Skip to main content

Cloud Security with Cloud-AV: Locally installed AV's could be history!

The Architecture





Cloud AV is the future in Anti virus technology .Soon desktop anti virus software could become history. Here’s are the details .Currently Anti virus software is installed on every end users machine in an organization. This limits only one anti virus could be installed one system. Every anti virus package has some vulnerability and if the hacker is able to exploit it, the organization’s security is compromised.


Statistics show that F-Secure have a detection rate of 86% whereas McAfee only detects 54% pf the viruses. Also they have a slow response time to a solution to a new virus. Thus newer virus often takes days before they are detected. On an average, a new virus is undetected for almost seven weeks.

Cloud AV moves the anti virus functionality into the “network cloud” and off personal computers. Cloud AV analyzes suspicious files using multiple anti virus and behavioral detection programs simultaneously.
Typical AV vendors fail and are themselves suceptible to attacks/hacks



and this report:

A six-month test pitted CloudAV against the security engines offered up by 12 popular vendors: Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.

Each program was tested against 7,220 malware samples collected over a year.

CloudAV proved to be 35 per cent more effective at detecting recent threats compared to a single virus scan engine, sporting an 88 per cent detection rate for zero-day viruses. A typical user of virus scan software waits 48 days between the time new malware surfaces on the Web and the time they are protected from it.

"Attackers have a leg up in the arms race as far as malware goes," says John Oberheide, a doctoral student working on the CloudAV project. "But when you combine the capability of all members of the security software community, you can make up for the weaknesses."

The so-called "window of exposure" – or amount of time users are susceptible to new malware threats – is a challenge security vendors are always trying to address, says Shiva Mandalam, director of marketing at McAfee Avert Labs.

"From the time researchers discover malware, to the time [the antidote] is pushed up to the desktop, there is definitely risk of exposure," Mandalam says. McAfee software, he says, attempts to reduce this risk.

McAfee's Site Advisor service looks at possible malicious behaviour on Web pages visited by its users. If anything is suspicious, users are warned with a toolbar on their browser to exercise caution.



Source
Labels:

Comments

Post a Comment

Popular posts from this blog

Security: VMware Workstation 6 vulnerability

vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Post a Comment
Read more

Splunk that!

Saw this advert on Slashdot and went on to look for it and found the tour pretty neat to look at. Check out the demo too! So why would I need it? WHY NOT? I'd say. As an organization grows , new services, new data comes by, new logs start accumulating on the servers and it becomes increasingly difficult to look at all those logs, leave alone that you'd have time to read them and who cares about analysis as the time to look for those log files already makes your day, isn't it? Well a solution like this is a cool option to have your sysadmins/operators look at ONE PLACE and thus you don't have your administrators lurking around in your physical servers and *accidentally* messing up things there. Go ahead and give it a shot by downloading it and testing it. I'll give it a shot myself! Ok so I went ahead and installed it. Do this... [root@tarrydev Software]# ./splunk-Server-1.0.1-linux-installer.bin to install and this (if you screw up) [root@tarrydev Software]# /op
Post a Comment
Read more

Virtualization is hot and sexy!

If this does not convince you to virtualize, believe me, nothing will :-) As you will hear these gorgeous women mention VMware, Akkori, Pano Logic, Microsoft and VKernel. They forgot to mention rackspace ;-) virtualization girl video I'm convinced, aren't you? Check out their site as well!
Post a Comment
Read more