Panda marches on with Cloud Antivirus

May 21, 2010 20:31 GMT  ·  By
Panda Security Senior Research Advisor Pedro Bustamante speaks of the new Cloud Antivirus
   Panda Security Senior Research Advisor Pedro Bustamante speaks of the new Cloud Antivirus

Antivirus companies have been shy too long a time with the release of free versions of their products. But, little by little, top dogs of the industry will wash off their resilience to this idea, especially when the market trend shows that freebie users have a pretty big influence on sales. The larger the user base, the greater the sales.

Panda Security caught on the concept with the release of last year’s Panda Cloud Antivirus and has been on a winning roll with the product ever since. Recently, it launched the beta for the new version, all cranked up with behavioral analysis and blocking, as well as Windows autorun deactivation by default. Pedro Bustamante, senior research advisor at Panda Security, has been once again kind enough to answer a few of our questions revolving around the product.

Softpedia: Panda has taken a bold step with the new beta of Cloud Antivirus, becoming the second AV company after ALWIL (avast! Antivirus) to introduce behavioral analysis in a free product. Is the implementation of new technologies like this one in free programs detrimental to paid products (of any AV vendor) or is it just a way to increase brand awareness? – or: Is the home-user segment dictating the sales of paid products?

Pedro Bustamante: It is mostly a way to increase our knowledge of malware by building a larger community of users who link to our Collective Intelligence system. At the same time, it’s a way to raise brand awareness, but also to allow users without the means to enjoy the Internet and computing in general without having to worry about security issues.

Unlike other vendors what we’re hoping for is that people who can pay for a commercial version do so because they want fewer hassles with automatic upgrades, more support and/or to help us further develop Panda Cloud Antivirus. In short, we do not want to commercialize by limiting the protection, but instead have the best protection be available for free to everyone.

Softpedia: Immunet currently permits users to install their cloud-based product to function alongside other antivirus programs without sparkling incompatibility issues. Is Panda Cloud Antivirus heading the same way or does it chase a different goal, that of being the only protection solution for a home user?

Pedro Bustamante: The goal of Panda Cloud Antivirus is to be the only anti-malware protection you need for your computer. At the end of the day it’s about knowing and processing huge amounts of malware rather than requiring two different products that do the same thing. Panda Cloud Antivirus is perhaps the lightest product on the market in terms of system resource usage, because we move all the heavy lifting into the cloud. But that would not mean anything if you needed to run a heavier competitor on top of it.

With that in mind there’s still people out there that feel more comfortable having two or three scanners installed on the machine and because of that we’ve recently changed the way that Panda Cloud Antivirus installs and now you can install it alongside other solutions to be run in parallel

Softpedia: Despite the general security warnings about AutoRun in Windows, plenty of users rely on this exploitable feature, especially gamers and smart drive users. Do you think that the USB Vaccine feature will catch on or will people dismiss it and rely on an alternative such as behavioral detection or on access scanning?

Pedro Bustamante: Panda Cloud Antivirus 1.1 will be the first massively distributed product I know of that, right after install, will disable Windows Autorun by default. Autorun is so dangerous that it never ceases to amaze me how Microsoft has managed to ignore it for such a long time. Relying on other techniques (signature scanning USB drives as they are plugged in, behavioral analysis, etc.) always leaves some room for the malware to bypass, so I strongly believe this move will provide 100% protection against these types of malware. It’s something that Microsoft should have done long time ago for all platforms (not just Windows 7).

Softpedia: The USB Vaccine started off as a standalone tool before making its way into Cloud Antivirus. Do you plan to integrate other such programs in your free product?

Pedro Bustamante: Actually we integrated USB Vaccine into our retail products last year and it has been working very well. We’ve also pushed it out to many of our corporate customers who have been very grateful for the technology. It has proven to be a very useful technique for preventing many attacks.

Right now we are in the middle of developing some other innovative free tools which will be released in the next few months. Some of these techniques will eventually end up in the free Cloud Antivirus and probably other Panda products as well.

Softpedia: Social engineering is an extremely powerful technique for online fraud and crime. What is your opinion on users giving away private information on online social networks? Could this lead to online crimeware beyond AV vendors’ capability to combat?

Pedro Bustamante: Yes it is amazing, especially with the younger generations, how easily people post their personal information in social networking sites without thinking twice about the security and privacy implications. You don’t do the same thing in the physical world so why is this being done in the online world? Of course malware and marketing companies take advantage of this and exploit the information for profit, using it to send, install adware, etc.

I picture someone with nothing but a helmet and swimsuit jumping in a great white shark infested pool and expecting the helmet to protect him from all harm. Sadly this is the reality of how most people use the Internet nowadays.

Since a few years ago we included an Identity Protection feature in our products in order to define certain types of information which should not leave the computer. The objective is to prevent both accidental and non-accidental leakage of private information. However as you mention this is already outside the score of AV so we have a responsibility to educate users about what products currently do and don’t directly prevent against.

Softpedia: Can you explain how the new behavioral analysis component works in more detail? Are the files sent to Panda's servers to be executed in a sandbox-like environment or is it more like a local host intrusion prevention system (HIPS) that monitors critical areas of the system for suspicious activity?

Pedro Bustamante: It’s more like a local HIPS but with two different techniques. Users will be able to turn either one of these on and off separately.

On one hand the Behavior Blocker is an application and system hardening technology which has proven itself over the years to be very effective against malware hidden in non-PE files, such as PDF, DOC, PPT, XLS, etc. as well as other types of generic detections for specific malicious actions.

On the other hand it also includes a Behavioral Analysis component which is basically a runtime analysis of running processes. It is truly a last line of defense that analyzes what the running program does and how it does it, and is able to discern malicious processes from benign ones. It then kills all communication by the process and ultimately the process itself to protect from further harm.

Softpedia: Many of today's malware threats are being distributed as drive-by downloads from infected websites. Black hat search engine optimization (BHSEO) campaigns that push scareware variants are also a common threat for Web surfers. Will we see a real-time URL scanning feature in future versions of Panda Cloud Antivirus?

Pedro Bustamante: Many users have been asking about this functionality. We haven’t given a clear answer about it yet, but I guess now’s as good a time as any. Yes, we will include it in the very near future.

Softpedia: Banking trojans that hook browser processes to extract or inject data from and into forms are prevalent on today's threat landscape. Are you considering adding a layer of protection at the browser level in Panda Cloud Antivirus?

Pedro Bustamante: We are testing some new techniques in our retail 2011 products which are about to be released to beta that have a browser-protection component. If that turns out to be useful we could eventually integrate it into Panda Cloud Antivirus as well.

Softpedia: Do you gather any statistics on how many users adopt Panda Cloud Antivirus? Can you share some of the numbers so far with our readers?

Pedro Bustamante: We don’t share these numbers. As you would expect, they are not as high as AVG, Avira’s or Avast’s given that Panda Cloud AV was only released in November 2009, but I am happy to share that they are in the millions already, and we believe we are the fastest growing of the free AV vendors. The massive adoption Panda Cloud Antivirus has had in such a short time showcases that our approach of reducing security to the basics is resonating with users. Cloud Antivirus has set a new standard for minimal resource usage, while protecting users in ways never before possible.

Softpedia: Behavioral detection has been included in the latest Cloud Antivirus. Is it safe to say that TruPrevent has been adopted and that PDF/Office exploits are 100% detectable by Panda Cloud Antivirus?

Pedro Bustamante: In short, yes. But we’ve done a lot more than just "adapting" it. We’ve re-built it from scratch to be integrated into the Cloud Antivirus architecture. The behavior blocker component I was talking about in question 6 is the component that is able to generically stop 100% of the PDF/Office and similar exploits.

Softpedia: IMMUNET has partnered with Sourcefire to integrate their ClamAV heuristic antivirus engine into future versions of its product for offline scanning purposes. Have you considered taking Panda Cloud Antivirus' offiline detection capabilities beyond the local cache?

Pedro Bustamante: Actually with version 1.1 we have added three more layers of offline protection to the existing two layers already included in 1.0 (local cache and heuristic):

* Behavioral analysis is a local technology that works both online and offline. * Behavioral blocking is a local technology that works both online and offline. * Autorun deactivation by default and automatic USB vaccination is a local technology that shuts the door on the main "offline malware" entry vector.

Softpedia: How will users of the current final Cloud Antivirus be alerted of the new and improved edition? - assuming that they are not yet aware of the beta

Pedro Bustamante: The installed product will show a notification from the traybar icon alerting users that there’s a new version. When they click on it they will be taken to the www.cloudantivirus.com website where they’ll be able to download the new version.

Softpedia: How will the new version reach users’ computers? - automatic silent install, manual download of the new edition, does the new edition install over the previous one, does it automatically uninstall it?

Pedro Bustamante: As mentioned above users will get a notification to download the new version. After that the rest of the process is automatic. The new version will uninstall the older one and automatically install the new one.

Softpedia: When is the final version for the new Panda Cloud Antivirus scheduled to be released? Do you think you’ll meet the deadline?

Pedro Bustamante: There’s that tricky question again :)

Actually this time around we are very on target with our scheduled release and the betas are looking very stable thanks to all the feedback we are getting from our Support Forum users and power mods. Last year we said we would release between Q1 and Q2 and it looks like we will reach that with some weeks to spare.