By pushing as much resource usage as possible into the clouds, Panda Security's new Cloud Antivirus aims to free up the RAM hogging that plagues many security programs. However, testing the new beta revealed slower-than-anticipated scan speeds when doing an on-demand full hard drive scan. Panda's got a solution that might help some users: turn off logging while running the scan.
Cloud Antivirus splits the usual scanning process into three separate processes. The OnAccess Scan detects executing threats, the OnPrefetch Scan detects non-executing threats that are likely to run in the future, and the OnBackground Scan checks all local files when the computer is idle. Because of the way that the scans utilize idle CPU time, the background scan could still be logging when you start an on-demand scan.
The solution is to deactivate the logging feature when you're running a heavy-duty, system-wide scan. This is risky if you forget to turn it back on after you're done, and highlights the lack of advanced options available through the interface. "It's something we're aware of and still fine-tuning," said Pedro Bustamante, senior research adviser at Panda Security, in an e-mail.
Deactivating the advanced logging works, although users shouldn't expect dramatic changes. Scan times increased from 45 percent completed in 30 minutes to 45 percent done in 25 minutes. To toggle the log, download the two Registry keys found at the top of this blog post. Double-click on LoggingOff.reg and reboot your computer to turn off the log, then when you're finished double-click on LoggingOn.reg and reboot to re-activate it. I strongly recommend reading the entire post, though. Bustamante has included a lot of information on how Cloud Antivirus works. The known problems blog post is also worth looking at.
If you do try this Registry tweak out, post your results in the comments below.
Earlier Wednesday, Panda Security introduced Cloud Antivirus beta, the first full-featured cloud-based antivirus program. It does two things that make it competitive and unique compared with its competitors that are tied to your desktop: it prioritizes threats based on type, and it attempts to lighten the load that security programs place on your system resources by moving definition files to a community-based cloud.
Panda Cloud Antivirus and its system resource usage as it performs a scan.
(Credit: Screenshot by Seth Rosenblatt/CNET)The big concern about a cloud-based antivirus is performance, and Cloud Antivirus handled itself decently enough--although it's not a record-setter. On a ThinkPad T42 with a 1.7 GHz Pentium M chip, 1.5 GB RAM, and running Windows XP SP2, Cloud Antivirus used about 23 MB of RAM when idle.
When running a scan, the scan client ate around 40 MB, but the main client jumped to around 32 MB. The scan also took a long time, with only 45 percent of the computer scanned in more than 30 minutes. Pausing the scan client dropped the usage rate from 40 MB to 2 MB.
If you install the program, you can find it listed in your task manager under PSANHost and PSUNMain. There was no noticeable lag when loading programs such as Firefox or MS Word, no browsing the Web. Granted, these tests are empirical and casual, but they bode well for future use by the average consumer.
In February of this year, Panda received higher scores than before for its antivirus detection abilities and lower false positives than in previous years from AV-Test.org.
The program uses a minimalist design to emphasize its features. Cloud Antivirus runs as a panda icon in your system tray. Double-click to open the main screen, which sports a dark theme with translucent borders. The entire window goes translucent when you drag it.
Your security status will appear first, with a large icon and font size telling you whether you're in trouble. Somewhat counter-intuitively, the status tab is on the right side of the window. Moving from right to left, the tabs use icons to identify their features. A bar chart represents the Report tab, a magnifying glass for the Scan tab, and a gear wheel for the Settings. A hard-to-see turned-corner arrow lives in the bottom-right corner of the pane. Click it, and it takes you to the "neutralized" window--basically, it's the quarantine. The arrow then moves to the lower left corner, which you need to click again to get back to the main tabbed window.
The layout isn't hard to follow, but users will have to do some exploring since there's no mouse-over labels to help here.
The Settings tab hides proxy settings and a toggle for Panda's proprietary Collective Intelligence cloud network. Turn it off, and one of the program's most powerful features goes away. You'll still get cloud-based definition updates, but you won't be contributing to the community that's keeping you safe. The Scan tab has two options: to scan your entire computer, or to scan selected files or folders from your desktop. The Reports tab lets you see the results not only of your last scan, but also of scans from the past 24 hours, previous week, and past month.
Panda Cloud Antivirus looks like a move that could have long-reaching effects for consumer security, showing that just because your protection is based in the clouds doesn't mean your head is lodged in them.
Clarification made April 30 at 12:40 p.m.: This story initially contained a typo, inadvertently giving the wrong measurement of RAM on the ThinkPad we used for our testing. It has 1.5 GB of RAM. Thanks go to several readers for pointing out the error in TalkBack.
With threats like Conficker fresh in the public's mind, security remains a top concern for Windows users. Panda Security, publishers of Panda Internet Security and Panda Antivirus, is set to take antivirus where it hasn't been yet: into the clouds. Panda Cloud Antivirus beta bets that nearly three years of development can pay off into a better protection system for users. To that end, Panda's willing to make the client free for personal use--even after it leaves beta testing.
Panda Cloud Antivirus offers on-demand scanning.
(Credit: Panda Security)You can also download the program from CNET Download.com.
The program uses Panda's proprietary cloud computing technology, which they call Collective Intelligence, to detect viruses, malware, rootkits, and heuristics. It takes advantage of "millions of users," according to Panda, to identify new malware almost in real time. Panda says that Collective Intelligence can classify new malware in under six minutes, and that it handles more than 50,000 new samples per day. The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority--usually when the computer is idle.
In exchange for using consumer data to build the Collective Intelligence database, Panda decided to offer the Panda Cloud Antivirus for free, said Pedro Bustamante, senior research adviser at Panda Security.
Panda Cloud Antivirus appears to be able to handle a wide range of threats.
(Credit: Panda Security)The new program reportedly takes up around 50 MB on the hard drive and eats around 17 MB of RAM when in use. That compares well against the industry average that Panda provided of 60 MB, and Bustamante said that they're aiming for 12 MB of RAM when in use.
Cloud computing may make sense from a system resources point of view, but what happens to system security when the computer isn't connected to the Internet? "The model we've implemented is to break down the traditional antivirus to client and server, so when the user is not connected they keep a local cache copy of Collective Intelligence, including detections for what Collective Intelligence sees is spreading through the community," he said.
Panda Cloud Antivirus is for Windows XP and Windows Vista, with planned support for Windows 7 when it's released. Bustamante added that it will stay in beta as it's being accepted by users, although they hope it will leave beta by the end of this summer.
The IFrame code that leads to drive-by exploits.
(Credit: Trend Micro)Over the weekend, thousands of legitimate English-language Italian Web sites fell victim to one line of code. Taking advantage of the trust the users have in the sites they visit, the malicious code silently redirects browsers via JavaScript to servers containing a variety of drive-by exploits. If the visiting computer is unpatched for a variety of operating system, browser, and specific application flaws, malicious code is downloaded. Once installed, the new software can then be used to steal personal information or enlist a compromised machine in attacks on other machines. According to security vendor Websense, the attack now affects over 10,000 Web sites worldwide, and that list continues to grow. According to Trend Micro, servers hosting some of the malicious code have been traced to Chicago, the San Francisco Bay Area, and Hong Kong.
Steps used by Mpack
(Credit: Trend Micro)Fortunately, there are a number of variables here. First, you must accidentally happen upon a vulnerable site, then your computer must have one of several browser vulnerabilities present for the attack to take root. According to Trend Micro, the component that serves up the browser vulnerabilities is browser aware, able to infect your specific browser of choice. Assuming it can, the attack then downloads various Trojans designed to steal personal information.
To prevent such an attack, Trend Micro urges everyone to be aware of sites requiring software installation; do not allow software installation unless you trust the site and the provider of the software. Keep your PC software fully patched and be sure your antivirus protection is updating properly. And, of course, be wary of any unexpected e-mail and e-mail attachments.
For more on this specific attack, antivirus vendor Panda has prepared a 28-page PDF that provides granular detail.
- prev
- 1
- next
