Panda's Cloud Antivirus Exits Beta - HotHardware
Panda's Cloud Antivirus Exits Beta

Panda's Cloud Antivirus Exits Beta

Panda's new cloud-based antivirus software, Panda Cloud Antivirus, has reached version 1.0 and has exited beta, the company announced on Tuesday. That said, there are already new bugs filed against 1.0 on the Panda Cloud Antivirus support forum.

Panda's Cloud Antivirus doesn't use locally installed virus definition files. Rather, the definitions, and the detection, are done in the Cloud. Theoretically, this means an end user, as long as he is connected, will always have the latest scanning engine and the latest virus definitions.

Here's how it works:
When Cloud Antivirus encounters an executable file, it first creates a partial cryptographic hash of the program, which Panda calls a reverse signature. The locally running program sends this signature to the data center in the cloud and gets back a quick determination that the file is malware, known-good software, or unknown.

If the file is unknown, the local program sends additional information. This data includes a kind of behavioral signature to let the cloud-based software remotely perform heuristic analysis. The local agent also graphs the file's internal structure and passes that to the cloud for similarity analysis. Yes, sending these and other data elements to the cloud takes a small amount of time, but the in-cloud analysis is extremely fast.

Once Cloud Antivirus identifies a specific file as "goodware" it caches the information about that file locally (in a local cache), so it doesn't have to go back to the cloud. Thus full scans after the first time will be significantly faster.
Panda claims also, that by leveraging the data collected from end users, it can update its database with new threats and variants though its so-called "Collective Intelligence" in the cloud.

In fact, speaking to C|Net, CEO Juan Santana and Senior Research Advisor Pedro Bustamante noted that since the beta, Collective Intelligence has collected about 25 terabytes of data, with about 60% of it malware. Additionally, Collective Intelligence is receiving about 120,000 new files a day, of which 60-70,000 are malware. Finally, they noted that Collective Intelligence has processed more than 80 million files so far and generates about 150 GB of log files per day.

Some may be concerned about the effectiveness of a cloud-based program if you are disconnected. Well, first, most of the threats end users see nowadays are a result of being connected: to the Web, to email, or some other delivery method using the Internet. On the other hand, Panda Cloud Antivirus does have a local cache, as noted above.

Bustamante said that "The local cache of Panda Cloud Antivirus is a 'moving target' of what the community 'sees' out there circulating in the wild. However, it's not quite the same as the traditional signature updates which are always incremental (always adding signatures, not taking them out)."

The real question is, do you trust your PC to a 1.0 version of software? It's exited beta, but it's still new. However, Panda itself is not new. And the software, just as with Microsoft's Security Essentials software, is priced right: free, at least to home users and and educational centers, as well. In addition to that sort of licensing, MSE is free to SOHO as well.
+ -

I thought this product was still supposed to contain at least some local "classical" signature files? if not, there are holes you could drive a truck through - since for unknown files, all you would ever get is heuristic analysis.

Heuristic analysis is unlikely to find a large portion of new viruses... especially spyware and trojans (which don't really have that much internal obfuscation to give them away).

Signature checks would perform much better against those more typical attacks; I don't foresee this thing scoring too highly in AV tests.

Rainy-day-fun activity:

1) Sniff Panda communication with cloud.

2) Write trojan that opens port 80 and mimicks Panda "okay" response for AV requests and returns "no updated available" for update checks. Also, it updates the local hosts file to trick Panda AV into talking back to it on Also, it should connect to IRC or some other botnet controller.

3) Install Panda, let it scan it and mark your brand new trojan as a goodfile. Keep playing with obfuscation code until it passes heuristic check, if at first you don't succeed... you have unlimited tries.

4) Release on internet as part of lastest Megan Fox screensaver. Is marked goodfile to Panda, so it never gets looked at - even when installed the first time. Now, the machine still appears protected but is completely open to any other viruses and trojans, since your trojan will always tell Panda they're "goodfiles". At that point you can send any update from the botnet you want - even well known viruses with old signatures - the heuristic check won't occur if the "server" says it's a goodfile.

+ -

3vi1, Nicely explained!

+ -

Ahh, but you're forgetting the "cloud intelligence" They hope to use a wikipedia like model to identify and categorize bad files.

I see this similar to Hijack this where you can immediately identify files that are new and look at them a little closely.

+ -

Sounds like a convenient way to distribute a virus lol

Someone will hack the skyne....err.. cloud... heh... and have it infect and take over everyone compooter :-)

+ -

Immunet Protect has a free cloud Virus scanner. I'm testing it on one of my computers now. It plays nice with AVAST, MSE, and ThreatFire all at the same time. Can't tell for sure how much benefit I'm getting from it because of the other three protections installed.

Of them, AVAST seems to alert first with ThreatFire a close second.

Login or Register to Comment
Post a Comment
Username:   Password: