Panda Cloud Antivirus - Version 1.0 Final Released

I've been testing this and it is really light however it needs to have a better way to submit threats that Panda doesn't detect, preferably through the main interface. URL blocking would also be nice.

 

Why does it force me to uninstall Norton even when i have it totally disabled.?

 

Yes we're building something for submissions to give visibility of how the threat is treated by Collective Intelligence.

Probably some traces left over from a previous installation of Norton. Make sure its completely uninstalled (not just deactivated). If that still doesn't work, google around for a Norton Uninstaller.

 

Panda needs to improve it's self defence from malware. This review shows how an undetected rootkit could easily shut down Panda. Also, if Panda is using heuristics should in not have been able to detect this stuff in this review.

http://www.youtube.com/watch?v=Oq1JuFt1xNo&feature=sub

 

The fact that we are still building auto-protection mechanisms is already known (search around the different panda cloud posts) and we are working on it. Anyway the problem shown in the video is not related to auto-protection mechanism, just a non-detected rogue.

However these types of tests are curious and makes me question the objectives people have when creating them (and posting them). Nobody ever said AV protects against 100% of the malware out there. If that were true, there would be no more malware. I think people with a little bit of AV knowledge and common sense know this already.

Regarding the test, I can come up with 13 malicious URLs that bypass *any* AV product you choose and create similar videos. But I'm not sure what that would accomplish other than a blatant smear campaign.

Also a few interesting comments in the video about the objectivity of the author:
* Panda blocked what seems like all but one malware, yet the commentators states "Panda failed miserably".
* He also mentions "Cannot start in safe mode so it means there's a rootkit... I'm just sure there is". That shows me the actual technical knowledge of this "tester" is pretty limited.

I'm also missing the final part of the video where he says he's going to install MBAM to check out the infection. It's never shown. What did MBAM find if anything?

 

yes i feel that panda cloud very poor detection

i love it coz its light
but i dont like it coz bad detection

 

plzz tell me how does this work differently from other AV's and how good is it?
also,how good is it,if it isn't connected to the net

 

@pbust
Were you able to get anything useful from the trace?

 

Interesting challenge there.Depending upon how broad your interpretation of the term 'AV' is how about Defensewall or Sandboxie ?

But of course you're correct in saying that any traditional product can be by-passed in the manner of that video,so anybody with a dislike for a certain vendor could come up with any number of similar failures.

 

HIPS cannot be treated as antivirus in any way.

 

As I stated it depends upon how broadly you determine the term AntiVirus to be.If you take it as a product that prevents malware from modifying/damaging your system then HIPS/Sandboxing would both fit that criteria.I wasn't saying that they're the same in the traditional AV blacklisting sense of course.

 

Nice try, but no, not *that* broad
I was talking about the term AV (signatures & heuristics, whether traditional or in the cloud).

Absolutely, it's real easy given enough motivation. With over 50.000 new variants per day its trivial to find a handful that bypass a specific engine.

What is the definition of HIPS used in this context? Traditionally IPS refers to network attack signatures, which applied to a "host" context, refers to a Firewall with DPI and network attack signatures capabilities. But in this forum I see the term HIPS used loosely to refer to different types of products (Sandboxie, etc.).

 

HIPS is something that intercepts nearly all calls run on host and inquiries the user about them. Some are more automated than others, but in general that's it.
Sandboxie falls under sandbox tools and i wouldn't really call it HIPS.
Stuff runs separated from host...

 

Yeah I know you were I was just teasing you.

The problem with amateur "tests" such as the one highlighted is that given the potentially high audience on sites such as Youtube,they can give a damaging or misleading impression to many people.

 

Is used as a bit wider concept of traditional H.I.P.S.; extended not only to network traffic but to all windows APIs.


Panagiotis

 

After reading i still have no idea how it works. Let simplify it, Traditional AV scan a file against its DB, anything similar is an Threat.

Panda scans files and compare it to an Online DB. How does it work since i am sure the file is not send to the server at all. If it is an Signature only how would one know it is save.

What i want to know in the end is how Latency comes into play during this process.

As i am trying to figure out, why after installing Panda, everythings seems to lag on my PC, from RSS reading to Normal Serving.... This is after a initial background scan.

 

Panda Cloud works like inverted traditional scanner. Instead feeding the signature into scanner, it creates the pattern and sends it to server for verification. Server sends back short response what to do with the file (clean/infected). After that, client side does the rest.

 

Which means it is very latency sensitive?

I am getting some very irritating lagging issues with all of my apps / Computer.

I guess i am going to switch back to Traditional Scanner.

 

There is less lag than with regular scanners really...

 

I suspect there are still some bugs to be worked out. It ate CPU cycles on my PC, even after the initial scan. I think the program has a lot of potential, and look forward to new versions, but it still does not seem to work well for me.

 

[1] How exactly would you go about finding these 13 URLs? (I’m not asking you to actually find them or post them, just to explain the discovery process.)

[2] What techniques or approaches are these 13 URLs using that are so effective that they bypass all existing anti-virus products?

Thank you.

 

...........

 

Panda Cloud Antivirus needs to "get to know your PC" after install. There are various processes which occur after install, from synchronizing the local cache for offline operation, scanning processes and objects loaded in memory, checking launched apps against the cloud and filling its goodware cache, etc.
After this initial "getting to know each other" time (which varies between PCs, configuration, number of programs installed, etc.) you will see much less resource impact than most if not all traditional AVs.

Regarding bandwidth, after running metrics during the beta period over millions of users, our data shows that on average Panda Cloud Antivirus "consumes" only 127KB *per day* (which is less than your typical busy webpage nowadays).

 

That's not what I said.

What I tried to say is that it is really trivial to find a handful of samples that a specific AV engine does not detect (not "all existing anti-virus products").

And I'm not talking about just on-demand scans but actually full products with dynamic execution (like in the video).

 

http://www.youtube.com/languy99#p/u/4/Oq1JuFt1xNo