Discussion in 'other anti-virus software' started by hawkeen, Aug 11, 2009.
will avira 10 be cloud based? is it needed? thoughts?
its not really new. the idea has been around for a while with different implementations but it seems to have recently become the new trend.
If an AV's base is totally in the cloud, malware blocking access to the AVs servers (via a simple host modification or DNS) will effectivley mean absolutley NO detection.
A problem with the AV's servers will mean the same - although one can say "it wont happen, we'll be carefull", a problem with the ISP will block it - through no fault of the AV itself. Not to mention, unforseen circumstances which can mean the AV's servers can go booboo even if you try to mitigate the possibility.
... if someone relies only on cloud-based AV only , I think this won't be a problem if the ISP block it because if it happen to be no internet access/connection due to technical problem of the ISP , there won't be a way for a malware to arrive on the user's computer (not that there are no other ways but...)
I think he meant the AV's ISP.
For a cloud-based AV to work you need a constant connection to the AV's servers, if the ISP of the AV company screws up, you'll be left with zero protection and never know about it.
In some ways, that could also apply to non-cloud AVs if there's a problem with the server that distributes definitions; if that screws up, you'd be left without up to date protection.
I think all these companies take this on board when delivering either local signatures or cloud based protection. They must have an infrastructure in place to deal with such anomalies.
The connection provider connected to the AV may have problems (as Fuzzydice45 said), rendering all connections to/from the server dead - excess loads on all other servers of the AV (assuming they have more than one) - and not sure what the AV will do then - retarded detections (too late) or slow your computer down until its managed to scan the files = risk and inconvenience.
And as you know, you dont have to be on the internet to get infected and if you are on the internet, which DNS trojans or trojans which change the HOST file you can surf the internet without the having any bases.
Without uptodate protection, meaning you wont have the most recently few hundreds of signatures created, but you still have the older hundreds of thousands
And signatures done expire in a few hours, (some of) the threats are still there after a few days, weeks, years
Scanning (or not) archives does not have anything to do with cloud-scanning. The cloud really couldn't care less for the interception mechanism of the client. The client is in charge of unextracting/unpacking the object and then passing a signature off to the cloud for determination. Panda CloudAV works this way and is able to scan inside archives. Other cloud-enabled AV solutions do this as well.
Same problem as if your traditional local signature-based AV suddenly stopped being able to connect to the AV update server... you won't be able to get protection for tomorrow's malware and you'll get infected. Keep in mind that some cloud-enabled AVs have mechanisms to deal with offline modes (no connectivity). Not all of them do, however. But this is not a problem of the cloud, rather of the implementation of the specific vendor.
A small note on the last part of your comment; the more advanced cloud implementations do not scan the entire file *from* the cloud (meaning that the files is not actually uploaded to the cloud-servers). Only signatures of the files are sent back and forth. Again, not all cloud-enabled solutions have this, it depends on the implementation.
Regarding the comment about cloud-enabled AV products not working in a "Internet meltdown" environment, again, the same problem will occur to traditional local signature based solutions. And btw, when and if the Internet does eventually meltdown, I think AV will be the least of your worries
Same problem. Some cloud-enabled AV products hold a local cache of the cloud... it still protects against older threats that are circulating... but again, it depends on whether your cloud-AV has offline mode or not
Separate names with a comma.