Bad sides of CloudBased Antivirus software?

What are bad sides of cloud based antivirus programs?


Experts please

 

No connection, no protection

 

Some things still get through them. IIRC if its unknown it should alert you of the file trying to run but some stuff gets through and you are not alerted.

 

An online resource is only good if you have a connection and everyone else is sharing there activity.

 

Protection of privacy.

Uploading documents, pictures etc. for a cloud scan may not be everyone's cup of tea, but of course this things can be infected as well.

Don't know if military intelligence services use popular cloud based scanners.

Cheers

 

PCA is cloud-based and it stores a local cache of signatures from Collective Intelligence on your pc for use when "offline".

 

Absolutely wrong.

 

~~~~~deleted by me~~~~~

 

I didn't know that. Thank you guys for the info

 

... and then the detection rate is about 10 % as far as I remember

 

The thread is about In-the-cloud - based antiviruses in general , not Panda's Cloud AV.

 

I beg your pardon ...

 

well even tho panda cloud AV is at 1.0 it will only get better in time, online and offline.

 

Latency & Response time ?

 

The only real negative side I have seen in cloud base is the simple fact of needing to check everything against the cloud. As this takes more time by sending the info to the server and waiting on a response, when you have alot of files to check against it you can see a long lag time in between. This can effect installations, downloads (in a way) among other issues.

There is also many different ways company's are incorporating "Cloud Technology" that it all just depends. Guess in the end people need to weigh the benefits against the negatives and see what they come out with for there personal needs.

 

Yes, an important issue (to me, at least). Anti-virus products with “in-the-cloud” technologies vary in their privacy policies and practices, with some allowing users to opt out of participation in the “community,” thereby reducing privacy concerns. I think it’s wise to explore and consider these differences among products when making a purchase decision.

Isn’t it the case that an entire file is uploaded only when it is detected as malicious; otherwise, only a hash of the file is uploaded?

This could certainly be true for some products, but my own experience is that scanning an entire PC is actually faster because files on the PC which are deemed trustworthy (though the in-the-cloud community based reputation) are skipped.

 

for me it will be if i am infected with malware that criple my internet connection

 

I don't know how this is handled in general, but e.g. Hitman Pro just ignores all doc/pdf/jpg files for cloud scanning.
Therefore it doesn't upload anything, but all these files with exploits or whatever may be not detected.

I think cloud scanning will be incorporated into nearly all regular AVs sooner or later, just like it was with heuristics.
And standalone cloud scanners will end up as second opinion tools because of their technical and privacy related limitations.

Cheers

 

Agreed, Cloud scanning alone I think has some major limitations, mainly because if a virus blocks your internet or if your offline there goes your AV. Now the cloud scanners that are incorporated into some AV's have got some advantages. The way they are implemented if something happens you may lose the cloud but the rest of the security still stands and still has a chance to stop whats happening.

 

The funny thing is (as always with AV stuff), that there is so much fuss.
It's cloud based! Yeah, yeah cloud. Awesome!

I mean OA checks its whitelist in realtime for quite a while now, but as it's not an AV no one speaks or cares about it.

Cheers

 

That's it, because the only real advantage of cloud, is for the AV industry itself. They save money in bandwidth, they don't need to prepare new installers with updated database so often, offline installation signature packages, download new signatures to every client every 2 hours. etc.

For me as a consumer, i see absolutely nothing in cloud, that the "normal" nowdays AV doesn't provide and well, better. And if you have slow connection , things get worse.

Also as far as privacy is concern, basically you have to trust the vendor that really nothing personal is sent when scanning. (If you ask me, i trust nobody but myself).

Also, say that your AV does have the detection of a malware but the realtime scanner isn't as good against it stopping it on its tracks and it cuts your connection. You have still one more chance with on demand scan to get it and clean it and then repair your connection. With the cloud you 're toast.

You 've downloaded a rar file. Your connection with your cloud servers are severed, either by your ISP's problems or by the AV's servers issue. You open the rar, one file is 6 months old malware. You run it, you get infected and you won't even know it. With traditional scanner and local database, you run it, it gets caught.

The advantage of not scanning the "secure" files according to comunity, is something that could very well be incorporated to "normal" AVs, although for me this is marginal. The technology of skipping unchanged files is old and known in normal AVs, it depends on willing to incorporate it in all AVs or not.

Basically all the cheering from the press, is that it saves money for the AV industry. Otherwise, as i see it, there is nothing the "normal" AV can't do that the cloud can do. And there are no privacy concerns or having to trust someone (<cough>Iobit<cough>).

F-Secure also has the cloud option Deepguard that you can activate if you like, and be connected to the "community".

So the only ones that in deed should cheer for "cloud only" scanners, are the AV vendors and possibly those that would like to have us at the end move everything on the cloud (Google seems to be in a hurry about that).

When the Pentium III was supposed to have uniquely identifiable serial (bottom page http://en.wikipedia.org/wiki/Pentium_III), even the EU moved against it. Intel backed off. Today, Rollback, which has my customer data phones back during boot time to "re-check" the activated license at every boot so that the firewall can't catch the connection. Google wants to keep my OS and even my data on the web, my AV wants me to scan my files on the web and the press is cheering about it.

Odd... At least even if a software was to read my Pentium's serial, it would still have to pass the firewall to report it. Rollback doesn't need to. An AV doesn't need to either. But it's "fine" and wow, it's COOL, cause it's "the cloud!".

The title of the topic should rather be "What are actually the good sides over the existing technology of cloud-only-based antivirus"? Ok, the vendor will save money thanks to your upload bandwidth and your trust that your personal data will remain on your PC. What about your gains as a customer?

I could understand a product that next to the local database system, wants to add the cloud. That i would understand that gives me something extra. The cloud-only, i don't understand what benefit brings me. It brings to the vendor, sure. At the cost of my connection and my risk of privacy (in Google we trust).

 

Good Morning ! Kudos for Fuzzfas, your analysis of Cloud, puts a dart through the balloon of Marketing and Media hype. You present your analysis with Clarity and Knowledge. It's refreshing to dispense the pseudo almost mystical association that the general public has in it's perception of Cloud Technology. Excellent presentation, Fuzzfas. Sincerely...Securon

 

(Sorry, had to add a good side of cloud protection in response)...
Benefit of a quicker response and detection rather than waiting for the (hourly, or daily) update to come through.

Some AVs do this as an addition to traditional AV databases (to protect during the time of the lab adding to detection and the time the user's AVs are updated.

 

This point is starting to be come more and more mute, As more company's are offering "Pulse" updates. Overall Cloud is just nother way to deliver signatures the only difference is the data flows in the other direction.

 

In deed, some AVs use it as addon. I think this 1-2 hour margin , is a rather feeble excuse of why instead of making an addon you remove the "traditional" database alltogether.

For on demand scans of downloaded files, this 1-2 hour margin isn't an issue at all, since if you download something new, you can manually download newer definitions yourself before running the file.

It is more for web browsing zero day exploits where it can be of help.

In p2p origin malware, it's usually better to have local databse, because it's hard to find zero day there and often you download things, put them at some folder and let them sitting for days before you actually run the files. When you do decide to run the files, if there's something wrong with your cloud (my ISP in these days has issues) and something is malware, you 'd better check your cloud connectivity before running them. And if you see the cloud not connecting, wait until it does, because even a 1 year old malware will get you. Apart our normal internet connection, now we should start checking if the connection to the cloud is Ok too before running something.

But really, i think the only reason to make this exchange of the one for the other instead of going for both, is that it saves money for the vendor. Personally i don't even think that the situation with malware is sooo desperate that a cloud is needed at all on permanent basis. Most commercial AVs allow for 1h or 2h updates, i think they are plenty enough and the cost-risks to pay for cloud-only AVs are superior to the risks of having a normal AV+cloud added or normal AV without cloud.

The dilemma "Cloud or local database" is for me a pseudo-dilemma put for commercial reasons. If all they care about is about OUR safety, then i see no dilemma. Local Database PLUS the option for cloud (and plus behaviour blocker if you ask me). You let the user then decide. Which is what F-Secure does right now. So, why would a cloud-only AV be better than the current situation where i have local database+the option of F-Secure's cloud?

On the other hand, if this is about reducing costs, i can understand how one may try to sell the cloud as the best thing ever and say "throw away your AV as you knew it, it's so old, the cloud only is the future and it's cool!".