Panda Cloud Antivirus 1.1 Beta Released

It's no secret at all.... As is very well known we get samples from customers, honeypots, multi/online scanners, sharing agreements, research organizations, and a large etc.

 

Would uploading malware samples to Virustotal.com lead to added protection to PCA?

 

If it's not previously known, then yes.

 

And that's how most of the other reputable AVs get their samples also, cloud-based or not.

Automatic analysis also takes place within other AVs too with their own independent automated tools. However, manual analysis is needed from time to time as I'm sure that happens with Panda as well.

 

So what you are saying is that Cloud or not, it's all the same, except Clouds keep their signatures online while ordinary AVs keep theirs on local computer?

 

That's just one of the differences between cloud and non-cloud AVs. Some even offer a cache of signatures stored locally for offline scanning.

The cloud AVs may also differ a bit between each other in the manner of how files are scanned and whether reputation scores are assigned to those files.

Anyway, we're in danger of running off-topic here. This discussion is on the beta of PCAV's next version. I suggest opening up another thread if you wish to discuss how virus samples are collected or differences in cloud AV architecture.

 

Yeah, you sir are a prototype of troll.

 

Now, now, with that statement, I am ready to call you a troll.

 

Wait a flea flicking minute. Pedro you answered this with a yes. How? How does uploading something to Virustotal assist PCA? Is it based on who or who doesnt detect it. Before I sound off I really would like to understand how that helps PCA, thank you.

 

Err, like... passing the sample to the cloud/vendor? Doesn't sound like rocket science.

 

When you upload something to VT, it is also send the the AV companies, so if they don't detect something while others do they can analyze it and add detection. Though some seem to add everything automically, as showed by Kaspersky recently. They created some harmless files, created a virus signature for it in their database and then uploaded it to VT. Of course they were the only one 'detecting' the files, but soon a lot of vendors added the files to their detection and after 10 days 14 other vendors detected the files as malware.

 

Many AV-vendors have signed deals with totalantivirus.com. Virusotal sends out undected samples to te vendors.

 

Ok, but could some not be false positives. I mean what does it take, or how many other vendors have to detect it for it to considered, "legit". I dont like this approach.

 

Yes it can come w/ false positives as noted above. But you've omitted the submission part there. Someone's gotta be the first to submit the stuff to the vendor. People generally suck wrt submitting stuff to the vendor (lack of documentation, lack of features, lack of knowledge how to do it, email filtering etc.) but lot of them use Virustotal and similar web services.

 

This is a bit OT but there's an interesting post about the Kaspersky experiment by my esteemed colleague David over at http://www.eset.com/blog/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts. While you're reading that don't overlook the link to the Hispasec blog post where a similar case a few months earlier is exposed and Kaspersky themselves fall for the same "copying detections" issue they complain about

 

@Pbust,


will we see a popup or an alert on updates from beta to beta on product releases?

how will that work in the final?

thank you

 

yeah, i rememebr reading about this some time ago, very interesting.

 

Ah thanks for the interesting read

 

A Question to Pbust (Pedro)

Do you guys at Panda Security have any plans expanding to the Mac platform? I'm wondering since more and more vendors are doing so.

A little OT maybe but it's still about Panda Sec.

Thanks.

 

Will program updates be full program updates or just update the files needed? and not a full program download

 

Yes that's always there in the plans.

Full program updates & upgrades.

 

how will you be alerted of the updates? by a popup when upgraded?

 

So your answer is YES interesting, are you allowed to tell us more ?

 

No