Now, 'network cloud' for next-generation antivirus system

By Staff

Published: Thursday, August 7, 2008, 12:42 [IST]

Add as a preferred source on Google

Washington, Aug 7 : That constant cribbing about the antivirus software in your computer may soon be a thing of the past, thanks to a new "cloud computing" approach to malicious software detection developed at University of Michigan that tackles computer bugs seamlessly on the Internet.

Named CloudAV, the new approach moves antivirus functionality into the "network cloud" and off personal computers.

It analyses suspicious files using multiple antivirus and behavioural detection programs simultaneously.

The researchers say that antivirus software from popular vendors are not very effective, and that new threats go undetected for an average of seven weeks.

They also say that antivirus engines have severe vulnerabilities too.

"CloudAV virtualises and parallelises detection functionality with multiple antivirus engines, significantly increasing overall protection," said Farnam Jahanian, professor of computer science and engineering in the Department of Electrical Engineering and Computer Science.

For coming up with this novel approach, the researchers evaluated 12 traditional antivirus software programs against 7,220 malware samples, including viruses, collected over a year.

The vendors tested were: Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.

While traditional antivirus software checks documents and programs as they are accessed, this results in only one antivirus detector being used at a time because of performance constraints and program incompatibilities.

However, CloudAV can support a large number of malicious software detectors that act in tandem to analyse a single incoming file.

Since each detector operates in its own virtual machine, the technical incompatibilities and security issues are resolved.

CloudAV is accessible to any computer or mobile device on the network that runs a simple software agent. Every time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis. he system uses 12 different detectors that act simultaneously to tell the inquiring computer whether the item is safe to open.

It also caches analysis results, which accelerates the process as compared to traditional antivirus software.

According to the researchers, this may prove beneficial at places where multiple people might access the same document, such as workplaces.

This new system also includes something dubbed as "retrospective detection", which scans its file access history when a new threat is identified. This enables it to catch previously-missed infections earlier.

CloudAV has promising implications in cell phones and other mobile devices that aren't robust enough to carry powerful antivirus software.

A paper on the new approach was recently presented at the USENIX Security Symposium.

ANI