lot of people out there with slow or high-latency
connections, and for them this may be too cutting-edge an approach. Of course,
the cloud products aren't completely cloudy; there are local signatures in
them, basically what the vendor thinks is the real hot list of malware most
likely to show up.
I was pretty harsh on McAfee's Artemis cloud project as a concept, but I
suppose I should apologize to McAfee. Even if all the claims for performance
and efficacy of cloud solutions are exaggerated, the fact is that conventional
solutions are still an unsustainable approach. This is a prediction I've heard
for years and you might ask when those solutions will actually fall behind
malware, and the answer has to be in the rear-view mirror already. Conventional
anti-virus is not useless, but it's of diminishing usefulness, at least on its
own. More and more you need to supplement it with other approaches like IPS.
Cloud services may give the good guys a boost that could help us all.
Editor Larry Seltzer
has worked in and written about the computer industry since 1983.
Larry Seltzer has been writing software for and English about computers ever since,much to his own amazement,he graduated from the University of Pennsylvania in 1983.
He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.
For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.
In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.
Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.