Can I use / trust Panda Cloud Antivirus?

Can I replace my current AV with Panda Cloud? is it safe ? does it protect my PC if I wasn't connected to the net?

Please shed some light on the above I haven ever used teh Panda

 

We have an official thread for Panda Cloud, just scroll down a little and you'll spot it. Speaking of offline protection, I brought that topic up in the latest page of that thread.

 

Cloud antivirus software can pose a serious threat to information security and one's privacy. If there are things you wouldn't want the cloud AV software to send off your machine (information about files or the websites you visit or whatever) then you need to roll up your sleeves and try to study the product, how it is supposed to work, what level of visibility and control you'll have, etc. I think it safe to say that most users of any given cloud AV don't make a conscious, well informed decision on this aspect because they don't understand the potential issues, don't or think they don't care, don't have the time and/or technical capacity to research things, etc. Many of those who do hesitate rationalize away their concerns on the hope that the company that will be receiving the information from within their computer can be trusted. If you've thought carefully about this subject and are OK with the potential risks, then so be it. If you haven't, be sure to do so before running (another?) cloud AV.

 

Almost all antivirus have cloud component nowadays
So u stop using all antivirus wind

 

thanks for the insight, wont bother with it then

 

The devil is in the details so merely having a cloud aspect to them doesn't necessarily mean, to me at least, that they all are going to present risks that are intolerable to me or for that matter someone else that places a high value on info security and privacy. If, when it comes time for me to make the decision, I can't find one I'm comfortable with then yes, absolutely, I will run without AV. I expect that would also involve a switch to *nix.

 

You do seem to be having a "confidence crisis" with each product you choose.

Panda Cloud was one of the first AVs to popularize the idea of referring to a remote database in real-time. It was never cloud only, it's always had a synched local database for if/when the 'cloud' is unavailable.

Many other AVs also have so-called 'cloud' detection and/or database synching as part of their mechanism. IMO "Panda Cloud" is more or less just a name Panda use as a mark of differentiation between this and their other products.

 

Hi berry,

Please give Panda Cloud a try because what he says about the cloud are misconceptions (regarding Panda anyways). No personal files actually leave the system and not everything is scanned, only PE files. Panda creates a reversed signature for the file to get checked against the cloud and not the file itself.

For more information: http://research.pandasecurity.com/arguments-against-cloud-based-antivirus/

 

This is mostly incorrect and borderline to scaremongering. If you post such strong statements then you also need to provide concrete product based evidence to support it. There has been plenty of information posted on Wilders about it and the conclusion I can draw is that advantages (user protection) far outweight any possible drawbacks (based on products like Panda or WSA).

 

avast!, Panda, Kingsoft, whatever. You will always hear/see/find something negative. Sticking with the least unsuitable AV product you've used so far is a better compromise than having no AV because you haven't yet found the 'perfect' one.

 

I absolutely agree.

 

this post is just scareware. coming from a lack of information.

 

Agreed, and it looks like it worked, as the OP ran away screaming.

 

Funny line!

The scareware comment is pretty hilarious, especially if your using a win os! If Panda want's to to track my porn site usage, let them!

Ice

 

Specifically WHAT is mostly incorrect?

I've discussed the potential risks of cloud AV programs in some threads here, going into some detail regarding how sensitive information can be transmitted off your computer, how once that occurs you lose control over that information and have no practical way to know/assure what happens to it, what that information can communicate, how recipients of such information could possibly use and misuse it, how other entities could attempt to coerce recipients into providing them with access to it, how the info could be stitched together with other information, etc. When talking about that I tried/try to be technically correct and address the factual realities and possibilities. Some scenarios are scary. If you want, search my posts. I don't think you'll be able to argue that none of what I said applies in a Panda Cloud Antivirus scenario.

I've stressed, here and elsewhere, that it is important to carefully study things in order to understand exactly how the cloud AV in question works, exactly what it sends off your machine, what options there are for seeing and/or controlling that, etc. IOW, I've acknowledged and drawn attention to there being differences in how these programs work and encouraged people to really look into the details for themselves and then make up their own mind.

Is warning about common possibilities at a general level and urging people to be careful at the specific product selection level inappropriate?

That is a decision that everyone should make for themselves after making an effort to weigh the pros/cons as they see them. You may fault me for presenting potential cons without also presenting potential pros. I don't think that is an inherently bad thing any more than someone presenting potential pros without presenting the potential cons.

I would add that just because I think it important to, and do, draw attention to the potential negative aspects doesn't mean that there aren't potential positive aspects. I've at times, IIRC, acknowledged some such as how a massively large database of threats is better suited to being stored in the cloud vs pushed out to each machine.

 

I agree.

@DBoneLOL.

ROFLMAO....you crack me up...

 

Sorry no offense intended, it's all nice and well and may be even entertaining speaking about glooming scenarios (combined with some appropriate background music). But I see no evidence been put forward, I am sure staff at Panda Labs may want to know if the information of their customers is at risk.

You posted rather strong claims and you have not supported it by evidence. Amen

 

ask not what they(out there to get you) are worth to you,ask what you are worth to them.

if you consider yourself worthy enough to be targeted by cloud AV companies then don't use such softwares if not then it doesn't matter anyway.

 

I see you missed my reply: https://www.wilderssecurity.com/showpost.php?p=2098940&postcount=8

 

You have no idea what you are talking about. You have no evidence to backup your FUD claims and obviously have not researched into the matter. And if you have, you obviously don't have the required knowledge to understand it.

At least in the case of Panda Cloud AV (and most other advanced cloud-antivirus products) the files are not "sent" to the cloud. In fact a traditional AV with local-only signature database can be more of an intrusion of privacy and can send more sensitive files to the AV servers than a cloud-antivirus. And there's really no way for you to know it unless you reverse engineer the product and its communication.

Read this and stop spreading FUD:
http://research.pandasecurity.com/arguments-against-cloud-based-antivirus/

 

The bigger question is do cloud AV's work? IMHO not yet. I was a avid user of WEBROOT (still has a lot of potential) before but seeing it get just under 50% detection rate in real world tests makes me think the technology is still in BETA stage.

PANDA cloud is free so there is no real chance of losing, test each software and decide for yourself risks and all.

 

Another one who promotes FUD as most users don't know how WSA truly works: http://blog.webroot.com/2012/07/19/webroot-bulletin-regarding-av-comparatives-results/

If you want to continue this discussion Please post in the Prevx forum as I don't want to Hijack this thread!

TH

 

It's not FUD, at least I don't think so. I've bought the product, read the malware testing forums etc.. Mind you almost all AV's test at best 70% and the Norton's test at 30% in real world tests so that says something about basing your opinion on tests . I recommend Webroot to people btw I think it's a unique product in the AV marketplace. But as far as cloud vs signiture database detection go's I like the best of both worlds

Keep it up Webroot I really would like to see you continue to develop a very good product.

 

It is good to try to identify what is not sent off the computer. However, the better starting point is to identify what *is* sent off the computer. Being sure to question any simplified descriptions of operation and to dig to uncover all the details you can. They aren't always well documented.

Once you know what is sent off computer then you can try to determine what that information communicates. Just a hash with no accompanying information for example might seem meh. However, that hash might be of a single algorithm encryption tool used which communicates information about how one encrypts their files. Or a program given to customers by a specific financial institution thereby communicating where they bank or what type of account they have. Or a program which someone is using to bypass government censorship. Situations such as those and others where the user might not want such information communicated.

Many cloud AV programs will send full files of interest to the cloud if it is considered "suspicious". Disregarding the question of whether or not there is a high enough bar for that, what if the user were beta testing something under NDA? What if they are running a program that contains embedded keys or some other sensitive information? There are again various scenarios where a user might not want such a file uploaded. If there is an option to turn that off they would want to know that.

Then there are other very important scenarios where cloud AV software may send sensitive information to the cloud... URL information for websites you visit and/or information about files you download and/or metrics, possibly email, etc. All combined there could be, and in some cases I definitely believe there is, a rather massive amount of potentially to often sensitive information being sent off the user's computer to someone else's cloud.

IOW, a "normally just hash/signature sent, sometimes full files (optional), PEs only though, no documents sent" sounds like a good start but when it comes to cloud AV software there are other ways in which information/privacy can be put at risk. I'm not yet aware of Panda differing dramatically in that respect but I haven't studied it yet either so by all means feel free to comment further on why you think Panda has relative advantages WRT privacy, etc.

 

Y'all did a great job destroying the image of Panda Cloud Antivirus

Now I don't trust it and would never install it!

Back to my ESS