First introduced in beta in April, Panda Cloud Antivirus graduates to a stable, public release and signifies a major security vendor taking aim at the freeware competition--instead of the other way around. Cloud Antivirus was notable on its beta release for being one of the few security options available to users that contained most of its protections in the cloud. This allowed it to protect users while consuming significantly fewer resources than many competing programs.
Panda Cloud Antivirus 1.0 is notable as a free security solution for two reasons: Panda is a reputable security vendor, and the program achieves its goal of freeing up system resources. In a press release, Panda Security CEO Juan Santana described Cloud Antivirus as a game-changer. It's not clear quite yet that that's the case, but at the very least the program looks to fill a niche created by resource-conscious netbooks.
As light on resources as advertised, Cloud Antivirus offers strong reputation-based protection for those who want their security program out of sight and out of mind. A third-party efficacy evaluation wasn't available at the time of writing, but in empirical testing the program only used 9 MB of RAM while idle, and only 56 MB of RAM when scanning. Many other security programs will run scans at 150 MB of RAM or more.
Despite keeping most of its database in the cloud, Panda Security's Senior Research Advisor, Pedro Bustamante, noted during an interview in October that Cloud Antivirus isn't disabled just because the host computer is disconnected from the Internet. "Panda has an offline mode that uses a small cached copy of Collective Intelligence on your local drive, it's only the most recent threats on a real time wild list." Collective Intelligence is the name that Panda gave its cloud system when it was introduced in 2007.
When you open Cloud Antivirus, the main window lets you know whether you're safe or not with a big red or green icon. Cloud Antivirus works as other antivirus solutions do, offering a Quick Scan and a Custom scan for specific folder, files, and drives, but its ancillary features are exceptionally light. The Quick Scan took 13 minutes on my Windows 7 Lenovo T400 laptop.
Dragging an active Cloud Antivirus window, in Windows 7 at least, will turn it translucent.
(Credit: Screenshot by Seth Rosenblatt/CNET)You can opt out of contributing anonymous data to the cloud, but that also opts you out of automatic threat management. There's a network connection proxy option should you need it, and a reporting feature that will show you what kind of threats have been detected and removed from your computer. You can filter the report by All, Last 24 hours, Last Week, or Last Month, and there's a Recycle Bin pane from which you can recover a false positive, should you need it. Unfortunately, the Recycle Bin is hidden behind an obnoxious "flipping" screen that cheesily rotates when you need to access it.
If you're familiar with the minimalist Microsoft Security Essentials, Cloud Antivirus is even simpler. I did notice some odd interface rendering around the minimize and close buttons in Windows XP, but not in Windows 7. There are other more serious concerns about the program. Most notably, it lacks a scheduler, and it removes user input from update functions. Scans are also limited: you can tell the program what to scan, but not what to look for, so forget about toggling heuristics or rootkits. Then again, the point of this kind of security is that it's all wrapped into one.
Keeping in mind its limited feature set, and that we don't have efficacy numbers at the time of reviewing, Panda Cloud Antivirus makes good security choice for those willing to take the plunge.
Cisco Systems said Tuesday it plans to buy privately held Web-based security software company ScanSafe for about $183 million.
The all-cash deal, which also includes retention-based incentives, is expected to close in Cisco's fiscal second quarter, which ends in January 2010.
ScanSafe is a cloud-based software service that allows customers to license the application on demand. Cloud-based services help customers save on costs, because they don't have to buy licenses to software and manage the software applications themselves.
The ScanSafe technology will help Cisco expand on capabilities it added when it bought IronPort in 2007, the company said. Cisco also plans to integrate ScanSafe's service with its AnyConnect VPN Client to provide a secure mobility solution. And Cisco will use ScanSafe's data centers to provide new cloud security services.
After a lull, Cisco has stepped up its acquisitions. This is the third acquisition the company has announced this month. Two weeks ago it said it would buy wireless equipment maker Starent Networks for $2.9 billion. And at the beginning of the month, it said it would buy Norwegian video conference equipment maker Tandberg for $3 billion. CEO John Chambers has said the company is looking for even more acquisitions.
With security and cloud-computing both hot-button topics, Verizon Communications and McAfee are joining forces to offer customers a combination of the two.
Verizon's business unit and McAfee announced Thursday a new joint venture to sell cloud-based security products and services to large businesses and government agencies. With more companies tapping into the "cloud" to lower costs and outsource administration, McAfee and Verizon will sell a new suite of cloud-based security products, expanding on Verizon's current lineup.
Managed by Verizon, the new cloud-based services will offer an array of security products, including firewalls, intrusion prevention, anti-malware, and Secure Socket Layer (SSL) virtual private networks (VPNs).
"This strategic agreement with McAfee enables us to drive even more complete and integrated IT solutions to enterprises across the world," said Kerry Bailey, senior vice president of Verizon Business global solutions. "Our newly expanded and next-generation cloud capabilities will enable organizations to better use security as a strategic tool and business enabler."
The team-up will also allow Verizon and McAfee to tap into each other's portfolio of products and services.
Verizon will offer its customers McAfee's entire line of security software and will soon provide McAfee's PCI (Payment Card Industry) compliance services to banks and other organizations that need to secure credit card data.
The PCI services will be targeted to "Level 4" merchants--businesses that manage up to 1 million credit card transactions each year. Verizon said this business class is at the highest risk for security breaches and accounts for one-third of all credit card transactions. In April, Verizon released a report showing that more payment card records were breached in 2008 than in the previous four years combined.
McAfee's customers will now be able to contact Verizon's network of 1,200 security professionals for assistance on setting up and managing in-house security.
Finally, Verizon will help McAfee consolidate its data centers, so that McAfee can better offer 24/7 management for its own Web hosting and cloud-based services.
Verizon and McAfee will target the new products and services to small-to-medium companies, large enterprises, and government entities.
McAfee has been pushing to grow beyond the consumer market through a series of deals and acquisitions. In July, the company said it would buy MX Logic, which provides cloud-based e-mail and other services. In May, McAfee bought white-listing vendor Solidcore.
FORT BAKER, Calif.--As data moves to the cloud, attackers and thieves will follow, a federal prosecutor said on Friday.
Matthew Parrella, assistant U.S. attorney
(Credit: Elinor Mills/CNET News)The days of tracking down software counterfeiters in other countries who are selling pirated CDs are numbered as companies increasingly distribute software and store data online via hosted computing services, Matthew Parrella, an assistant U.S. attorney based in San Jose, Calif., said at Symantec's Norton Cyber Crime Day.
"That model of importation of software is becoming obsolete because we're seeing on the horizon cloud computing where so many of these operations are pushed from a user's PC or a user's computer onto Google Docs or Salesforce.com," he said.
Looking ahead five years, "I'm thinking the attack is going to be on cloud computing centers," said Parrella, chief of the computer hacking and intellectual property unit at the U.S. Attorney's Office.
The immediate threat will be attacks to steal data from the servers they are stored on, either remotely or by an insider or someone who gains access to the data center, he said. Later on it's likely any stolen data could be pirated, he said.
Parrella spends a lot of time prosecuting counterfeit software cases, as well as trade secret theft, he said.
His office also has been tracking a botnet for a long time that has grown to include 100,000 or so compromised computers.
"We don't know what it does," he said. "That's the type of threat we're looking to prosecute...malware that may lead to distributed denial of service attacks."
Parella declined to comment on the most recent DDOS attacks that have targeted Web sites in the U.S. and South Korea since the July 4 weekend.
FBI agent Donna Peterson said her office had seen a "tremendous uptick in large-scale, fairly devastating data breaches," with the biggest heist being close to $10 million stolen in 24 hours.
Cyberthieves "are getting more organized and their technical sophistication is better," she said. "They do what they need to get the job done...if they can use a 5-year-old exploit in conjunction with an exploit that they paid a programmer in another country $60,000 to (write), they will do it."
Cybercriminals can spend anywhere from two weeks to six weeks to completely own a corporate target's computer system so completely that "you won't even know that they're there," she said.
Businesses have opened on a Monday morning only to discover that so much money has been stolen since employees went home on Friday that they are no longer solvent and there is no record on their systems of the activity, Peterson said.
Also on the cybercrime panel was San Jose Police Sergeant Edward Schroder, who talked about how he spends his time investigating fraud related to sites like eBay and Craigslist, Nigerian or lottery scams, and money mule or work-from-home scams.
Schroder also said he gets a fair share of cases involving phishing attempts and e-mail extortion cases in which someone's life is threatened if someone don't pay the hired killer money.
By pushing as much resource usage as possible into the clouds, Panda Security's new Cloud Antivirus aims to free up the RAM hogging that plagues many security programs. However, testing the new beta revealed slower-than-anticipated scan speeds when doing an on-demand full hard drive scan. Panda's got a solution that might help some users: turn off logging while running the scan.
Cloud Antivirus splits the usual scanning process into three separate processes. The OnAccess Scan detects executing threats, the OnPrefetch Scan detects non-executing threats that are likely to run in the future, and the OnBackground Scan checks all local files when the computer is idle. Because of the way that the scans utilize idle CPU time, the background scan could still be logging when you start an on-demand scan.
The solution is to deactivate the logging feature when you're running a heavy-duty, system-wide scan. This is risky if you forget to turn it back on after you're done, and highlights the lack of advanced options available through the interface. "It's something we're aware of and still fine-tuning," said Pedro Bustamante, senior research adviser at Panda Security, in an e-mail.
Deactivating the advanced logging works, although users shouldn't expect dramatic changes. Scan times increased from 45 percent completed in 30 minutes to 45 percent done in 25 minutes. To toggle the log, download the two Registry keys found at the top of this blog post. Double-click on LoggingOff.reg and reboot your computer to turn off the log, then when you're finished double-click on LoggingOn.reg and reboot to re-activate it. I strongly recommend reading the entire post, though. Bustamante has included a lot of information on how Cloud Antivirus works. The known problems blog post is also worth looking at.
If you do try this Registry tweak out, post your results in the comments below.
Earlier Wednesday, Panda Security introduced Cloud Antivirus beta, the first full-featured cloud-based antivirus program. It does two things that make it competitive and unique compared with its competitors that are tied to your desktop: it prioritizes threats based on type, and it attempts to lighten the load that security programs place on your system resources by moving definition files to a community-based cloud.
Panda Cloud Antivirus and its system resource usage as it performs a scan.
(Credit: Screenshot by Seth Rosenblatt/CNET)The big concern about a cloud-based antivirus is performance, and Cloud Antivirus handled itself decently enough--although it's not a record-setter. On a ThinkPad T42 with a 1.7 GHz Pentium M chip, 1.5 GB RAM, and running Windows XP SP2, Cloud Antivirus used about 23 MB of RAM when idle.
When running a scan, the scan client ate around 40 MB, but the main client jumped to around 32 MB. The scan also took a long time, with only 45 percent of the computer scanned in more than 30 minutes. Pausing the scan client dropped the usage rate from 40 MB to 2 MB.
If you install the program, you can find it listed in your task manager under PSANHost and PSUNMain. There was no noticeable lag when loading programs such as Firefox or MS Word, no browsing the Web. Granted, these tests are empirical and casual, but they bode well for future use by the average consumer.
In February of this year, Panda received higher scores than before for its antivirus detection abilities and lower false positives than in previous years from AV-Test.org.
The program uses a minimalist design to emphasize its features. Cloud Antivirus runs as a panda icon in your system tray. Double-click to open the main screen, which sports a dark theme with translucent borders. The entire window goes translucent when you drag it.
Your security status will appear first, with a large icon and font size telling you whether you're in trouble. Somewhat counter-intuitively, the status tab is on the right side of the window. Moving from right to left, the tabs use icons to identify their features. A bar chart represents the Report tab, a magnifying glass for the Scan tab, and a gear wheel for the Settings. A hard-to-see turned-corner arrow lives in the bottom-right corner of the pane. Click it, and it takes you to the "neutralized" window--basically, it's the quarantine. The arrow then moves to the lower left corner, which you need to click again to get back to the main tabbed window.
The layout isn't hard to follow, but users will have to do some exploring since there's no mouse-over labels to help here.
The Settings tab hides proxy settings and a toggle for Panda's proprietary Collective Intelligence cloud network. Turn it off, and one of the program's most powerful features goes away. You'll still get cloud-based definition updates, but you won't be contributing to the community that's keeping you safe. The Scan tab has two options: to scan your entire computer, or to scan selected files or folders from your desktop. The Reports tab lets you see the results not only of your last scan, but also of scans from the past 24 hours, previous week, and past month.
Panda Cloud Antivirus looks like a move that could have long-reaching effects for consumer security, showing that just because your protection is based in the clouds doesn't mean your head is lodged in them.
Clarification made April 30 at 12:40 p.m.: This story initially contained a typo, inadvertently giving the wrong measurement of RAM on the ThinkPad we used for our testing. It has 1.5 GB of RAM. Thanks go to several readers for pointing out the error in TalkBack.
With threats like Conficker fresh in the public's mind, security remains a top concern for Windows users. Panda Security, publishers of Panda Internet Security and Panda Antivirus, is set to take antivirus where it hasn't been yet: into the clouds. Panda Cloud Antivirus beta bets that nearly three years of development can pay off into a better protection system for users. To that end, Panda's willing to make the client free for personal use--even after it leaves beta testing.
Panda Cloud Antivirus offers on-demand scanning.
(Credit: Panda Security)You can also download the program from CNET Download.com.
The program uses Panda's proprietary cloud computing technology, which they call Collective Intelligence, to detect viruses, malware, rootkits, and heuristics. It takes advantage of "millions of users," according to Panda, to identify new malware almost in real time. Panda says that Collective Intelligence can classify new malware in under six minutes, and that it handles more than 50,000 new samples per day. The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority--usually when the computer is idle.
In exchange for using consumer data to build the Collective Intelligence database, Panda decided to offer the Panda Cloud Antivirus for free, said Pedro Bustamante, senior research adviser at Panda Security.
Panda Cloud Antivirus appears to be able to handle a wide range of threats.
(Credit: Panda Security)The new program reportedly takes up around 50 MB on the hard drive and eats around 17 MB of RAM when in use. That compares well against the industry average that Panda provided of 60 MB, and Bustamante said that they're aiming for 12 MB of RAM when in use.
Cloud computing may make sense from a system resources point of view, but what happens to system security when the computer isn't connected to the Internet? "The model we've implemented is to break down the traditional antivirus to client and server, so when the user is not connected they keep a local cache copy of Collective Intelligence, including detections for what Collective Intelligence sees is spreading through the community," he said.
Panda Cloud Antivirus is for Windows XP and Windows Vista, with planned support for Windows 7 when it's released. Bustamante added that it will stay in beta as it's being accepted by users, although they hope it will leave beta by the end of this summer.
Even at the cutting edge of cloud computing, Web-based applications can be frustrating to write and to use.
Spreadsheets can't sort data well, there are lags between mouse clicks and the program's response, graphics look Mickey Mouse rather than lavish. But Google, among the most aggressive cloud computing advocates, is trying to address some of those shortcomings.
The company has released experimental but still very much real software that brings in some of the power of the PC, where people often use Web applications. Google Native Client--first released in 2008 but updated with a new version Thursday--is a browser plug-in for securely running computationally intense software downloaded from a Web site. And on Tuesday, Google released O3D, a plug-in that lets Web-based applications tap into a computer's graphics chip, too.
The projects are rough around the edges, to say the least. Native Client--NaCl for short--is more security research project than usable programming foundation right now, and O3D exists in part to try to accelerate the arrival of some future, not necessarily compatible, standard for building 3D abilities into Web applications.
Google Native Client is shown here running a fractal landscape explorer.
(Credit: Google)But both fundamentally challenge the idea that Web apps necessarily are stripped-down, feeble counterparts to the software that runs natively on a personal computer, and they come from a company that has engineering skill, a yen for moving activity to the Internet, and search-ad profits that can fund projects that don't immediately or directly make money.
"There are things you can do in desktop apps that you can't do in Web apps. We're working very hard to close that gap, so anything you can do in a desktop application you can do safely and securely from a Web application," said Linus Upson, a Google engineering director.
... Read moreSAN FRANCISCO--A group of pioneers in the security field, whose work in encryption is used to protect Internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference on Tuesday.
They tackled various questions about cyber security in general, but the topic that dominated was cloud computing.
"Cloud computing is a challenge to security, but one that can be overcome," said Whitfield Diffie, chief security officer at Sun Microsystems. "I believe cloud computing will get to (the point) where no real program...will be done anymore on the computers of the company that's doing it," he said.
"I'm worried about cloud computing," said Adi Shamir, a computer science professor at the Weizmann Institute of Science in Israel. While a virus or other problem on a desktop computer can be a big annoyance, computation centers in hosted computing could spread problems more widely, he said.
Bruce Schneier, chief security technology officer at BT Counterpane, said, "I'm kind of bored with it." Cloud computing is presented as a new paradigm...but fundamentally I don't see a lot of differences" between it and client-server and dumb terminals, he said. "It's still all about trust."
Ronald Rivest , a computer science professor at MIT, predicted that cloud computing "will really be a focal point in our work in security." "I'm optimistic about cloud computing," he said. "I think a lot of us have hard work to do."
Asked about their thoughts on the likelihood of a "Digital Pearl Harbor," the researchers concurred that the threat is hyped.
The talk about risks of a cyberattack on the magnitude of a Pearl Harbor strike is overblown, said Schneier. The real threat "will be boring things" like viruses, identity theft, and buffer overflows. "We're better as an industry if...we look at the more common risks...that cost (people) money."
"We're more likely to suffer a digital 9/11," said Diffie. Pearl Harbor was an attack by a known entity as opposed to an unknown threat from a mysterious source, as cyberattacks tend to be, he said. "I think we could suffer some astounding event," he added, noting that there was an electricity blackout in the 1990s and a severe telephone outage in the 1980s due to a bug.
Shamir said cyberattacks should be put in perspective and compared with other events that can have even more serious consequences. "If the government has extra money to spend they should spend it on regulating the financial markets and not spend it on regulating cybersecurity," he said.
Martin Hellman, professor emeritus at Stanford, said he has been focusing on nuclear weapons security lately and looking at how risky nuclear deterrence is with his NuclearRisk.org site. It's "at least 1,000 times riskier than having a nuclear power plant located near your home," he said.
Technology "has given human beings power that has historically been reserved for the gods; the ability to create new life forms, the ability to destroy civilization, and the potential for creating unbelievable cooperation or unbelievable chaos," he said.
"Our species is like a 16 year old with a new driver's license who somehow gets his hands on a 500-horsepower Ferrari," Hellman said, adding that people need to learn to control our impulses or risk destroying everything.
SAN FRANCISCO--IBM on Tuesday introduced cloud security services and said it is initiating a company-wide project to develop a security architecture for hosted computing.
The company, which made the announcements at the RSA security conference, also unveiled an appliance designed to protect virtual network segments. Proventia Virtualized Network Security Platform, an appliance that includes intrusion prevention, Web application protection, and network policy enforcement.
IBM also announced:
Proventia Web application firewall, which is embedded into the IBM ISS Proventia portfolio of products and which acts as a virtual application patching mechanism.
Malware scanning for IBM Rational AppScan, which allows users to automatically scan Web sites for embedded malware.
IBM Tivoli Identity and Access Assurance, which offers centralized identity, access and audit services for corporations.
IBM Tivoli Data and Application Security, designed to mitigate privacy and compliance risks by encrypting data stored on tapes and disks.
IBM Tivoli Security Management for z/OS, which features centralized management for mainframes.
