Cloud Antivirus Softwares - How reliable are these?

Seriously, should we believe in cloud antivirus as the only layer of protection? Most of these like Panda Cloud, Webroot Secure Anywhere, Kingsoft AV etc can work with other traditional antivirus. So, should we use them together?

I think so or you may use AV that uses combined technologies. This conclusion is a result of my experiences with Webroot Secure Anywhere & Kingsoft AV (I use both together) when I had a internet connection outage in my place for a week. I almost got an infection which got blocked with Zemana. Later I found that none of these two detect any of the Virus samples I have with me. Today, after getting the connection back, I saw that both are detecting most of the samples. So I am going to uninstall both or any one of the two and use a traditional AV.

What's your take?

 

avast! uses Hybrid Cloud technology. It's a combination of best things from both local and cloud services.

 

I know that and I think such solutions are more reliable.

 

Nearly every cloud AV uses offline signatures as well. There is no need to uninstall your cloud AV.

 

Don't do stupid things such as almost getting yourself infected when there's an internet outage.
How'd that happen anyway?

 

I also thought that but Webroot Secure Anywhere & Kingsoft AV seem to lack that feature.

 

+1

just set them properly.
Also WSA isolate any files and wait for the cloud to identify them as malware or not.

 

This was a rare outage period of 8 days! and I was bound to do stupid things like inserting a USB drive and execute files from there.

 

Is this a "bookish fact" or you have known that from your experience? I am asking because things went otherwise in my end. Since, Zemana interfered I was not afraid of infection.

Anyways what's your opinion guys?

 

Webroot has emergency local signature and increased tuning in case been offline. Also be aware that when offline you cannot get infected unless you try hard by running infected USB sticks or plugged-in HDs. Also note that even if infected WSA protects your data and record all changes to re-state the system back to pre-infection.

Mayor advantages of cloud AVs: survive longer to malware developers as engine and logic cannot be reverse engineered on the cloud and its not present locally.

 

Nearly all av software incorporates cloud coverage so this thread seems meaningless and futile.

 

from webroot forum and here on webroot section.

zemana interfered and removed the malware, but without ZAL, it will happen anyway.

 

There are different things which are "cloud based" :

For examples :

Comodo uses cloud based signature DB + Cloud based analysis of unknown files (CAMAS).

Avast! uses cloud based FileRep + signatures (FileRepMalware) but streaming updates are received from the cloud to the user's pc (which is perfect).

Symantec provides File Reputation and I think some signatures cloud based

Panda Cloud automatically categorize files using "Collective Intelligence" which is totally cloud based (even though some things are in the user's pc).

As we can see, each vendors are not using the cloud in the same way.

 

Did you read the #1 post completely before making your comment. Not all Antivirus have combined technologies. There are pure Cloud Antiviruses which have emergency signatures only like Panda Cloud, Webroot Secure Anywhere, Kingsoft AV etc. I was asking your preference for these AVs with AVs using combined technology (Bitdefender, Avira, Avast etc).

 

As long as you kept AutoRun turned off you should've been fine. Why would you risk executing files from an untrusted USB source when you didn't have an AV?

 

@fax: Thanks for your opinion and saying the main advantage of pure Cloud AVs. Moreover such AVs are always lightweight. But after this incident I will also have votes for local signatures.
Since, all of you are saying this, WSA must have those technologies but in my case Zemana must have talked earlier to catch that threat. (WSA on demand offline scan did not catch that threat).
Anyway, how one can know whether a USB is infected if the AV is not detecting the infected files in it? I have turned off USB autorun and auto-execution of malwares from USB but still got bluffed since all the executable files in that pen drive was infected with some file infector virus.

 

Actually that pen drive is mine and I was unaware that I had infected it by inserting in another PC that was infected with a file infector malware. You know that you can't always be smart especially when you are in hurry.
Anyway, autorun is always turned off in my PC. I actually executed a file related to my project from that pen drive.

 

Interesting story OP. FWIW, we had a power outage not long ago and I grabbed a DVD I wanted to watch from my neighbor. After popping it in I inadvertently double clicked on the volume and got a warning that some obscure executable was trying to run. IIRC, it was a Sony DVD with an autorun.inf file that launched some "extras" software that didn't look terribly threatening but also didn't look terribly legit. I didn't have that machine's config tightened up properly, and I'm sure I'm not the only one to have made that mistake

Did those cloud oriented AV products give you a clear indication that your were operating with reduced detection capabilities? Edit: In a power outage situation many, possibly even most, users would realize they would lose some detection capabilities. However, there are other potential situations where power and an Internet connection could be up but there is no route to the cloud or the cloud is having a problem. So I think it would be good if there were some unavoidable indicator.

I wonder if any of the AV evaluation companies are still putting anti-malware tools through comprehensive tests when their cloud connections are blocked. They really should be tested both ways.

 

No.

 

WSA not detecting the sample on demand it's not an abnormal behaviour. If you run WSA you need to know how WSA works before concluding WSA did not protect from the malware. You need to check if the malware is functional. You need to execute the malware, you need to see if the malware will manage to compromise your data and you need to see if WSA will be able to detect online and revert the changes and the time needed.

This has been discussed ad nauseam in here including why WSA testing samples by scanning them is not suitable to judge the ability of WSA.

Its surprising that after all been explained in several occasions still there are these type of posts.

 

@fax: unfortunately I was not following WSA discussions lately but have been using the product and loved it!

So, do you prefer cloud only AVs?

I think VB100 still tests that way.

 

I always prefer hybrid technology (Local DB + Cloud), like Kaspersky, BitDefender, Avast, Norton, Eset, etc. Local DB/Sig are necessary for me as I often has to use infected USBs. I have enabled 'execute deny' from USB via group policies....but still prevention is better than cure

 

Panda Cloud is the only one in that list that is not designed to run alongside a "traditional" product. Panda Cloud provides more than one layer of defense to a user's PC. From a offline cache to TruPrevent engine technology and community-powered firewall.

There is more than meets the eye.

 

Some info on how webroot works:

"According to Malloy, when Webroot's cloud detection system spots an unknown program, the local Webroot client starts journaling everything the program does. The cloud system continues evaluating the file, sometimes with human intervention. The process can take minutes or hours. If the file does prove to be dangerous, the local Webroot client uses the activity journal to roll back every single recorded action."

http://securitywatch.pcmag.com/security-software/300445-webroot-bombs-in-dynamic-protection-test-why

 

But if I remember properly Pbust said once that it is made to run along side others but is not recommended.