Panda Cloud AV

[a320ca]

Is this similar to "Hitman Pro"?

[vijayind]

Quote:

Originally Posted by a320ca

Is this similar to "Hitman Pro"?

Its probably more like PrevX. Since its provides real-time and on-demand protection like PrevX 3.x .
But Hitman Pro is a on-demand scan only product.

[pbust]

Exactly. However there are more differences. We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files (as opposed to MD5 which only identifies a unique file) as well as file properties and traits for cloud-heuristic determinations.

Quote:

Originally Posted by pbust

I'll post it here as soon as we release beta2

Are there any details available?

[PrevxHelp]

Quote:

Originally Posted by pbust

Exactly. However there are more differences. We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files (as opposed to MD5 which only identifies a unique file) as well as file properties and traits for cloud-heuristic determinations.

Small clarification Prevx doesn't use MD5 (or any one-to-one hash at all). If you're looking at our "PX5" unique identifier, that is just so that we can find a single file but it isn't actually used for identifying the files within the signatures. We use much smarter generic signatures - it would be nearly impossible to do it otherwise as we'd have to write a signature for every file... (in contrast, we have many signatures which often have each caught > 500k files).

[Pleonasm]

Quote:

We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files

Interesting. I was not aware that any major antivirus vendor didn’t use generic signatures. Symantec employs this technique, and is working to further improve it (see here). McAfee also reports that they too use generic signatures (see here).

[pbust]

Quote:

Originally Posted by PrevxHelp

Prevx doesn't use MD5 (or any one-to-one hash at all). If you're looking at our "PX5" unique identifier, that is just so that we can find a single file but it isn't actually used for identifying the files within the signatures. We use much smarter generic signatures

Thanks for the clarification. I know for a fact Artemis and other similar ones use md5 technology but wasn't sure about the latest Prevx. Againt thanks for correcting me.

Quote:

Originally Posted by Pleonasm

Interesting. I was not aware that any major antivirus vendor didn’t use generic signatures. Symantec employs this technique, and is working to further improve it (see here). McAfee also reports that they too use generic signatures (see here).

We're talking strictly cloud-scanning generic signatures, not locally installed signatures. As you say, most AVs today use generic sigs in the "traditional" local signature. However not all cloud-scanning enabled products have generic signatures.

[a320ca]

Quote:

Originally Posted by pbust

Exactly. However there are more differences. We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files (as opposed to MD5 which only identifies a unique file) as well as file properties and traits for cloud-heuristic determinations.

Thanks for the explanation. I'll wait for beta 2, then try it out.

[Less]

Quote:

Originally Posted by pbust

Exactly. However there are more differences. We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files (as opposed to MD5 which only identifies a unique file) as well as file properties and traits for cloud-heuristic determinations.

hi phust, carry on with your good work.
Thanks

[Murtadh]

I have win7 so I can't test the current beta -I'm waiting for Beta2- but I also love to do experiments in my friends PCs without them knowing about that , so I tried to install it in my friends laptop yesterday and it kept telling me that I'm missing one of the requirement which is IE6 or any newer one.... the strange thing is that my friend's Vista has IE7

so how can I fix this?

Quote:

Originally Posted by Murtadh

but I also love to do experiments in my friends PCs without them knowing about that

Hehe

[pnbalaji]

Quote:

Originally Posted by pbust

Exactly. However there are more differences. We do not rely soley on MD5 hashes in cloud scanning such as Artemis/Prevx and others. We also use what we call reverse signatures which are basically generic sigs which can identify multiple files (as opposed to MD5 which only identifies a unique file) as well as file properties and traits for cloud-heuristic determinations.

Hi,

Did you get a chance to read the reviews about Panda Cloud Antivirus at http://remove-malware.com? I had Panda cloud antivirus, but uninstalled it after reading the reviews of Matt.

It looks like Panda cloud missed almost 60% of fake URLs during the testing. I will definitely consider Panda Cloud antivirus when it comes out of Beta.

Thanks,
Balaji.


Thanks,
Balaji.

[pbust]

Quote:

Originally Posted by pnbalaji

Did you get a chance to read the reviews about Panda Cloud Antivirus at http://remove-malware.com? I had Panda cloud antivirus, but uninstalled it after reading the reviews of Matt.

It looks like Panda cloud missed almost 60% of fake URLs during the testing. I will definitely consider Panda Cloud antivirus when it comes out of Beta.

One of the reasons (bug) that this happens is already fixed in Beta2. It's basically a problem in the synchronous cloud-scan with files downloaded from the net.

Regardless of the bug fix, finding 10 malicious URLs every day which can bypass *any* security/antimalware product is fairly easy. We see hundreds or thousands of them every day that bypass either Panda, Symantec, AVG, Kaspersky, Prevx, Avira, etc. etc. I'm not sure what this type of test intends to proof.

For a more comprehensive whole product test that truly replicates users experience (static on-demand + dynamic test + false positive + statisticallly significant number of relatively "fresh" and relevant malware) I would recommend pcsecuritylabs.net. Of course the full product tests that look at dynamic + disinfection from AV-Test.org are also very good resources.

But of course you can argue that this is only my biased opinion and you'd be 100% right. The best thing is to research as many different independent tests as possible, try the products yourself and make your own decision based on personal experience & needs.

Quote:

Originally Posted by ance

What do you think about this idea:

"Consider pairing the product with Panda Anti-Rootkit, which is also free and received our Editors' Choice for rootkit removal."

Will this module be integrated into Panda Cloud AV Beta 2?

[pbust]

Yes we are integrating more anti-rootkit techniques, but not 100% of it will be in Beta2. We're integrating it gradually.

[raven211]

Quote:

Originally Posted by pbust

Yes we are integrating more anti-rootkit techniques, but not 100% of it will be in Beta2. We're integrating it gradually.

Thanks... can I call you "the Panda"? It's good to hear.

[pbust]

Sure thing

[removemalware]

Quote:

Originally Posted by pbust

One of the reasons (bug) that this happens is already fixed in Beta2. It's basically a problem in the synchronous cloud-scan with files downloaded from the net.

Regardless of the bug fix, finding 10 malicious URLs every day which can bypass *any* security/antimalware product is fairly easy. We see hundreds or thousands of them every day that bypass either Panda, Symantec, AVG, Kaspersky, Prevx, Avira, etc. etc. I'm not sure what this type of test intends to proof.

For a more comprehensive whole product test that truly replicates users experience (static on-demand + dynamic test + false positive + statisticallly significant number of relatively "fresh" and relevant malware) I would recommend pcsecuritylabs.net. Of course the full product tests that look at dynamic + disinfection from AV-Test.org are also very good resources.

But of course you can argue that this is only my biased opinion and you'd be 100% right. The best thing is to research as many different independent tests as possible, try the products yourself and make your own decision based on personal experience & needs.

1. At the time I tested Panda Cloud AV it should have been considered an Alpha. I could tell the real-time scanner was crippled, but hey...it's a beta so you really can't give them too much grief.

2. Panda has a small user base as compared to the big boys like Symantec or McAfee. A small user base means a small amount of samples submitted to the cloud which means lower detection percentages and on and on and on...it's kind of a viscous circle. I suppose their cloud will drastically increase in size if they keep it free and get some positive press.

I'll be testing BETA 2 ASAP.

[pbust]

Quote:

Originally Posted by removemalware

2. Panda has a small user base as compared to the big boys like Symantec or McAfee. A small user base means a small amount of samples submitted to the cloud which means lower detection percentages and on and on and on...it's kind of a viscous circle. I suppose their cloud will drastically increase in size if they keep it free and get some positive press.

Nowadays it's not really about getting access to the samples. We all (big boys and small boys) get pretty much the same amount of samples every day as we normally share them amongst ourselves. I think the problem relies more on being able to process them in a timely manner.

[Pleonasm]

Quote:

We all (big boys and small boys) get pretty much the same amount of samples every day as we normally share them amongst ourselves.

Pbust, I am curious: can you describe the processes and procedures by which the samples are shared among anti-virus companies? Is there an organization among which the members share the samples? Which anti-virus companies participate in this shared sample “pool”?

Thanks.

[pbust]

I'm not sure that I would want (or even can) discuss this openly. All I can say is that there is both private collaborations as well as through certain organizations.

[removemalware]

Quote:

Originally Posted by pbust

Nowadays it's not really about getting access to the samples. We all (big boys and small boys) get pretty much the same amount of samples every day as we normally share them amongst ourselves. I think the problem relies more on being able to process them in a timely manner.

Agreed, everything usually gets "dealt with", it's just how fast.

[Pleonasm]

Quote:

I think the problem relies more on being able to process them in a timely manner.

Pbust, I am a bit confused about this comment. Isn’t the processing of malware samples to create detection signatures essentially an automated activity? If so, why would there be differences among anti-malware vendors in “being able to process them in a timely manner”?

[TonyW]

Quote:

Originally Posted by Pleonasm

Isn’t the processing of malware samples to create detection signatures essentially an automated activity? If so, why would there be differences among anti-malware vendors in “being able to process them in a timely manner”?

I think most AVs use a combination of automated/manual processing of malware samples. Much of it uses automated tools, but for trickier cases, human analysis is needed. At KL for example, they're known as "woodpeckers" because of their tap-tapping on keyboards.

I'm guessing the automated tools will vary from company to company as well.

[jlo]

I am giving this a try at the moment. Seems to run quite light.

Does it have heuristics in the cloud as there are no options on the console?

Also if there is a file which is not detected where do I send it to get it detected?

Many Thanks

Jlo31