Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Anti-virus Moves to the Cloud



 By: Larry Seltzer
2009-04-29
Article Rating:starstarstarstarstar / 0


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
OPINION: Vendors such as Panda Security, McAfee and Trend Micro are looking into cloud security approaches. The volume and velocity of malware developments necessitate changes like this, and there are advantages to the cloud approach. It's also a risky move, but it's beginning to look inevitable.

Panda Security has released a beta of its Panda Cloud Antivirus. It's a free download at www.cloudantivirus.com and there will be a free version of it even after it ships.

The idea of a "cloud" product here is not really a gimmick, even if "cloud" is the buzzword of 2009. There are good reasons to move detection and other parts of the product into the cloud, even putting aside the reasons why the noncloud approach is not working anymore.

Note that McAfee already has put at least some of this functionality into its own cloud and other major companies are working on the cloud security concept.

Resource Library:

Instead of keeping all the signatures for malware local, these products keep a local whitelist of files. Very few of the files on the system actually change over time. When a new file appears, especially one that appears from the Internet, that's when an anti-malware product needs to take action. Cloud products then send some hash of the file up into the cloud; if it's new, perhaps they send the file also, but if it's already identified they can send a thumbs-up or thumbs-down back to the client.

New malware and other threats are coming out at such high velocity that it's folly to think you can distribute signatures to a large and worldwide user base fast enough to be effective. The distribution of every signature to every user in the world sucks huge bandwidth and still is too slow to detect well enough. And as the volume and velocity of malware increase, local solutions will fall further behind.

The main advantage of the cloud approach is that the "signatures" need only be in the cloud, not distributed to all users. There are other advantages: The client becomes much smaller and lighter, and indeed Panda is touting its as a "thin client." Plus there's an element of collaboration that's improved through the cloud, in that the vendor can get a sense much more quickly of how fast certain threats are spreading and how quickly they should move new threats from automated to manual analysis.

Panda also has a feature called "retroscan" that kicks in when a new file is determined to be malicious. In the time since it was first sent and the determination, users may have been given a green light from Panda, but the Panda cloud holds on to the fact that the file was detected on those systems. It goes back to those clients and marks the file as bad.

There are definitely potential downsides too. The more you rely on the cloud, the more your Internet connection and the speed of the cloud become an issue in your system performance for what might seem like local operations. There are still a lot of people out there with slow or high-latency connections, and for them this may be too cutting-edge an approach. Of course, the cloud products aren't completely cloudy; there are local signatures in them, basically what the vendor thinks is the real hot list of malware most likely to show up.

I was pretty harsh on McAfee's Artemis cloud project as a concept, but I suppose I should apologize to McAfee. Even if all the claims for performance and efficacy of cloud solutions are exaggerated, the fact is that conventional solutions are still an unsustainable approach. This is a prediction I've heard for years and you might ask when those solutions will actually fall behind malware, and the answer has to be in the rear-view mirror already. Conventional anti-virus is not useless, but it's of diminishing usefulness, at least on its own. More and more you need to supplement it with other approaches like IPS. Cloud services may give the good guys a boost that could help us all.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.





  Reader Comments: Antivirus Moves to the Cloud
>>> Post your comment now!
Protection for your computer.
Search-and-destroy Antispyware is one of the best options available when you are searching for protection for your computer that you can trust. I...
Posted At: 04-30-09
By: litabenson
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}r㶲s\@♵M=Ҕl˶V,Ҍ3SHHbLZ$e~b:?qtMJe2{-ݍF޻$\i9cq͹M5>5B_'Щ=ѩ€dB$kwtL|ϨTS_ƾQ/?F Lbh9&qG٨XC< tWӺ'~hzN$E%U5EhDԸ#|x\'gώ0{/<Pcw̪Ҵ?wSա(v2%v+n /@Z#\DȁY{w4ɿTݱm6{ -XdUZL bC6S!1kkTը>lY}@|ݑ|Y#Xo:QA3MuL_CԿ($fҀ [8#/֌<{m߈ekby1=b Jw3Bz gϗmuoicCR=BCjBӹciqeU寯~6O|6l M u ô|WVK5IͽGb{t"j]8l$˷Y>ퟒ_.K`HBi۲ܺʑ\ y3R(y30si2)>ML9X@.@ש#04ǯhVj5V0-Mn "d4 }=w a6zALt:H)=?&Țb.L2o<|)m̗U.d`(AK/g- 5f:]R$y3DDȽ g3E94>BzBp4<01FpJn.b? [ʚ&gyrNTVʒ0Sb{H nuƍVuJzݫ^?uZ^K/364>pX.B2iK1.qJ۫Z\U*%(YRS* rOL[ԑApl uu<|P ZG>OtvSjZi};N"5d}4>ljAGAticš4.@7&hC}ҍ:L ݣPo]=':,AbC XS9*z(tm5A%ǎC-ߟL=u#09wɽ5yPf+wKPAb,DM}PC\7 >)d@}>g >[S9nвAc@,>HQox@F6l!YѧKhWfs&ᠸN4Sy%2KXհݹ6|bҳ{>I%/*8bp? Txx v[zpć 9E#rQϚX %<&ƲB"=7 & QH KzBnehJJ*$,4) w jKݼ^`";qJNbНF#@)zlQkځiYWn%,4joEG9(ĿKӺJjp -H#oh moԼ¢y?֡ؠ9HM^>VL"Hgˣ7dJ Ւd6 \{8`ȢuDjrA5 Kۊ7q}4EiZ\-ssV84@ r; p璉IN*V*3SĝzP\"қy}@n'zSπt.Oچhpg׏pJa e.6BSbg`m1L<F˸iBqmX@XR@Gg \%78Y_.m*{g=eWjJKWk4FME8` ;jk Ltz< ZȲO[:ğ{luj 1݃Uk;kP %1csMD@{nv2Tˣ6Wȵm!3hΕG4g34%ұy8p_3kHl4$T2Paa0S] etQؼUwPz?69rMilwPq`*1j3x:uv*w[sT*[Pfݻ(Q<& ;oæ˘c_pNMY 1H$6/`k :@0 !/PTQ-W/#Ƃ]L]LU)TO"nʻhC{h]>,,'l@ODJQcG=<&Cf+DŜU^oV8;OgjZ(T+1:ʪZJkVv2EV6őG@<@*:2 Y 0(hE}耰⦉!LԀH5VFl.baβJ);oiZKyRIV0 l" ?ŤX TkQsGŵ5 {é#uMaFž JV-=oyAPsv-"fdbD4@s@5iM~'H5ysVt9y^%qfR+2y[Vzr}F!Yhgf'<+_O}ˀ'dyM?ɇMC WѐF[G#^$G{FY(,.nDmP*jIIz,pUvdή hx;L5Ll'ĠQȣS&Z}R*+na/ewڜS? &i:^IS.WkY*1a2N$Kۄ kfI,G: a U)wOLJZZ$lp z􀮢be4qyi7L5Luox, x5H;O5q[@7@|PIn6J墦AkR;~O;a#ұLƈ Q@gt@ 2ɢ\' WeRU@o8J3AJ j ;!c8`<"MMXhG?=a?q-492=ZgaG^P(k㜘\?؇^֪ۣ%l |+" .3$h|QtW%}w>_ΡϺW}i_~:?&,:;~xkݫC {D.Z~"`}fԸ]`>*N[]7WR n՜$"jsMN3$nX ʆqv ;coE9 ¾UXHE`&|C,($T;0r$`$؏*XU2ݻl~nken/ m! D78S*PW"REH%IA%N['ݛ&' &9hDmlb~C<B<Mp<"]Y{pңJqkGҽ< $CebS`݃.[s;Ыi!Q27?%(E馺[7@db&u"J U=Kz-{r=1݇ðaTw d( e~=m22tC%<2KтL)dJH3I8z>SB&T5ۓ$-I^O Eqj ieʒ~I/h'1ۡX#Үۓ]7G8+ (OLkrwisy^]6V"#0Gu\&0 qo4/Å@ Rr;8%Ţ@N^KJpUKユuVn,#ZCaJF CZ{hQZ"Ա뀴#O:.^sFnxOĉ+*qYBK+F8 CW ./v}`FȢ&i{?OynLxV='Fhs) .0/cשm:{x@F'i^[7yb`}%H@R`@GL|5zÿ|Tfg 95GNy S7^QW{20}?H/K㆟isP!XK%ɘNBAWU-u+n(rY9sJUOVr{ѭc+n Qd17(P2Y:pKҤscsd<ݸw[1rfioG>{~}q.e~W(R=/o>-\*s"5Q#vދsq·8ȁqV#y∶K`#j>b{+&bi4W;Tf{s̷LkDxj Yj4&K-h<~lor:? G OfxV79vf; 81lId3h <|nwkLlll4RbШ-p9٦pr[P\9>m` ܭˬæHtş:sBB5cߝA)xQtlQ~ĝ@8Q! W5KhysR|x0_{jM-?{Mߧk9̵`_oQ29N]miRPr7^BU{6r Uf8{vō]rD*ƫsG{YBqQȂ0%| Lj -r]pqIћݑ;3 /s Qs,发rqv8Fv#? iYuYa#+w[& Mt0.=3pe!b]P GP;ڊX;ۊH-:*⨲ =ɠa;{b%>,xD̥dNJ]y6|^ۃHPJR=x \VJQV*JX:y skuHDDu(4?Jo{* !~\`߇ʖm=jt;>b1wk42y|1S@0,nS/X@3C(J+.Lo%"pXnDT¼|&w-@Y<`@SPk80OZ{뼪F17o9Y ,eD(CrHxe->}HAY ]0 P} S>Haī񑞢,~ *!h*K2Gx\=Y䈼R|)|u'̓xJwW9I7ޠˁZ~Ak *6gz7 X-E":/ FD0zlGrčʽ&N9|'!|Չ ml6)}#+3qx^$K"Gq~|GНR֎k8FZ}C(VP "lB$ $ Ag#Do\ Vݖ*oQO&;R'}X.d9lWt-vUQ Rq{9X7 b4Q,"$|4Tmw:Ԕut"Lv"ͬkKxA00000]-Ԋcit[G ZSon><'ECKqir#a<Q GL֯w`SsL?xD% OJU,)qA]O1 V*QmP@)[u-)Rq/})"S(T sϜteLh[|zQ jQ- fV* 2{`Lh ~=x FRtd4\uK{w'R-n[-СPUك'>;tye4X7ƚ-Ō@W5vVP:]ObtƒR[+O0T-c5'Tpd}%4B $3mC%h5q`hF`@'rf֬8DIx Hb-!~=֫kA {Ϩ%ͽ7л{quiobQ;qcly51BPbAaBJ$ӑYIvwc L%mOU+4xoI9lѤ3]^ma٠=`C~c%. 2~YC0_xabH^cs/m*41c; FvML=viϩ>7-NH7{\/mHg( zTJl74e=wB5«jD+_gnf8 jd翾ypn- -fzCjU1HQT$W 0 ~Hyo>RTErmT֎!sPUHTY# vDu9_roW=ΤĻ˿CBw = On?hێm?|tҔ.\?`o"@5C.{ $fI*DuI\-]&<2k @aĔ*y] pf6n,ow3;;vUs?o={ }Ŭ'P#?[>emx+)̝5!p _[nB/ߚ'dQED\ 6oB(F56[7oJHvj}m&kK3I"A۶{{Ʒicf`W۲8ư::ϊ>"ZvmYޣS.i{˂Zf}-gAIN{i=8yG©Yj:&lWJE:`ѿoUS)c<Mr6:6 h`P_EГN \/cDZ&ܻF7H7-=[ _E@Ckbw2$ߩM ƋfPL,ÙBt}ųKaq_zDPr~x%´+45{*g]Ez@9Ъ ek>7jE_A-ŴhgP_TFOCMwAc:`A뽰 ̰.$o,St"=aӿG)|^4E;LAotoOQ|BKd?8^ \/Нt*,E| ZD1@)O.Oz[3Ҹ$~"R*{=(`kek)G>?FF:Zۏo#?2g~ xGv 쀤aB(4hFȞIAh|y~rmzbEA}#ZDp 7VrBYiӶ|=4>(CZPBZ=Y’7M=Ir9ꊒbI|1n@`j t("l\M!8AXJrܘE Paye%ǸPFPxAҼ40cS,^EJ11ǜSYRSWs.;OwtAj-biAc2·X31aKRA5-0j*z JD(-~0ǝ7|^3~t9~J!Vy ?7LຶVy 6vn&| -'ֻh zR[o^;G'ܬDMD ܭGF\twP2':[P3>gN((bL~-=rGr>. +cm5X+h.G7|%5Fo[q{e G't:w›NWXEmJ<\kJDyj $Z(u-uz sđۋuNhOgv`Wlm?ڒVo5Jz (ӘELL`BwtcR IoF Keg~RߊuX{0adx+jO5~ŔPG![w?^ֿ-'|͌Vk!./.OcLa }(W' #n%YZmI &{|>?{< )?kUeQ(Z75 X]@88?AnIݲY<Њ>co—IׄQT1 :{ᛂrPZ-$Gh:hTHu ,a<${̤7b?< N9[ roEVI :b ɫwO}՗HP]ΰ"@[ g o c Q@Ēv7U+I,s/ƨ;SL\f.^ԙes1}:; ZF=KޝQ>ɖCzEQt#?Kg0ޔKݜ(8& jq$!%H${=9`~ҽ߰Bnj ȿ##|߫+Bfȟ.ȗn|ΠkQ&~z0^{0^@ !>BǬ|nj}}-ff--m%:IX gk8=Rgr z)A^dկ?e,#@~N͠2lc3\.2Sܿw2~RAm_tO qʕx^S_xښꖽVqۭMn@KG{2Pi +{ ;yH 2 r hxWYdbd b{Xe?~VP枔u]CRMj. {%])We[M'ik(s3gg=U26CK}A*l>܃f cp2 #GYOT/3i˘c'Ԏ"lOAp}n}Fտ_qLz~niMڧ\vt3k]Օq@Axa_ 5!?'OxWf2ivQZCoBgUc|#xC/+Oxguv>N>ܴXjAi\5/Ktz}ǠiP,US !Pi໯0dp=s礟g'O!4 EL=C>jpO_B17p;$u͇RiErT)玾ߓNn0mFp@g1<̈ɪ"+Uw9 ط]V++R0X^*(d@#غ {%}C7$|P.q5kEEבE$&NhӂwJ=S%.n %艬GЄ0t\rẄ }+,RDvZkF2}juP#趯Iϵ=8Z0E0Y~l'PUE'0P=Cb sH : %)^Ռ[#|F+3௚F3qyU (pd+D~" cz%0)%u+ 9م`G.Hrx+"v"Гx/COO8mC᳠c"5(l-E'.i|}7 |ɳd-+2l%#HYE҆_O&M$|Cb1G8]x ""_Rah.yq"I>n80`"_ "O j7;1Teu,s0ŴBShI -(O?6o'knxK"C34a)yc<%Z@n0$ o i?ϹK:Wݞ얯 o} 8lo.l4=p}ρ XsCQ%ɷ ={lZQZtERb05yN&^1~0FĶ2]|R4OepNRvc ΋;53_O[ƝMQ .9-Be6Z ^|:um랮E{fFaжJO)xH>%B6Aryuڵ-IErY)ZNvLʅkSּE5|ylR$|CYA C1Xqk @<ל 0qmr?08rX)&|Bc9yȃg~dZ>{wmX O!gw Y-1!Dt9)ҡCCĞB >dS>C7@jF7\ dZ\O>مt&;kώK~>t frs*]_7;Nb‚_ydɅvЯ,# /X]鲵0^0ʳU_:kvڗK%H=Sw Q\'=fF\O}j_Wdt/71Xںqs'?t?\JaAy鑢&!toN[i B"D+w<=m_' c={`o7stg|oUBޚYf]Z%Nbi~ۊ=iQf8&rYOjJZQ۽w΄^%ܖmJPU&s.# MԗWb\(ZMS9_2;s+&lƯR2ZcǤ󵱶_tl +