What is a Cloud AV?

Discussion in 'other anti-virus software' started by JerryM, Jun 10, 2010.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I don't understand a "cloud" AV. Does it get info from the internet when in useo_O? How does it differ from the normal application?
    It would seem that it would not be a good scanner if it has to be on the internet.
    Is my confusion evident?? Thanks.

    Regards,
    Jerry
     
  2. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Whilst there are some technological differences between the various cloud AVs currently in existence, the basic premise is that the main signature database is not stored on your machine.

    With the traditional AV you update it to get the latest virus definitions which are then downloaded to your computer; products running cloud technology store these databases on cloud servers. Scanning works in a similar way except it's against the info stored in the cloud.

    Some cloud AVs will store a small subset of the main database on your machine so you are protected when offline. However, these products work best when connected to the internet all the time.
     
  4. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks to you both. I understand better now.:thumb:

    In the past Panda performed below the level where I would even consider using it. Now however it is at the top, or close, in detection. I don't know about removal.

    I am going to watch the results and comments regarding Panda.

    Regards,
    Jerry
     
  5. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    In my opinion, cloud-enabled anti-malware is less about where information is stored and is more about what information is used for malware prevention. The critically unique aspect of cloud-enabled anti-malware is the gathering and utilization of community-based intelligence. In the case of Norton Internet Security, for example, this is known as “Quorum” -- a massive source that allows an understanding of the trustworthiness of executable files.
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Here is more info about the first to have Cloud Computing Prevx: http://www.prevx.com/aboutprevx.asp

    TH
     
  7. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    The cloud is for malware detection , too .

    It is all about detecting more threats (having up-to-the-second protection , not up-to-date) and not being a resourse hog because of the big amount information if it is stored locally
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    While “the cloud” does have such advantages, Symantec presents a different perspective:

    Thus, if "the cloud" represents only improvements in scanning based on signatures, then it really isn't much of a technological advancement. As my prior posted noted, the key advantage of "the cloud" isn't so much about where information is stored but is more about what information is gathered and used (e.g., community-based reputations), in my opinion.
     
  9. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I agree with above comment, except if signatures stored in cloud servers offers an advantage over signatures stored in local drive that I have not understand yet.
     
  10. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Norton's cloud is to gather an enormous whitelist - information about known good files and treat everything else as bad and this is what it currently does.

    However , it is not only this . If you actively "play" with malware then you will notice that sometimes an Insight Network Scan has more information and will detect more than just an offline scan (e.g. Full Scan in Safe Mode)
     
  11. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    The "cloud" is another useful tool but like nearly everything in this world, it's a compromise shift rather than a paradigm shift. The Achilles heel of cloud-based definitions and detection alone is that the malware has to be in your computer, or even executed, before it can be recognized. Many people prefer to not let the "bad stuff' get that far in the first place.
     
  12. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Vladimyr, thanks, its clear for me now. Personally I don't mind downloading to my PC. Sometimes I disable the "scan on create" on AV and keep only "scan on opening/executing"
     
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    My understanding is that Norton’s cloud (“Quorum”) is not about whitelisting (i.e., identifying high prevalence good files) or about blacklisting (i.e., high prevalence bad files), but is about the “long tail:” the millions of files with low prevalence. The goal of Norton’s cloud is to “discover a threat that targets just one or two PCs” using reputation-based trustworthiness.

    Please see this excellence presentation by Symantec for further information on the security distinctions of whitelisting, blacklisting, and the "long tail:" Reputation‐based Security.
     
  14. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    This may be true for some cloud-based anti-malware applications, but in the case of Norton Internet Security, the in-the-cloud information is used to prevent malware from being downloaded (i.e., using “Download Insight”). Thus, malware is stopped before it even hits the disk.
     
Loading...
Thread Status:
Not open for further replies.