Cloud Antivirus Softwares - How reliable are these?

NO, you should always layer your security.

The developers of these products urge against running more than one anti-virus on a system due to the risk of conflict. Some folks have been working to configure these applications to coexist. From a security standpoint, in my honest opinion, this is a risky practice when you consider that application developers can make any number of changes when they release an application update or patch. Be prepared to backup and restore your system should something happen.

I'd like to stress that an inability to connect the internet is a problem that plagues traditional anti-virus as well. At the very least, a cloud antivirus should offer local signatures and resident engine for scanning and removing infections. So unless a cloud anti-virus is strictly internet dependent the solution seem to be the same for both. Now let's say you do lose internet. At this point, your going to lose the "theoretical" benefits of cloud security, which is community support (i.e. sample submission/analysis, quick release of "more current" definitions, and access to any other services/utility server side). It's debatable whether these benefits are of substantial gain even when connected to the internet. Not to mention that traditional antivirus offer a lot of the same functionality anyways. These sales pitch is that cloud-solutions should offer these services at a quicker rate (i.e. your definitions should be more current against new threats, etc.). Sales pitch aside, its actually comes down to the methodology. What samples are these companies using? What samples are they not testing? etc. For example, faster definitions releases do not translate to better detection of high-risk threats. Not to mention, what do you and I define as high-risk? It's difficult to make a subjective analysis of these products without asking and answering these questions. To prevent a endless debate from ensuing, I will answer your topic questions:

"How reliable are these cloud antiviruses?"
Only as reliable as the definitions and engines they use to scan your system when connected and disconnected to the internet. This may seem like a cryptic answer, but what your asking really isn't a black and white, yes or no response. Do your research, layer your security, and accept the fact that there is no such thing as 100% security.

 

I think there a fundamental difference in mentality when it comes to "traditional" vs "cloud" developers. If your work is to design a solution that provides maximum protection without remote queries, there is no temptation to shift anything to the cloud and (apart from software distribution and periodic updates, of course) you'll fully concentrate on maximizing client-side detections and protections. If your work is to design a hybrid solution, there could be a temptation to shift some things to the cloud and this could lead you to develop a less robust pure client side protection system. Based on various things I've read, I think at least some hybrid AV developers have done this. As an example, and I don't remember which cloud AV this applied to, I recall reading a cloud AV company rep saying that malicious URL checking can entirely be done in the cloud because <words to the effect that no one would ever need to check a URL in scenarios where the cloud wouldn't be available>. Such obviously bad thinking can occur in the minds of people whose world revolves around the cloud and they come to think of it as never being unavailable.

IOW, I would be hesitant to assume that a hybrid AV is as robust in "offline mode" as a traditional AV would tend to be. If true, and I haven't done the testing to back this up but it does feel likely to me, this would mean that you may in fact need more robust additional layers with a hybrid AV solution if/when it has no cloud connection.

 

Then better, when you have time, to browse through this forums section: Prevx Releases and read the many threads there or support forum at the webroot community. Or just simply read the online user manual/tutorial of WSA (http://www.webroot.com/En_US/support-wsa-products.html)

I do not prefer cloud only AVs. Actually I don't know what a cloud AV only software is. WSA is not a cloud AVs only software. WSA is an advanced malware protection software currently technically ahead of most out there and with a huge potential for development. A lot of resistance by many users manly due to ignorance (= ignoring how it works). As simple as that.

 

I've never heard of that but I think it was true during earlier development when the product was beta.

 

@TheWindBringeth

I agree, which is why understanding the methodology used by the developer is so important. This certainly falls outside the realm of what the average consumer's understanding or at least what they are willing to question. For me, the ability to sandbox threats until I can scan them later is probably the simplest way of addressing issues until a connection can be established again. But this is not an excuse for companies to market a cloud product if they are in fact gutting the offline functionality. This type of marketing would lead consumers to incorrectly make assumptions. A situation that in my honest opinion is not good for the end-user or the company when consumers find out.

 

I seem to remember Pbust posting that some users in other forums were able to get it to function as a companion for a select anti-virus. But Pbust, made it clear that it was not Panda's intent to make a companion anti-virus. I remember he discussed this in at least two threads here on Wilders and I believe I saw him post in another forum as well. I have to applaud the ingenuity of anyone that an figure out how to get these applications to play nice. I also can not say whether there were any restrictions based on platform (32-bit or 64-bit). I know that some applications combinations are strictly 32-bit only.

 

Well, it is not possible to get Panda to function as a companion. More like configuring the selected antivirus, install Panda Cloud, and then cross their fingers.

In my own experience, I've experimented with "companion combinations" such as Webroot and Kingsoft. I kind of liked those combos but I wouldn't need the extra layers.

 

The cloud system continues evaluating the file, sometimes with human intervention. The process can take minutes or hours. If the file does prove to be dangerous, the local Webroot client uses the activity journal to roll back every single recorded action.



How do you even test efficacy? Besides the ability to rollback the changes, which is quite impressive, wouldn't that be a bit like saying: "We detect the threat after a signature update."