Friday, September 19, 2008

Cloud Security with Cloud-AV: Locally installed AV's could be history!

The Architecture

Cloud AV is the future in Anti virus technology .Soon desktop anti virus software could become history. Here’s are the details .Currently Anti virus software is installed on every end users machine in an organization. This limits only one anti virus could be installed one system. Every anti virus package has some vulnerability and if the hacker is able to exploit it, the organization’s security is compromised.

Statistics show that F-Secure have a detection rate of 86% whereas McAfee only detects 54% pf the viruses. Also they have a slow response time to a solution to a new virus. Thus newer virus often takes days before they are detected. On an average, a new virus is undetected for almost seven weeks.

Cloud AV moves the anti virus functionality into the “network cloud” and off personal computers. Cloud AV analyzes suspicious files using multiple anti virus and behavioral detection programs simultaneously.
Typical AV vendors fail and are themselves suceptible to attacks/hacks

and this report:

A six-month test pitted CloudAV against the security engines offered up by 12 popular vendors: Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.

Each program was tested against 7,220 malware samples collected over a year.

CloudAV proved to be 35 per cent more effective at detecting recent threats compared to a single virus scan engine, sporting an 88 per cent detection rate for zero-day viruses. A typical user of virus scan software waits 48 days between the time new malware surfaces on the Web and the time they are protected from it.

"Attackers have a leg up in the arms race as far as malware goes," says John Oberheide, a doctoral student working on the CloudAV project. "But when you combine the capability of all members of the security software community, you can make up for the weaknesses."

The so-called "window of exposure" – or amount of time users are susceptible to new malware threats – is a challenge security vendors are always trying to address, says Shiva Mandalam, director of marketing at McAfee Avert Labs.

"From the time researchers discover malware, to the time [the antidote] is pushed up to the desktop, there is definitely risk of exposure," Mandalam says. McAfee software, he says, attempts to reduce this risk.

McAfee's Site Advisor service looks at possible malicious behaviour on Web pages visited by its users. If anything is suspicious, users are warned with a toolbar on their browser to exercise caution.


No comments yet