RSSPanda lofts its antivirus protection into the cloud
By Angela Gunn | Published May 11, 2009, 7:18 PM
If the prospect of keeping important data out in the cloud still makes you slightly uneasy, you might get positively lightheaded at the thought of keeping your anti-malware protection up there. But Panda Cloud Antivirus, which entered beta recently, did a decent job of protecting a test system from the bad stuff -- without shoveling our data into the ether, and without slowing our system down.
Panda Security's an old hand at viruses, and under its old name (Panda Software) the Spanish firm has been toiling in the anti-malware trenches since the '90s. Around the turn of the century, the company began to shift away from the once ubiquitous signature-based model and to a combination of behavioral analysis and blocking, heuristics, and hardcore auditing. Still, the malware writers have gotten much smarter in the last decade too -- and they've gotten faster at getting their wares out to the public.
The latest iteration of Panda uses a crowdsourcing-style concept it's calling "Collective Intelligence" to speed up the process of identifying new threats. The user installs a thin Panda client on the system. Panda scans executables as they attempt to run -- no data files and nothing at rest, unless you specifically run a scan -- and notes the software's behavioral patterns, file traces, and the like. It creates what the company calls a "reverse signature" for each executable -- a partial cryptographic hash, in fact -- and sends it up to the cloud to confirm that the executable is clean.
The analysis and classification happens in the cloud, thus combining behavioral data from all the users (while anonymizing that of individuals) and automatically figures out whether it's seeing some heretofore unknown piece of malware. The "reverse signature" is checked, and the executable is flagged as known-good, known-bad, or not known. Panda reps estimate that the system can nail down a new breed of infection within about six minutes of its first appearance.
Our tests found Panda to be a tidy, well-behaved application that on its initial scan presented us with evidence of a nasty little keylogger that our previous antivirus somehow didn't notice. That initial scan took hours and hours on our Vista machine (with its 2/3-full 160 GB drive and 3 GB RAM). We had to jettison our previous antivirus package, which somehow hurt our feelings less after that festering iteration of TPE Civil War IV turned up, to load Panda. Connecting via proxy server was uneventful, requiring only that we provide the IP address and port in use. (If we'd been running Internet Explorer, Panda says the software could have retrieved that information automatically.)
After loading and that initial scan, though, Panda was utterly unobtrusive, only tapping us on the shoulder when something actually turned up. The software sees viruses, worms, trojans, spyware, adware, dialers, "jokes" (which the company defines as unwanted bits of code that don't seem to have a malicious payload but could confuse your machine into thinking it's infected), and cookies. The reports it provided were easy to parse (and save) and linked back to good information pages on Panda's site.
We tried to find something Panda couldn't recognize, but it appears to have the based covered, with one serious exception (read on). The FAQ notes that the software can protect machines against the most common threats while offline, but that full Collective Intelligence requires a net-connected computer. Still, even cutting off our machine's network connection didn't keep Panda from smacking down an assortment of infected files we tried to introduce via USB drive.
When Panda finds a threat it can't neutralize outright, the problematic file is flagged as "pending," with suggestions on how best to proceed. In turn, if we'd had the good (?) fortune to pick up an infection even Panda didn't know about yet, the cloud would have (according to Panda) been able to circle back and quash the infection once Panda's analysis had conclusively identified it as such -- again, in about six minutes according to company estimates.
The program's in beta for now, and there are a few things one hopes will be added to the final package. The lack of scanning for files at rest turns out to be no great source of stress. But we did have trouble with one legit program that had malware deeply embedded; Panda saw the infection, but didn't differentiate between the malware and the legit program, making running the legit software difficult. We noticed that the neutralization process occasionally left some slop in the system, especially in the Registry; it wasn't hurting anything, but it would be best to have that stuff eliminated when the infection is detected.
More disturbingly, the program simply doesn't handle rootkits. Panda does offer a separate Anti-Rootkit package, which is also free; it behaves well running in tandem with antivirus, but we'd suggest either that the functionality be combined or that the install program for Panda make the suggestion that users download the separate Anti-Rootkit as well.
The beta period is expected to be indefinite, beta-style; after that, the company says it will continue to offer a free version. You can't beat the price (a big zero in just the right place); and the detection, footprint and scan time (once we survived that first run) were impressive. Consider making Panda your new lightweight antimalware guardian -- but don't forget to pick up a copy of Anti-Rootkit if you do.
based on my use of it,
seems like something i would recommend.
i like the small foot print and has a modern look to it.
nothing more to ask of it except ensure that it actually "prevents" an infection but won't know until the bridge is crossed.
Score: 0
|There's ESET System Security and the there's everything else. It even protects you from Microsoft updates. I haven't tried it for scrubbing the kitchen floor, but it probably has that ability. You're either using ESET or you're using the wrong security system.
Score: -3
|I'm an ESET wh*** too but they have no offering for Win7 64b users at this time. :\
Score: 0
|Not a single mention about the interface, which is awkward. You wouldn't know it by looking at the graphic above but that little corner foldover is where you change a majority of the settings.
Score: -1
|I wonder if this is lightweight enough to not be noticeable on netbooks (and still be effective).
Score: 0
|Worth mentioning that Panda AV 8.0 beta 3 DOES work with Windows 7 both 32b and 64b versions. I find it very transparent and you hardly notice it as well. It's also a free download while in beta for Win7 users.
Score: 0
|How hard do you test antivirus software? I mean do you go zooming off to the higher risk quarters of the 'net like free porn and warez sites? Or do you have a standard procedure?
I'm personally tempted to set up a VM on my laptop to try this and test to destruction.
Score: 0
|Have fun! The last two years have seen an explosion in the number of V-->P malware.
Score: 0
|Score: 0
|Does not work under Windows 7 64bit. Also probably doesn't work under any 64bit version of Windows. Only tested Win7 64b.
Score: 0
|Wait so a keylogger is/was installed on your admin machines? Are bn username/passwords/etc then at risk?
Score: -2
|No no no oh jeez no! I have a dedicated test machine for just such occasions as these -- a Lenovo ThinkPad Z61m, if you're interested in that sort of thing. NOTHING production-related lives on it, and the poor thing gets hosed down thoroughly after most tests. For a security product, I'll often reformat; for less sensitive stuff, I usually run the tests in a virtual machine. (There was one time back in September when I foolishly just loaded some software and let 'er rip, but Scott F. and the gang are still making fun of me about that.)
In this case, the keylogger must have been sitting there starving to death -- since it exists solely to be a test machine, it's not like I was doing any banking or the like. The only thing I'm now wondering about is the SlingMedia player (okay, maybe the testing machine does a *little* moonlighting over here), but I have never heard of a keylogger that was Sling-aware. Still, I looked at a calendar and figure the logger had to have been sitting in there for at least two months. Really disgusted with the previous antimalware suite for not noticing it.
Score: 0
|and, in the intrest of full disclosure, the name of the other antivirus program was...
Score: 2
|