Cloud Antivirus Softwares - How reliable are these?

Discussion in 'other anti-virus software' started by sg09, Apr 13, 2013.

Thread Status:
Not open for further replies.
  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Seriously, should we believe in cloud antivirus as the only layer of protection? Most of these like Panda Cloud, Webroot Secure Anywhere, Kingsoft AV etc can work with other traditional antivirus. So, should we use them together?

    I think so or you may use AV that uses combined technologies. This conclusion is a result of my experiences with Webroot Secure Anywhere & Kingsoft AV (I use both together) when I had a internet connection outage in my place for a week. I almost got an infection which got blocked with Zemana. Later I found that none of these two detect any of the Virus samples I have with me. Today, after getting the connection back, I saw that both are detecting most of the samples. So I am going to uninstall both or any one of the two and use a traditional AV.

    What's your take?
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! uses Hybrid Cloud technology. It's a combination of best things from both local and cloud services.
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I know that and I think such solutions are more reliable.
     
  4. ght1

    ght1 Guest

    Nearly every cloud AV uses offline signatures as well. There is no need to uninstall your cloud AV. ;)
     
  5. AVusah

    AVusah Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    274
    Don't do stupid things such as almost getting yourself infected when there's an internet outage.
    How'd that happen anyway?
     
  6. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I also thought that but Webroot Secure Anywhere & Kingsoft AV seem to lack that feature. :mad:
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,144
    Location:
    in a remote land :)
    +1

    just set them properly.
    Also WSA isolate any files and wait for the cloud to identify them as malware or not.
     
  8. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    This was a rare outage period of 8 days! :ninja: and I was bound to do stupid things like inserting a USB drive and execute files from there.
     
  9. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Is this a "bookish fact" or you have known that from your experience? I am asking because things went otherwise in my end. Since, Zemana interfered I was not afraid of infection.

    Anyways what's your opinion guys?
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Webroot has emergency local signature and increased tuning in case been offline. Also be aware that when offline you cannot get infected unless you try hard by running infected USB sticks or plugged-in HDs. Also note that even if infected WSA protects your data and record all changes to re-state the system back to pre-infection.

    Mayor advantages of cloud AVs: survive longer to malware developers as engine and logic cannot be reverse engineered on the cloud and its not present locally. ;)
     
  11. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Nearly all av software incorporates cloud coverage so this thread seems meaningless and futile.:mad:
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,144
    Location:
    in a remote land :)

    from webroot forum and here on webroot section.

    zemana interfered and removed the malware, but without ZAL, it will happen anyway.
     
  13. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    There are different things which are "cloud based" :

    For examples :

    Comodo uses cloud based signature DB + Cloud based analysis of unknown files (CAMAS).

    Avast! uses cloud based FileRep + signatures (FileRepMalware) but streaming updates are received from the cloud to the user's pc (which is perfect).

    Symantec provides File Reputation and I think some signatures cloud based

    Panda Cloud automatically categorize files using "Collective Intelligence" which is totally cloud based (even though some things are in the user's pc).

    As we can see, each vendors are not using the cloud in the same way.
     
  14. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Did you read the #1 post completely before making your comment. Not all Antivirus have combined technologies. There are pure Cloud Antiviruses which have emergency signatures only like Panda Cloud, Webroot Secure Anywhere, Kingsoft AV etc. I was asking your preference for these AVs with AVs using combined technology (Bitdefender, Avira, Avast etc).
     
  15. AVusah

    AVusah Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    274
    As long as you kept AutoRun turned off you should've been fine. Why would you risk executing files from an untrusted USB source when you didn't have an AV?
     
  16. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    @fax: Thanks for your opinion and saying the main advantage of pure Cloud AVs. Moreover such AVs are always lightweight. But after this incident I will also have votes for local signatures.
    Since, all of you are saying this, WSA must have those technologies but in my case Zemana must have talked earlier to catch that threat. :) (WSA on demand offline scan did not catch that threat).
    Anyway, how one can know whether a USB is infected if the AV is not detecting the infected files in it? I have turned off USB autorun and auto-execution of malwares from USB but still got bluffed since all the executable files in that pen drive was infected with some file infector virus.
     
  17. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Actually that pen drive is mine and I was unaware that I had infected it by inserting in another PC that was infected with a file infector malware. You know that you can't always be smart especially when you are in hurry. :p
    Anyway, autorun is always turned off in my PC. I actually executed a file related to my project from that pen drive.
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Interesting story OP. FWIW, we had a power outage not long ago and I grabbed a DVD I wanted to watch from my neighbor. After popping it in I inadvertently double clicked on the volume and got a warning that some obscure executable was trying to run. IIRC, it was a Sony DVD with an autorun.inf file that launched some "extras" software that didn't look terribly threatening but also didn't look terribly legit. I didn't have that machine's config tightened up properly, and I'm sure I'm not the only one to have made that mistake ;)

    Did those cloud oriented AV products give you a clear indication that your were operating with reduced detection capabilities? Edit: In a power outage situation many, possibly even most, users would realize they would lose some detection capabilities. However, there are other potential situations where power and an Internet connection could be up but there is no route to the cloud or the cloud is having a problem. So I think it would be good if there were some unavoidable indicator.

    I wonder if any of the AV evaluation companies are still putting anti-malware tools through comprehensive tests when their cloud connections are blocked. They really should be tested both ways.
     
    Last edited: Apr 13, 2013
  19. ght1

    ght1 Guest

    No. :D :doubt:
     
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    WSA not detecting the sample on demand it's not an abnormal behaviour. If you run WSA you need to know how WSA works before concluding WSA did not protect from the malware. You need to check if the malware is functional. You need to execute the malware, you need to see if the malware will manage to compromise your data and you need to see if WSA will be able to detect online and revert the changes and the time needed.

    This has been discussed ad nauseam in here including why WSA testing samples by scanning them is not suitable to judge the ability of WSA.

    Its surprising that after all been explained in several occasions still there are these type of posts. :)
     
  21. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    @fax: unfortunately I was not following WSA discussions lately but have been using the product and loved it!

    So, do you prefer cloud only AVs?

    I think VB100 still tests that way.
     
  22. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I always prefer hybrid technology (Local DB + Cloud), like Kaspersky, BitDefender, Avast, Norton, Eset, etc. Local DB/Sig are necessary for me as I often has to use infected USBs. I have enabled 'execute deny' from USB via group policies....but still prevention is better than cure
     
  23. Cloud

    Cloud Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    1,030
    Location:
    United States
    Panda Cloud is the only one in that list that is not designed to run alongside a "traditional" product. Panda Cloud provides more than one layer of defense to a user's PC. From a offline cache to TruPrevent engine technology and community-powered firewall.

    There is more than meets the eye. ;)
     
  24. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Some info on how webroot works:

    "According to Malloy, when Webroot's cloud detection system spots an unknown program, the local Webroot client starts journaling everything the program does. The cloud system continues evaluating the file, sometimes with human intervention. The process can take minutes or hours. If the file does prove to be dangerous, the local Webroot client uses the activity journal to roll back every single recorded action."

    http://securitywatch.pcmag.com/security-software/300445-webroot-bombs-in-dynamic-protection-test-why
     
  25. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    But if I remember properly Pbust said once that it is made to run along side others but is not recommended.
     
Loading...
Thread Status:
Not open for further replies.