Channels ▼

Jonathan Erickson

Dr. Dobb's Bloggers

Antivirus Software Heads for the Clouds

August 06, 2008

When you stop and think about it, there's nothing really new about "cloud computing" other than it being a buzzword du jour for high-tech hypemeisters. That's not to say that as a concept, cloud computing -- Internet-based infrastructures that deliver IT services -- isn't useful. It most certainly is, and with any luck at all, new and unique applications for cloud computing will continue to pop up. Like the CloudAV project at the University of Michigan, for instance.

According to security reseachers, traditional antivirus software is becoming increasingly ineffective, as evident by malware detection rates as low as 35 percent against the most recent threats and an average window of vulnerability exceeding 48 days. In other words, new threats go undetected for an average of seven weeks

The CloudAVCloudAV approach that Jon Oberheide, Evan Cooke, and Farnam Jahanian describe in their paper CloudAV: N-Version Antivirus in the Network Cloud, moves antivirus functionality off local PCs and into the cloud where it analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.

To develop this approach, the trio evaluated 12 traditional antivirus software programs from vendors such as Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec, and Trend Micro against 7,220 malware samples, including viruses, collected over a year. Traditional antivirus software that resides on a PC checks documents and programs as they are accessed. Because of performance constraints and program incompatibilities, only one antivirus detector is typically used at a time. CloudAV, however, can support a large number of malicious software detectors that act in parallel to analyze a single incoming file. Each detector operates in its own virtual machine, so the technical incompatibilities and security issues are resolved.

CloudAV is accessible to any computer or mobile device on the network that runs a simple software agent. Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis. The CloudAV system the researchers built uses 12 different detectors that act together to tell the PC whether the item is safe to open.

CloudAV also caches analysis results, speeding up the process compared with traditional antivirus software. This could be useful when multiple employees access the same document. The new approach also includes what the developers call "retrospective detection," which scans its file access history when a new threat is identified. This allows it to catch previously-missed infections earlier. Finally, they see opportunities for CloudAV application to cell phones and other mobile devices that aren't robust enough to carry powerful antivirus software.

 

Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 


Video