Is Cloud Antivirus Any Good - Some Thoughts Here?

Well I can't say I've been on top of the latest trends lately.

I've only just stumbled onto Cloud AV apps and I wonder how many others out there have yet to find out about this too.

I have some understanding Cloud, internet based computing with shared resources, but how does all that play into Cloud AV apps?

I guess I'm still old school a bit when it comes to AV, install it on your pc and let it sit in the taskbar like any other AV has done over the past 5 years and the good ole names in AV too, Avira, Nod32, Kaspersky, etc...

So is it time for Cloud or what?

Hmm Panda Cloud best free AV by PC mag. editors choice, hmm what does a magazine know...

 

Similar thread here but not the same just some info: https://www.wilderssecurity.com/showthread.php?t=274606

TH

 

Thanks Triple Helix...

Ok how about some more thought here? Obviously Cloud AV is being done in different ways, so how about some thoughts on that, as well as who is making the better/best Cloud AV and why?


THANKS

 

besides the obvious problem of private data being send to a centralized server and the necessity of a connection for full functionality of the cloud app, i have the feeling that most of the cloud developers are going after the detection, at least for the moment. as i said it might be only an idea of mine but i get this "detection % race" and i dont think that cloud are mature in removal.

 

I think you're misunderstanding how cloud-scanning works. In most implementations there's no private data being sent to a centralized server.

Again, a common misconception. Without connectivity there's plenty of protection offered. At least in the case of our implementation there's a bunch of protection layers which continue to work even while offline:
* Cached signatures based on prevalence / ITW malware
* Local heuristics engine
* Behavioural blocking
* Behavioural analysis
* Autorun/USB protection

Again a misunderstanding of what is being done or can be done from the cloud. Signature detection is only a small portion of it. You can also do generic signatures from the cloud, heuristics from the cloud, white-listing from the cloud, prevalence from the cloud, disinfection routines from the cloud, etc. Depending on the vendor you will have one or the other or some combination thereof.

 

The better anti-malware products allow a user to opt-out of contributing to the in-the-cloud community. Personally, I would not use a product which lacked this feature, because its presence demonstrates the importance that the company places upon consumer choice and upon privacy.

 

@ pbust: 1) actually i dont trust the statement of any company when i have no real control on what they receive and what not from my pc.
2) i also said "full" which is not the same as "plenty".....
3) in an older discussion i was thinking of a cloud signature definition instant update for my AV solution in the future which would be a great step ahead but yet again this doesnt mean that most if not all AV companies aint racing each other in the detections capabilities as this is the feature that most users would focus when judging the performance of an AV. though i have great faith in the future of cloud computing i still dont see mature products that explore all the possible pathways of cloud tecnology.

@pleonasm: again, just unchecking an option doesnt really offer any guaranties, though its very important at least having that option for a start.

 

This problem is not specific about "cloud av's", but a general trust issue. How can you trust the OS you have installed? How can you trust any program installed on your PC? How can you trust other AVs, even if non-cloud? Do you review and reserve engineer every single IP packet to/from your computer?

The fact is that any of those programs you already have installed on your computer could do any of those things you fear without you ever noticing.

At the end of the day trust must come from the company whose program you are using. There's little you can do about this other than using only open source OS/programs and reviewing every single line of code.

 

@ pbust: yes, i perfectly agree. cloud apps though have a 24/7 endless access to a pc so concerns are higher.
as i dont see your reply on the other points may i assume that u also agree that cloud is still immature ?? i believe that within a year or so representatives of various AV companies will state that "our app is much more mature since we first launched it in the market"...

 

I don't agree either. Look at any normal PC nowadays and see how many third-party programs and services are running in the background. All these programs also have 24/7 to "the cloud" ie: the Internet.

No I don't Let's take them one by one:

Unless you are a testing lab doing ZOO detection tests, I don't see why this is important. As long as the protection offered is good against all malware in circulation and which can cause damage (while offline), from the perspective of the end user its "full". Of course we will always see tests that try to give the wrong impression, introducing Internet-driven malware in an offline manner, which of course does not replicate the behaviour of malware. But that's a different story.

I'm not sure I understand... what you are saying is that "the cloud" should only be used for signature definition updates? Ins't that the traditional "signature update" model?

 

i dont agree. not all the progs running in the background send packets continously and most important most of them can be blocked with a firewall which is not the case of a cloud AV.

the fact that u dont agree doesnt mean that plenty is equal to full. u can put it in any way its comfortable to u but the truth is that it simply aint the same.

i was refering to the pulse definition updates as compared to the classic "few times a day" definition updates.

 

In my personal opinion if you trust the company behind the cloud product why worry? About all AV vendors collect data on possible malware files. Microsoft Spynet, Norton File Reputation Network (Norton Insight), Panda collective intelligence servers. I think browsing around the web gives off more data then using a cloud product, well that's my opinion.