New Protection Model Explained
With Panda Cloud Antivirus we introduce a new protection model based on a thin-client agent & server architecture which services malware protection as opposed to locally installed products. By combining local detection technologies with cloud-scanning capabilities and applying non-intrusive interception techniques on the client architecture, Panda Cloud Antivirus provides some of the best protection with a lightweight antivirus thin-client agent that barely consumes any PC resources.
Panda Cloud Antivirus is the first antivirus based on this innovative protection model which is based on two fundamental principles:
1. Automatic malware detection and remediation from the cloud in real-time.
2. The use of an ultra-lightweight thin-client agent.
Automatic Malware Detection & Remediation from the Cloud
One of the main pillars of Panda Cloud Antivirus is its real-time use of Panda Collective Intelligence, which is an online from-the-cloud system that automates the entire malware protection cycle; collecting new samples, analyzing, categorizing, creating detection and disinfection routines and delivering the protection to each node.
Thanks to this approach users do not need to worry about updating signature files anymore. In fact, detection of millions and millions of different malware variants is no longer limited by the size of a signature database, as Collective Intelligence can hold literally unlimited number of detections without consuming any memory on the users’ PC.
Another benefit of using cloud-based detection is that the time from detection to protection has been shortened a lot. It takes C.I. literally under 6 minutes to analyze and classify a new file that it receives.
An important aspect of Collective Intelligence is the use of correlation in order to further improve detection of new variants. By using information from the different nodes C.I. can protect against new strains of malware by correlating its activity from the first time it’s seen in one of the nodes. Therefore the community becomes the lab. The most users use Panda Cloud Antivirus, the better protected everybody is.
A Lightweight Thin-Client that Off-Loads the Hard Work to the Server
The client portion of Panda Cloud Antivirus has been designed from the ground up to protect PCs in a non-intrusive way. Basically we’ve redesigned the traditional on-access interception techniques to work on a slightly different way, adapting to users real needs of reduced performance impact while concentrating on the truly important aspects of protection when it is needed.
Traditionally AV engines have intercepted files and objects in multiple layers (entry vector, file system and execution). In each layer, each object is scanned by multiple technologies, such as antivirus signatures, rules, heuristics, behavioral analysis, etc. This redundancy of scans results in a degradation of user experience as the AV ends up consuming a lot of valuable PC resources and impacting global performance.
Even as a lightweight agent, Panda Cloud Antivirus provides excellent protection as it applies intelligent interceptions and scans of the files in the local PC based on Collective Intelligence and its local cache copy. It does this by implementing different types of on-access scans which are defined as follows:
- On-Access Scan. This is the maximum priority resident scan that is applied only to objects which are truly a security risk in a specific point in time: files which are being executed or used. The file is intercepted, prevented from running and disinfected if found to be malicious.
- Prefetch Scan. There are other elements such as files downloaded from the Internet which, while not being executed at a specific point in time, have a much higher risk and probability of being executed at any time. These files should be watched more closely than files which have barely any activity, as we can expect them to be executed, unpacked, copied or moved shortly. A Prefetch Scan basically launches an asynchronous local & cloud query on the file to scan it “as soon as possible” without impacting performance. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.
- Background Scan. Lastly a normal PC has hundreds of thousands of files in its hard drive. Most of these files are not executing normally and simply just “sit there” until either the use double-clicks on them or they are called upon by another process. These are considered the least dangerous files from a security perspective. Panda Cloud Antivirus will continuously run Background Scans on these in an asynchronous manner while the PC is idle, without impacting performance at all. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.
Panda Cloud Antivirus represents for us a new model for protecting PCs in a manner that users have been asking for a long time: without performance impact. We hope that you enjoy this technology beta and can share your experiences and test results with us, both in this blog in the form of feedback at www.cloudantivirus.com or by sending an email directly to firstname.lastname@example.org.