Panda lofts its antivirus protection into the cloud

If the prospect of keeping important data out in the cloud still makes you slightly uneasy, you might get positively lightheaded at the thought of keeping your anti-malware protection up there. But Panda Cloud Antivirus, which entered beta recently, did a decent job of protecting a test system from the bad stuff -- without shoveling our data into the ether, and without slowing our system down.

Panda Security's an old hand at viruses, and under its old name (Panda Software) the Spanish firm has been toiling in the anti-malware trenches since the '90s. Around the turn of the century, the company began to shift away from the once ubiquitous signature-based model and to a combination of behavioral analysis and blocking, heuristics, and hardcore auditing. Still, the malware writers have gotten much smarter in the last decade too -- and they've gotten faster at getting their wares out to the public.

The latest iteration of Panda uses a crowdsourcing-style concept it's calling "Collective Intelligence" to speed up the process of identifying new threats. The user installs a thin Panda client on the system. Panda scans executables as they attempt to run -- no data files and nothing at rest, unless you specifically run a scan -- and notes the software's behavioral patterns, file traces, and the like. It creates what the company calls a "reverse signature" for each executable -- a partial cryptographic hash, in fact -- and sends it up to the cloud to confirm that the executable is clean.

The analysis and classification happens in the cloud, thus combining behavioral data from all the users (while anonymizing that of individuals) and automatically figures out whether it's seeing some heretofore unknown piece of malware. The "reverse signature" is checked, and the executable is flagged as known-good, known-bad, or not known. Panda reps estimate that the system can nail down a new breed of infection within about six minutes of its first appearance.

Our tests found Panda to be a tidy, well-behaved application that on its initial scan presented us with evidence of a nasty little keylogger that our previous antivirus somehow didn't notice. That initial scan took hours and hours on our Vista machine (with its 2/3-full 160 GB drive and 3 GB RAM). We had to jettison our previous antivirus package, which somehow hurt our feelings less after that festering iteration of TPE Civil War IV turned up, to load Panda. Connecting via proxy server was uneventful, requiring only that we provide the IP address and port in use. (If we'd been running Internet Explorer, Panda says the software could have retrieved that information automatically.)

After loading and that initial scan, though, Panda was utterly unobtrusive, only tapping us on the shoulder when something actually turned up. The software sees viruses, worms, trojans, spyware, adware, dialers, "jokes" (which the company defines as unwanted bits of code that don't seem to have a malicious payload but could confuse your machine into thinking it's infected), and cookies. The reports it provided were easy to parse (and save) and linked back to good information pages on Panda's site.

We tried to find something Panda couldn't recognize, but it appears to have the based covered, with one serious exception (read on). The FAQ notes that the software can protect machines against the most common threats while offline, but that full Collective Intelligence requires a net-connected computer. Still, even cutting off our machine's network connection didn't keep Panda from smacking down an assortment of infected files we tried to introduce via USB drive.

When Panda finds a threat it can't neutralize outright, the problematic file is flagged as "pending," with suggestions on how best to proceed. In turn, if we'd had the good (?) fortune to pick up an infection even Panda didn't know about yet, the cloud would have (according to Panda) been able to circle back and quash the infection once Panda's analysis had conclusively identified it as such -- again, in about six minutes according to company estimates.

The program's in beta for now, and there are a few things one hopes will be added to the final package. The lack of scanning for files at rest turns out to be no great source of stress. But we did have trouble with one legit program that had malware deeply embedded; Panda saw the infection, but didn't differentiate between the malware and the legit program, making running the legit software difficult. We noticed that the neutralization process occasionally left some slop in the system, especially in the Registry; it wasn't hurting anything, but it would be best to have that stuff eliminated when the infection is detected.

More disturbingly, the program simply doesn't handle rootkits. Panda does offer a separate Anti-Rootkit package, which is also free; it behaves well running in tandem with antivirus, but we'd suggest either that the functionality be combined or that the install program for Panda make the suggestion that users download the separate Anti-Rootkit as well.

The beta period is expected to be indefinite, beta-style; after that, the company says it will continue to offer a free version. You can't beat the price (a big zero in just the right place); and the detection, footprint and scan time (once we survived that first run) were impressive. Consider making Panda your new lightweight antimalware guardian -- but don't forget to pick up a copy of Anti-Rootkit if you do.