Cloud AV: The Good and the Bad

A few moments ago I read about a post asking the good and the bad of cloud based av’s (the thread was of a different subject so I posted a new one instead just to avoid post poisoning[?] :a0 ). I’m no expert, but here’s what I think: The use of cloud computing technology to further antivirus softwares did catch my attention. But it also raised a few concerns especially after I tried out Panda Cloud AV and Immunet Protect.

The Good:
The good news is, there’s no need to go through the labor of having to update. Yes, they offer automatic updates, but this can be taxing for older computers. Signatures, not to mention, take up considerable space as well and take quite a while before a signature for a new virus is made.

Secondly, incorporating the cloud technology and the community-based strategy has a great potential which allows faster and more efficient detection and protection from zero-day viruses.

The Bad:
You’re pretty much ■■■■■■■ when you lose Internet connection and an infected medium (i.e USB, CD, diskettes) is connected to the computer.

If a new virus comes out undetected and cripples the network, well, here comes hell. It’s only good for prevention but it’s still too early to say it is the best.

Anything else you’d like to add?

All is about in how fast you can receive an information from the cloud.
It’s promised on access scanning, but, indeed it depends on uploading, checking, running it to analyze, etc.
Seems all it’s about on how do you manage that in my opinion.

you forgot that a cloud av haves a higher rate for stopping viruses

well, I’m speaking for not just the known cloud av’s, but also for some of the yet undiscovered ones (an open source cloud av at sourceforge i’ve found about 7 mos. ago is an example, clamav powered by immunetprotect didn’t do so well, and another commercial one which has been discontinued – I forgot the company – is another). There might be more, I can’t really be sure. Since they’d never been tested and compared, I can’t really say that all cloud av’s have “higher rates for stopping viruses”.

If it doesn’t store Virus DB when offline it’s useless.
Because some user didn’t permanently connected to internet.

This is why “automatic sandboxing” invented by Comodo is the way forward! we have cloud based antivirus and cloud based behaviour analysis, as well as cloud based whitelisting… add to that “automatic sandboxing” you now have a pretty darn good protection :wink:

Melih

I agree with Melih. Automatic sandboxing had helped me prevent my computer from being infected by a great deal of viruses. O0 However, I must note that sooner or later, it’s gonna be bypassed if you’re not careful (which translates to “it’s the user’s fault”). The automatic sandboxing is oftentimes troublesome for people who think themselves too old to learn new tricks and consequently, disable this protection since they won’t bother to read the “manual”. To solve this ever-growing issue we must develop a smarter engine. Although this is going to be tough. Cloud systems? I think they’re better off with online os. :-\

v5 makes automatic sandboxing a much much more pleasant experience :slight_smile:

Really??? :o That got my attention. How so? Care to explain to us? :wink:

I’ll be waiting for v5. I was very impressed with v4. But seeing that my computer simply cannot handle any more stress, I decided not to use any av or firewall replacement for now. Tell me: has v5 gotten lighter, too? ;D

we re-architected the sandboxing technology a bit :slight_smile:

I see. :smiley: I’ll give it a shot when I get the time. Hm. Is it possible for you to add an option to CIS to mount a bootable drive? One that boots in linux? And by pressing a key during boot-up (kinda like in CTM) will allow you to boot into that linux and scan for viruses? This would eliminate the need of a recovery tool (I don’t have a dvd player in my pc, sad to say [lol. I’m starting to like the expression “lol”].) and provide faster access and removal of viruses, don’t you think?

I think it’s good with cloud-based AV; nowadays most people are connected to the net. Immunet has saved me a few times while Avast! didn’t do a shit.

Cloud computing will have a future and open new doors; of what i have seen cloud-based software seems to use less memory and cpu. I have read that microsoft’s incoming OS (codename: Windows 8) will be cloud-based OS.

Cloud base antivirus will be the future

comodo do the great job by itergrate the cloud in to their security suite in cis 5

I agree with you farshard

I think you misunderstood my post. What I’m saying is that the protection they give is simply for computers meant to remain online. Otherwise, they would not provide a complete and reliable solution for offline pc’s. The internet is growing, no doubt, but still, most people are NOT ALWAYS connected. Hence, the spread of malware. I’ve tested both. They cannot compare to CIS protection when talking about real-life situations. Immunet and Panda Pro was not even able to stop malicious software entering via the USB. Maybe the Pro version can. But that merely removes the autorun and replaces it with a dummy autorun. Now what if the user accidentally activates the virus? The result: the pc is infected. I’ve seen it. It doesn’t stop the Recycler.

Another problem is when a new spyware, polymorphic virus, rogue, and/or trojan that blocks/clogs internet connections, Panda/Immunet becomes completely oblivious of its presence. Without detection, it cannot clean. Hence, there is still a need for signature-based protection.

Yes, it may as well perhaps be the future, but it isn’t as reliable as it is now. I still recommend the traditional signatures, default-deny and sandboxing. The point really is if your pc is not always online especially during start-ups, it is not recommended to have immunet (yes, some use them as their primary despite it being designed to be a companion antivirus)/panda cloud as your primary antivirus. And even if it is always connected, you’re still going to need a back-up signature based av albeit not running in real-time.

I agree, cloud anti-virus used along side their traditional signature based anti-virus is the future but the sandbox feature is major plus,a BIG major plus.

Yes, it is a plus; I do not deny that cloud computing was a step forward, but like i said…

Here, allow me to provide scenarios (which I often encounter in users):

  1. An infected USB is inserted into the pc before start-up
  2. An infected USB is left inserted into the pc.
  3. DVD’s placed in the CD-ROM (there’s one circulating here in my area that poses as a dvd, but hosts malware. People don’t need the net to watch a movie in dvd.)
  4. Laptops in establishments and universities (where connection is either limited or forbidden).
  5. Network connections fail. Hardware or driver failure.

And there might be others. It leaves an easily exploitable flaw. Very dangerous in my opinion, and I cannot rely on something that bluntly leaves me open for attacks. Like in a game of chess, once an opening is forced, all of your defenses utterly and completely falls. The best you can do is get more aggressive and pray you find an opening.

A compromised network connection is an epic failure for a fully cloud based system.

Other than that just lock down the autorun function of USB and CD/DVD stations.

not just a cloud based system, look at my new video and see what a compromised net connection did for norton.

locking down the autorun feature would work for the frequent and careful users. Not for the common ones around though. Take my brother for example. Or my classmate. How about that customer who was so hard-pressed on saying that it was legitimate? It’s not enough, sadly. If I were the only one using the PC, then I suppose that’d work. :-[