Panda Cloud Antivirus - Version 1.0 Final Released

Only 127 KB? pbust, what are the bandwidth requirements for your servers then (if it's not a secret). If you muliply this with all users, it should be fairly high, but probably still lower than to distributre local updates to all users.

 

Okay -- I see the distinction: you’re saying that the “13 URLs” may be different for each anti-virus product under consideration.

Nonetheless, just for my own education, what is the “trivial” process by which one finds malware samples that a specific anti-virus product fails to detect? (This doesn’t sound at all “trivial” to me, so I’m curious to learn more.)

A related question arises: why doesn’t each anti-virus vendor execute this "trivial" process on a routine basis (e.g., hourly or daily), and update their signatures and website ratings to detect and defend against each threat identfied by the process? Not doing so would be almost inexcusable -- or, am I missing something?

Thanks again.

 

You should ask your self that same question. Even I found a few today that Norton along with some others did not detect not even a warring and completely hosed the vmware. Its not hard to find them I have no idea why you cant figure out this "trivial" process, maybe you should spend more time on that less time worrying about looking good in tests ?

Sad part is I get paid to do this. I feel like they are paying me to do your job! kind of Odd.

 

Fajo, I obviously understand that one can fortuitously come across malware samples that are undetected by an anti-virus product. But, while a “hit-or-miss” approach may sometimes be effective, it is not necessarily efficient.

Do anti-virus vendors employ people to “randomly” browse the web to find undetected threats? I have never heard of this being in use as a discovery technique, but the suggestion from your post seems to be that it should be considered. (This might just be a public display of my ignorance on this point.)

P.S.: I have only ever experienced one malware threat, years ago -- some common sense plus a good anti-virus product has protected me well to-date. And, I certainly don’t go around looking for threats!

Don’t understand -- can you please clarify?

 

I do go looking for threats. But that's going a bit off topic.

As for the other quote, I get paid to keep the network safe that means finding things that are not detected whether it be a exploit,virus, or anything else. When I do find virus that are not currently detected then I submit it. So in a way I feel like I'm getting paid to find crap that you (Talking about ALL AV's in General) don't detect just to make sure we don't run into it. Feels Odd at times especially with the amount of money that a company spent on "Protection" products.

 

That's an average that's really skewed because of the beta testing (where many users run on-demand scans over large number of drives and files). I don't have the bandwidth consumption of the typical user that doesn't run on-demand scans (which is the majority of non-advanced users) but I'm guessing it's below 5kb as there's normally not that many *new* programs downloaded and executed on a daily basis. This average is way lower than the typical signature update.

 

Anybody that has any insight into AV or AV testing knows this. Ask your local AV guru. If small AV testing organizations with some automation and no reversing skills can do it, certainly it can be done.

However it strikes me as weird you are asking for directions on how to get undetected malware that is able to infect users. Isn't there some type of forum rule against this? Even if there isn't I'm not going to write any details in a public forum. I think it would be irresponsible to do that.

This brings me to another point, isn't it irresponsible to publish tests with full malicious URLs that are able to bypass AV products? It kinda puts the public in danger. I can already see the typical AV-expert-wannabe trying it at home and infecting him/herself. The "Fundamental Principles of AV Testing" from AMTSO clearly states this is a big no-no.

 

Well, technically speaking, from point of recording the test and publishing it, pretty much all the links will be already dead.

 

Actually I was just able to download 10 of them.

 

Thanks. I will try installing on a different PC, and let is sit for a full hour afterward to give it time to do it's thing. I'll see if the issue is still there or not.

 

So does Panda cloud actually use any type of real behavioural analysis to determine threats or is that only in the paid version. I have read conflicting information about this.

 

No, no behavioural analysis just yet. Only AV and heuristics from the cloud for now.

 

pbust, I for one truly appreciate your frequent participation on the forums. I am running PCA on my office workstation along with Prevx. I do not seem to notice any impact on system performance, and the cpu usage while running a quick scan is no worse than Prevx. PCA's GUI is simplistic and attractive. Kudos on keeping it free!

 

Thanks for the comment EliteKiller

 

How long does it normally take for a scan to start. I did a quick scan and after about 5 minutes it still shows 0 percent.

 

So behavioural analysis is possibly on the agenda for a future release? Perhaps the new stuff in v1.1 you're keeping secret?

 

Do you have many disks and many files? Did it eventually start "moving" or is it still stuck at 0%?

 

It's not so much of a secret. The reality is that we want to add so many different things that right now we don't know what will end up making it to v1.1 and what won't.

 

Neither scan works it just stays at 0 percent. I don't have that many files and Panda says my internet connection is ok, i also have no problem browsing. I don't know what is causing this.

 

Weird, do you have any other security software or special security policies applied?
Can you try replicating it as mentioned here and posting the results:
http://www.cloudantivirus.com/forum/thread.jspa?threadID=51115&tstart=0

 

This may be a dumb question, but how safe is cloud antivirus software? I don't know that much about cloud antivirus, (or is it in the cloud) at all. Isn't it something to the affect that if something is detected on you PC, it is checked with everyone in the cloud? Doesn't that open your PC to everyone in the cloud, making your PC vulnerable to anyone in the cloud? Why is this technology better than a conventional AV/AM?

Again, sorry if this is a dumb question. I've googled in the cloud to get information on it, but every time I type in "in the cloud", I get references to Panda. Great for Panda I guess.

 

Ok i managed to find the problem, Online Armor was blocking a driver from running or something. Seems to be going ok now.

 

In short no. It don't open your computer up to other people basically it sends information about the files it scans to the server then returns a reply to you if they are clean or not. Basically your computer never really opens up to anyone else other then uploading a file.

Btw the only dumb questions in this world are ones that are never asked.

There is some stuff in these about cloud and links to find out more about it.
http://en.wikipedia.org/wiki/Antivirus_software
http://www.scientificblogging.com/n...uting_and_next_generation_anti_virus_software

 

Ok, seems to be running better now. Still using more CPU than other AVs I have tried, but not the massive amounts I was experiencing in the past. Ram use is very light.

 

Thanks. Although how an Cloud AV works is still beyond my technical knowledge. Since i could not understand how thousands of files scanned per day can be fitted inside 127Kb of signature files.
And i dont understand how an sub 1K signature files can represent a 100MB+ files.

Anyone with some simple explanation would be nice.

I will try to give it a longer known each other time. You mentioned in your previous post that it takes 10 - 15 min. I gave it an 1 hour and it is still sluggish. Trying to perform a Scan All items does not help since the Scanning speed is FAR too slow. 5000 Files @ 1% took me 5 - 10 Minutes.

Tonight i will try to let it do a Full Scan. And see how well it goes.