Panda Cloud Antivirus - Version 1.0 Final Released

@pbust
Even posting on Saturdays and thanks for the 1.0 release!
Maybe it's an idea to put a brief explanation about what a cloud really is on the product homepage.

@Blackcat
Do any other particular programs (not strictly security programs) run in the background on those Vista boxes?

 

Ok that should not happen.
Do you have any other security software installed? Which?

 

Well just a few of the usual background programs.

No other security software installed, except for a third-party firewall.

I might try installing again later to-day on one of the machines with just the Windows Firewall running.

 

@Blackcat
Witch firewall?

 

Look 'n' Stop on one machine and Outpost Free on the other.

 

@Blackcat
You might check their logs to see if they might block some of Panda's traffic. They both don't feature a HIPS don't they? For the rest I can't come up with anything else for now.

 

@Sputnik, regarding the explanation there's a good one here:
http://news.softpedia.com/news/The-Insides-of-Panda-Cloud-Antivirus-111793.shtml

@Blackcat, could be they are preventing a Panda driver from loading. It wouldn't be the first time. Try disabling them and installing Panda again to see if that makes a difference. If everything is back to normal, re-enable them again.

 

@Sputnik
No HIPS in LNS and I disable the HIPS component in OutPost. But thanks for your comments.

@pbust
I will try and install with just the Windows firewall running and will post back. Again, thanks.

 

@pbust
Very nice, please put that link on the Cloud Antivirus homepage. I'm sure that most users don't have a single clue what a cloud really is.

 

Okay I re-installed and again on reboot the CPU usage for the PSANHost.exe process was high and remained so for about 40 minutes.

However, after about an hour the usage eventually dropped to 0%. PCAV now feels very light in real-time.

Is this normal behaviour just after installing PCAV and does it improve with time?

 

What I don't understand with any of these cloud based systems is simply what happens if the cloud is unavailable?

Doesn't seem too far fetched to envisage inserting a USB stick or something and having your entire PC trashed because you don't happen to have an internet connection?

 

Thanks.

Thanks, i was trying to understand how it manages to limit the upload bandwidth, because obviously, uploading every file would be a lengthy operation.

I also understand that at least in Panda, the user can control whether or not to send a file (i think this is a very important privacy aspect), correct?

 

That's the problem with all "clouds". And i think that if "only cloud" programs become widespread, the first thing that malware writers will target, will be how to bring down your internet connection or alter your hosts file to prevent succesful comunication with your cloud. At this point, you won't be able to use your AV and even if you have a backup on demand scanner that you COULD update to run a manual scan, you won't be able to do it (if your connection is dead). You must hope that your on demand scanner has already the right definitions in his database.

IMHO, the only way to mitigate the risk is introduction of client based behaviour blocker modules.

 

I'm curious what the take is of any of the vendor representatives on here?

 

I have another "bad" scenario actually. It doesn't happen everyday, but it happens to me at least twice a year.

My ISP, from time to time, either for general server upgrades or because of local damages or because an international cable is damaged, loses access to some countries. I even remember seeing Emule connections being a mix of dropped and successful because of that. Another time, Emule was the only thing that was working just a little bit. Sometimes i can access national sites but not international. I remember once the cause was a damaged undersea cable which practically results all US based sites to be offline for 2 days.

In such cases, if my "cloud" is based on a server towards which my ISP has problem, while i am still able to visit other countries' sites, i am without protection without realizing it. So for example, i can get infected visiting a "national" site, because at the same time, my ISP has some problem and i can't communicate with say "spanish" servers that hold the cloud servers.

It doesn't happen everyday, but it happens. (ex. http://blogs.zdnet.com/gadgetreviews/?p=669 , http://www.mis-asia.com/news/articles/undersea-cable-damage-slows-internet-in-china)

In such cases, even a 5 months old malware, if your cloud isn't connecting, will be able to take you down. While if you have your database locally available, your AV may not protect you from zero day malware, but from older, yes.

 

Yes, under the config page you can uncheck the "automatic mangement of suspicious files...". checkbox which controls this.

 

This problem mentioned is not really that much as a problem. Any scenario that you can imagine that makes the cloud-servers inaccessible can also happen with a traditional signature update model, rendering the same problem of not being able to detect the new malware.

We are adding more local technologies, specially for version 1.1 to protect even more against this hypothetical problem.

As for some actual facts, we've not had a single customer feedback regarding infections during offline.

Also check the comment from pcmag's review yesterday:
On another system a proxy-based threat prevented Cloud Antivirus from connecting to the Internet. I ran a scan anyway; the product does include a minimal database of significant signatures. Wonder of wonders, the no-connectivity scan cleared up the problem allowing for a normal cloud-supported scan!
http://www.pcmag.com/article2/0,2817,2355827,00.asp

I'm not saying it cannot happen, I'm just saying we thought this through a lot and have put measures in place to minimize it. The risk with CloudAV is comparable to the risk you have today with a traditional approach.

 

Thank you very much for the answers Pbust. The "minimal database" is i think a good idea. Also the fact that you allow for user control over sent files is a plus.

I don't know if cloud AVs will become soon the "mainstream" technology , but if they do, i think you 're moving to the right direction.

 

Try rebooting, and see if the CPU goes nuts again. That is the issue I had.

 

Did a complete scan and after reboot still a lot of hard drive thrashing for about 12 minutes and high CPU usage. But memory and CPU usage not as high as before; CPU usage down to 0% after 14 minutes.

Should be fine after another 10 reboots

 

So does Panda have to repeat it's process after every reboot?

 

Just carrying out another boot; again less CPU usage.

The process PSANHost.exe is relatively quiet for the first few minutes after a reboot, then CPU usage starts to climb with hard-drive disk thrashing. Then as before activity stops; all PSANHost.exe activity stops after 10 minutes this time.

I wonder if this activity is simply PCAV doing a boot-time scan? If so in the next version let's hope there will be an option to disable this.

 

pbust, why was Win 2000 support dropped? Is there a way to "force" PCA on a pc running Win 2000?

 

odd im running windows 7 32bit and in not having these slow downs on cpu. odd

 

After starting a full scan and aborting it, every fast scan afterwards ends with the Scan Window GUI upper text (dutch): "Snelle scan geannuleerd", which means something like "Fast scan cancelled" and below the text; "De scan is correct voltooid" / "The scan has finished correctly/successfully".

I've no idea which message is correct...
Has the fast scan finished succesfully or was it cancelled/aborted?

Then I performed a Full Scan,at the end, it remained at "progress 99%" for over 20 minutes until I stopped the scan myself.
At the end of the Full Scan (with on average CPU usage at 65%-100% and 55-70MB RAM usage, CPU usage stayed at 100% while the RAM usage incidentally spiked up to over 150MB; PSANHost.exe using up to 130MB.
PSANHost.exe then dropped to 10MB usage and then climbed fast to about 40-50 MB usage for over 20 minutes.
The CPU usage by PSANHost.exe stayed at 95-100% during those 20 minutes.

All in all, not too great.
(XP Pro SP3 32-bit).