Feeling stuffed, sluggish? Oh, it’s not you? It’s your PC suffering from a bad case of AV bloat. How many thousands of antimalware definitions can it take? How many updates? (Remember when your AV vendor recommended downloading updates at least once a week — or was it even once a month?)
Small wonder antimalware vendors are seriously looking to cloud-based detection, taking the burden off your poor laptop’s memory, CPU and grinding hard drive.
The latest idea, coming from Panda Security, is a free thin client product, which analyzes potential malware on execution, not on the PC, but in the cloud, where the resources of PandaLabs Collective Intelligence determines whether it is malicious or benign and directs the client to allow or block execution accordingly.
“It’s getting more and more cumbersome to deal with large signature files and pushing those out to everybody,” said Forrester analyst Jonathan Penn. “We’ve seen the hockey stick graphs with thousand s of new virus strains a month. Pushing into cloud instead — assuming some level of network connectivity — makes a lot of sense
The cloud approach is not unique to Panda. Most of the leading AV vendors have some similar component: If the desktop engine — using whatever combination of traditional signatures, behavioral analysis, host-based intrusion prevention, application control, etc. — encounters a file it can’t assess, it ships its telltale traits in some sort of hash off to the Big Lab in the Sky for analysis by the vendor’s analog to Panda’s Collective Intelligence.
The cloud’s capacity — unlike your PC — is unlimited.
But the unique and really intriguing aspect of Panda Cloud Antivirus, released in beta this week, is the thin client aspect. Users install the client (you have to uninstall your current AV, which probably rules out your corporate laptop as a test machine), and, Panda tells us, you’re protected in real-time.
It’s not clear where Panda plans to go with this eventually — they’re holding that close to the very least, Cloud Antivirus will increase the flow of potential malware samples to their cloud-based detection, improving its effectiveness. The target community, for now, are sharp end users, including IT and security professionals, who can give them some significant feedback.
(I’ll nervously, at first, run it on my home PC and back it up with Spybot and Malware Bytes Antimalware on-demand scans to assure myself. I expect serious security people, not journalist-poseurs like me, will get deep under the hood to see what’s really happening on their test computers.)
“Panda recognizes they can benefit from a broad consumer footprint,” said Penn. “Consumer PCs are kind of the front line in the fight against malware. They’re going to detect things first, they’re more likely to be the target of attack. More attacks will get actually through to them.”
Panda said Cloud Antivirus will utilize a third of the RAM of traditional desktop of products and have about half the average performance impact.
The thin client notion is not unique to Panda, though it’s arguably taking the lead among vendors. McAfee has a thin client product, VirusScan TC (ThinClient), which is pitched as a small-footprint, low-bandwidth alternative, especially for remote users on slow connections.
And, last September, researchers at the University of Michigan, Ann Arbor, proposed a service provider/network-based approach using a thin client and multiple detection engines (“Rethinking Antivirus: Executable Analysis in the Network Cloud”). They used a thin client to ship thousands of malware samples through eight AV products and two behavioral analysis tools. The individual AV products’ detection rate ranged from about 55% to 87%, but the combination of all detected more than 96% of all the malware.
Using a bunch of different AV engines may not be a practical solution, but the thin client model is valid, especially when one considers the constant flow of information into the cloud and the resources any given vendor can throw at the problem.