Home > architecture > New Protection Model Explained

New Protection Model Explained

April 29th, 2009

With Panda Cloud Antivirus we introduce a new protection model based on a thin-client agent & server architecture which services malware protection as opposed to locally installed products. By combining local detection technologies with cloud-scanning capabilities and applying non-intrusive interception techniques on the client architecture, Panda Cloud Antivirus provides some of the best protection with a lightweight antivirus thin-client agent that barely consumes any PC resources.

Panda Cloud Antivirus is the first antivirus based on this innovative protection model which is based on two fundamental principles:

1. Automatic malware detection and remediation from the cloud in real-time.
2. The use of an ultra-lightweight thin-client agent.

Automatic Malware Detection & Remediation from the Cloud

One of the main pillars of Panda Cloud Antivirus is its real-time use of Panda Collective Intelligence, which is an online from-the-cloud system that automates the entire malware protection cycle; collecting new samples, analyzing, categorizing, creating detection and disinfection routines and delivering the protection to each node.

Thanks to this approach users do not need to worry about updating signature files anymore. In fact, detection of millions and millions of different malware variants is no longer limited by the size of a signature database, as Collective Intelligence can hold literally unlimited number of detections without consuming any memory on the users’ PC.

Another benefit of using cloud-based detection is that the time from detection to protection has been shortened a lot. It takes C.I. literally under 6 minutes to analyze and classify a new file that it receives.

An important aspect of Collective Intelligence is the use of correlation in order to further improve detection of new variants. By using information from the different nodes C.I. can protect against new strains of malware by correlating its activity from the first time it’s seen in one of the nodes. Therefore the community becomes the lab. The most users use Panda Cloud Antivirus, the better protected everybody is.

A Lightweight Thin-Client that Off-Loads the Hard Work to the Server

The client portion of Panda Cloud Antivirus has been designed from the ground up to protect PCs in a non-intrusive way. Basically we’ve redesigned the traditional on-access interception techniques to work on a slightly different way, adapting to users real needs of reduced performance impact while concentrating on the truly important aspects of protection when it is needed.

Traditionally AV engines have intercepted files and objects in multiple layers (entry vector, file system and execution). In each layer, each object is scanned by multiple technologies, such as antivirus signatures, rules, heuristics, behavioral analysis, etc. This redundancy of scans results in a degradation of user experience as the AV ends up consuming a lot of valuable PC resources and impacting global performance.

Even as a lightweight agent, Panda Cloud Antivirus provides excellent protection as it applies intelligent interceptions and scans of the files in the local PC based on Collective Intelligence and its local cache copy. It does this by implementing different types of on-access scans which are defined as follows:

  • On-Access Scan. This is the maximum priority resident scan that is applied only to objects which are truly a security risk in a specific point in time: files which are being executed or used. The file is intercepted, prevented from running and disinfected if found to be malicious.
  • Prefetch Scan. There are other elements such as files downloaded from the Internet which, while not being executed at a specific point in time, have a much higher risk and probability of being executed at any time. These files should be watched more closely than files which have barely any activity, as we can expect them to be executed, unpacked, copied or moved shortly. A Prefetch Scan basically launches an asynchronous local & cloud query on the file to scan it “as soon as possible” without impacting performance. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.
  • Background Scan. Lastly a normal PC has hundreds of thousands of files in its hard drive. Most of these files are not executing normally and simply just “sit there” until either the use double-clicks on them or they are called upon by another process. These are considered the least dangerous files from a security perspective. Panda Cloud Antivirus will continuously run Background Scans on these in an asynchronous manner while the PC is idle, without impacting performance at all. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.

Panda Cloud Antivirus represents for us a new model for protecting PCs in a manner that users have been asking for a long time: without performance impact. We hope that you enjoy this technology beta and can share your experiences and test results with us, both in this blog in the form of feedback at www.cloudantivirus.com or by sending an email directly to beta@pandasecurity.com.

TIA

Categories: architecture Tags:
  1. Sage
    April 29th, 2009 at 18:38 | #1

    How will this work with Outlook 2007 email, will I still have to run an application for email protection

  2. April 29th, 2009 at 19:25 | #2

    The Canadian,

    take a look at the online help. There it is written: Panda Cloud Antivirus works with Windows XP & Windows Vista in 32Bit only. See: http://www.cloudantivirus.com/help/01/en/nnv_en.htm#05.htm

    You may use the Panda Antivirus/Internet Security/Global Protection 2009 instead, which can be installed on x64 Systems.

  3. Rik Smits
    April 29th, 2009 at 20:50 | #3

    People@panda,

    Where can i return my 60+ Panda Antivirus Packs we’ve bought from a dutch distributor? WTF!

    First sell Antivirus solutions to a reseller and than start giving it away for free? This is just not done. Please give us a refund.

    There are not enough 64bit users to sell this to.

    The firewall is not worth 20 euros…. Because that is the only real difference.

    Good to give away free stuff, but stop selling your other solution like Antivirus Pro.

    This free solution works better than PAV09…? Systemload is less…

    How can you sell this to your resellers?

    regards,

    Rik Smits

  4. Robert Nielsen
    April 29th, 2009 at 21:21 | #4

    Okay…for everybody complaining…the key word here is BETA….this is a BETA…and beta programs, historically, have been distributed for FREE…I would imagine that once this program comes out of beta, it will be charged for, just like most other programs.

  5. The Canadian
    April 29th, 2009 at 22:11 | #5

    Peter Piksa :The Canadian,
    take a look at the online help. There it is written: Panda Cloud Antivirus works with Windows XP & Windows Vista in 32Bit only. See: http://www.cloudantivirus.com/help/01/en/nnv_en.htm#05.htm
    You may use the Panda Antivirus/Internet Security/Global Protection 2009 instead, which can be installed on x64 Systems.

    That is NOT the point, if they were going to bring something like this out they should have made it for everyone to be able to install…and I’ve never had any other application refuse to run on x64; so this as it stands is a big fat piece of shit and will fail because Panda is telling x64 users to screw off!!!

  6. The Canadian
    April 29th, 2009 at 22:12 | #6

    Also, Peter, stop being a kiss ass…!

  7. Dave P
    April 29th, 2009 at 22:23 | #7

    Does Panda’s Cloud Antivirus have anything to do with the similarly named Cloud AV which was developed at the University of Michigan?

    http://www.ns.umich.edu/htdocs/releases/story.php?id=6666

  8. Grew Marlow
    April 29th, 2009 at 23:53 | #8

    Definitely not the first approach for cloud-based antivirus:

    http://www.eecs.umich.edu/fjgroup/cloudav/

  9. Sage
    April 30th, 2009 at 00:44 | #9

    Robert Nielsen :
    Okay…for everybody complaining…the key word here is BETA….this is a BETA…and beta programs, historically, have been distributed for FREE…I would imagine that once this program comes out of beta, it will be charged for, just like most other programs.

    The power of free

    Panda plans to offer this service free to consumers indefinitely, Santana says. He figures Panda has a head start over larger rivals. Still, the service must build a track record. McKeay wonders if Panda’s cloud protection will work well for PC users with slower Internet connections and if Panda is truly prepared to expand rapidly, if need be. “I’m slightly skeptical of the implementation,” McKeay says.

    http://www.usatoday.com/tech/news/computersecurity/2009-04-29-panda-security-cloud-antivirus_N.htm?csp=15

    see the words free indefinitely

  10. The American
    April 30th, 2009 at 00:56 | #10

    Lots of technobabble and marketing blahblah in this “explanation”. I really don’t quite understand it and it’s actually totally annoying to try to figure out what’s hidden behind meaningless hollow phrases like: “intelligent interceptions”, “Collective Intelligence”. Use clear language please and define the technical terms you use (invent), like “cloud system”.
    For now anyway, I can’t see how this would be so different and so much better than what i have right now.
    I just guess this requires an always on internet connection and the scan is quasi-online as well.
    For me right now this is just snake oil and I dont’ think I like it.

  11. April 30th, 2009 at 01:00 | #11

    are computers still protected when they’re not connected to the internet ? :)

    if i happen to plug an infected usb key while not online, what happens?

  12. April 30th, 2009 at 01:25 | #12

    @Sage, no need to run a separate email protection program in parallel. As soon as the attachments are copied to the drive or tried to execute, they will be scanned and deleted/disinfected if needed.

    @TheCanadian, I deleted your comments in this post as they are duplicated in the “Welcome” post and I answered there. Am a 64x user myself and I can guarantee you will have a version available for 64bits.

    @Rik, it’s not quite the same thing. Keep in mind security suites containt many more functionalities not found in free AVs like Panda Cloud Antivirus, such as firewall, anti-spam, parental control, technical support, etc.

    @Robert, we will not charge after beta is completed. It will continue being free.

    @Dave, @Grew, the only thing that Panda Cloud Antivirus has in common with the UofM project is the name “cloud”. If you read the documentation from the project you’ll see that what they’ve done is basically an agent that sends complete files to a centralized server to be scanned by multiple AV engines. At the end what you have is still dependent on the signature detection and on whether these have the latest sig files or not. Also all the files are transmitted through the wire, which is not very convenient for users.

    @TheAmerican, if you want to see more in-depth how it works you can read the next post “Testing Panda Cloud Antivirus: Advanced Logging”. Install the product, turn on advanced logging and you´ll be able to see what it does by yourself.

    @Gonzague, yes, computers are still protected while not connected to the Internet. Basically Panda Cloud Antivirus keeps a local cache copy of the Collective Intelligence servers for off-line operation, which contains detections for malware that is truly out there infecting people (approx 4-5 million samples). While the complete detection capabilities are much higher while connected to the Internet (approx 25 million samples detected last week), also the chances of being infected are much lower when off-line.

  13. Soum
    April 30th, 2009 at 02:52 | #13

    This still doesn’t explain what is transferred over the wire? What latencies are we talking about for an onAccess scan (more or less than local antiviruses)? What amount of network traffic are we dealing with?

  14. April 30th, 2009 at 03:25 | #14

    There’s a variety of information sent to the cloud depending on the actions which the agent is performing locally: telemetry and statistics on detections, signatures, behavioral traits, detection names,… Not much different than the information exchanged between your traditional AV interception driver and the different scanning engines (signature/heuristic/behavioral). The only difference is that instead of having all this information exchange happen locally in your PC, it is now exchanged between client and server.

  15. Sage
    April 30th, 2009 at 06:09 | #15

    Does cloud antivirus work well with others or should be run alone?
    Thanks for the fist come back

  16. Robert Nielsen
    April 30th, 2009 at 07:43 | #16

    Sage :

    Robert Nielsen :Okay…for everybody complaining…the key word here is BETA….this is a BETA…and beta programs, historically, have been distributed for FREE…I would imagine that once this program comes out of beta, it will be charged for, just like most other programs.

    The power of free
    Panda plans to offer this service free to consumers indefinitely, Santana says. He figures Panda has a head start over larger rivals. Still, the service must build a track record. McKeay wonders if Panda’s cloud protection will work well for PC users with slower Internet connections and if Panda is truly prepared to expand rapidly, if need be. “I’m slightly skeptical of the implementation,” McKeay says.
    http://www.usatoday.com/tech/news/computersecurity/2009-04-29-panda-security-cloud-antivirus_N.htm?csp=15
    see the words free indefinitely

    Ah…well, I didn’t see those words…”free indefinitely”, that is. I stand humbled and corrected.

  17. sistema
    April 30th, 2009 at 09:17 | #17

    non compatible with existing security suite. not possible to install it, without prior unistall of control centre.

  18. comm
    April 30th, 2009 at 09:25 | #18

    What about web security in this AV?

  19. Mr Smith
    April 30th, 2009 at 11:18 | #19

    “Panda Cloud Antivirus is the first antivirus based on this innovative protection model”

    Prevx has been doing this for years so Panda is definitely not the first AV to use the cloud!

  20. April 30th, 2009 at 11:30 | #20

    @Sage, actually just like other AVs, you need to uninstall any other AV before installing cloud antivirus.

    @sistema, exactly, you need to uninstall any other AV before being able to install cloud antivirus.

    @comm, when you mention “web security” what do you refer to exactly, http scanning? The new model we’re proposing with Cloud Antivirus tags these files which are downloaded via http for scanning in an asynchronous way, so yes they are scanned.

  21. comm
    April 30th, 2009 at 12:26 | #21

    Thanks. This is very interesting if it works;)

  22. April 30th, 2009 at 13:08 | #22

    @Mr Smith, we have been doing cloud-scanning as well for a long time, actually since 2007 with our NanoScan online scanner. Also when refering to first we mean not only cloud-based but also the protection architecture model of new philosophy of on-access interception.

  23. Thomas
    April 30th, 2009 at 15:36 | #23

    I’ve just installed it yesterday.

    Works perfectly. I was about to buy a new laptop because this one had gotten slow (using 360 AV solutions before this), but now it speedy again.

    I didnt know an av could use up this much resources from my pc.

    Great software!! (but do keep it free :)

  24. Dave P
    April 30th, 2009 at 19:29 | #24

    According to your FAQ:

    “Once the Beta period has finished, the detection capacity of the antivirus will reduce considerably as it will no longer have access to our Collective Intelligence servers. From then on, you can get the free version and benefit from special conditions when you buy the full service.”

    The way I read that, the free version will not have access to the Collective Intelligence servers.

    If this is not the case,I would strongly suggest that the FAQ be clarified.

  25. April 30th, 2009 at 19:35 | #25

    @Dave P You’re right, it reads a little confusing. Rest assured, Panda Cloud Antivirus will remain free after beta with full detection capabilities.

  26. April 30th, 2009 at 21:57 | #26

    Recientemente me llegó el anuncio de su nuevo producto. Me siento contento de que ahora mejoren su mercado y la oferta para las personas que disfrutan de su antivirus. Ahora, lo que resta es probarlo y dejar que la experiencia como usuarios nos anime a adquirir alguna versión de pago que me imagino sacarán dentro de poco. Saludos desde El Salvador.

  27. Bob Anderson
    May 1st, 2009 at 00:11 | #27

    Can you make a clear and unambiguous statement concerning how much of each scanned user file, if any, is transmitted to the cloud to address security concerns end users may have? For example, if scanning a MS Outlook file, which portions of that file are revealed to the cloud?

  28. James
    May 1st, 2009 at 03:24 | #28

    Interesting.

    1. Only two options for manual scanning? What about false positive or testing? Panda is going to delete a file without quarantining it first so if there is a false positive oh well sorry Panda deleted the file and now a program or function is broken?

    2. If this is free what features will make users want to pay for a Pro version? Will there even be a Pro version?

    3. I understand a 64bit version will come later but that does nothing now to let users work out the bugs now.

  29. May 2nd, 2009 at 01:17 | #29

    @Bob Anderson We don’t scan user documents, only PE files (executable code). And of PE files we don’t send any portion thereof to the cloud, only what we call “reverse signatures” and “behavioral traits” or properties of the file. Enough to be able to process it to classify it as either malware or goodware.

    @James 1. There is a quarantine. It’s called Recycle Bin and you can access it from the folded bottom-right corner of the application.

    2. Yes we are thinking about a pro vesion with more features and functionalities. But you’ll always have a full AV for free. Whatever happens we will not use protection features as a differentiator so that FREE detects less. The idea is that the FREE version has all it needs when it comes to anti-malware protection.

    3. Really sorry, we didn’t think it was going to be as much of an issue and wanted to get started with testing the cloud and client architecture asap. We’re now re-defining our priorities and 64bits is one of them.

  30. May 2nd, 2009 at 04:51 | #30

    To use Cloud do I really have to uninstall my Norton 360 first? I paid a lot of money for 360 and don’t fancy losing it!

  31. Daniel
    May 2nd, 2009 at 17:33 | #31

    Hi Pedro, this is a truly great idea and looks like really good software. You have hit the nail on the head, I use, recommend and sell AV software that consumes the least possible resources. Good luck with the Beta, I look forward to installing on my PC as soon as beta testing is complete. – Daniel

  32. May 5th, 2009 at 17:05 | #32

    Dear Pedro,
    I’m not a techie but I appreciate this Av program because it doesn’t have all the geegaws. I can download specific programs for specific issues. Keeping this purely anti-viral is the way to go, not adding a firewall or other tools. Andrew

  33. jcpham
    May 13th, 2009 at 05:59 | #33

    Trend Micro and other AV vendors are working on this same scheme. I’m a trend beta tester and have tested their “cloud” implementation of their server/client suite and have to admit, I like this better. I’m not a fan of Panda’s other products/suites, though. I find them to be a bit bulky. It’s nice to see a change of pace from an antivirus vendor – less bloat, more to the point.

  34. May 13th, 2009 at 10:38 | #34

    @Daniel, @Andrew Knutson, @jcpham Thanks for your comments guys.

  35. May 14th, 2009 at 01:32 | #35

    Pedro, I can’t stop yapping about Cloud AV. Do you have free duct tape available so I can shut myself up? ;D

  36. May 14th, 2009 at 02:42 | #36

    @Tim hehe, thanks man :)

  37. May 15th, 2009 at 04:50 | #37

    Wait, we’re going to need a lot of duct tape. It seems people I’ve told have told others. Don’t you just *hate* when that happens? ;-)

  38. June 9th, 2009 at 18:23 | #38

    It would be great if this protection model really took off and replaced the older model. I have to admit, however, that this client has a long way to go. I am switching to panda internet security in a few weeks for my everyday antivirus, since if I understand it correctly, it also has access to the collective intelligence.

  39. June 9th, 2009 at 18:27 | #39

    @Sam Smoker exactly with Panda Internet Security you’ll also be connected to Collective Intelligence and benefit from its detection capabilities. Keep an eye open as Panda Internet Security 2010 is just around the corner.

  40. baidwan
    June 30th, 2009 at 08:54 | #40

    hello, i used this av. but scan speed is really slow,but ya detection capabilities are awesome. keep up the good work[:)]. I hope scan speed increases.
    Thanks

  41. July 1st, 2009 at 01:34 | #41

    @baidwan we just published Beta2 which fixes this slowness of scans in certain situations. You can read more about Beta2
    here:
    http://blog.cloudantivirus.com/2009/06/30/cloud-antivirus-beta2-released/

  42. Michael D
    July 10th, 2009 at 12:30 | #42

    Panda Cloud AV produces more false positives than I have ever had from any other AV software. What is more, it has a habit of disabling or deleting programs without consultation. It was interesting to read, in answer to another post, “There is a quarantine. It’s called Recycle Bin and you can access it from the folded bottom-right corner of the application”. However, Panda Cloud AV has deleted a program called ipscan.exe, and there is no sign of it in the quarantine. In any case it would have been nice to have had access to the quarantine more visible: I had searched and searched, and failed to find any way of accessing anything of the sort. Why not have a more readily comprehensible user interface, perhaps with a menu bar at the top, and helpful things like that, instead of something completely obscure, such as having to click on a bit at the corner that is supposed to look as though it is folded over. A plain traditional Windows interface would be much more useful: it wouldn’t give some arty type people the pleasure of having designed an eye-catching display, but who cares? I use software to do a job, not to look fancy. Anyway, even now that I know the gimmicky way to access the quarantine, the fact remains that some files have been deleted and are NOT in the quarantine.

  43. July 10th, 2009 at 13:29 | #43

    @Michael D Most of your suggestions have already been taken into consideration. Beta2 which is recently available from http://www.cloudantivirus.com already gives the option of recovering items which have been deleted. Also some FP problems have been fixed as well. Please read the following for more info on Beta2:
    http://blog.cloudantivirus.com/2009/06/30/cloud-antivirus-beta2-released/

  44. Salman
    July 17th, 2009 at 13:00 | #44

    I LOVE this AV man, it works gr8, gr8 job!

    India.

  45. cheap computers
    July 31st, 2009 at 12:42 | #45

    It sounds great that Panda Cloud Antivirus is the first antivirus based on this innovative protection model which is based on two fundamental principles.

  46. ajcnet
    September 30th, 2009 at 17:17 | #46

    Is there a MAC OS X version available??

    Looks like a GREAT product.

  47. October 6th, 2009 at 16:58 | #47

    @ajcnet Not planned right now…. we’re keeping busy with all the new features and functionalities we need to develop for win32 first.

Comments are closed.