Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Antivirus Vendors Push Toward Cloud Computing

Key elements of software now being delivered on a software-as-a-service basis

NEW YORK -- Interop Fall 2008 -- Antivirus software is taking up more and more memory on enterprise computers, both on the client and server ends. But new software-as-a-service (SaaS) offerings -- sometimes called "cloud computing" -- may change the AV picture in the near future, according to at least one vendor exhibiting on the show floor here this week.

Antivirus and security software vendor Panda Security has completed a new study which indicates that the growth of malware and other attacks will soon overwhelm current client/server-based AV software, according to Ryan Sherstobitoff, chief corporate evangelist at Panda.

The problem, Sherstobitoff says, it that the rapid proliferation of malware necessitates the rapid growth of signature-based software programs, which vaccinate the client against each new threat. "From 2006 to 2007, we documented about 300,000 malware samples," he says. "This year, it's around 2.5 million. We have seen incidents in which 500,000 malware samples were created overnight. And it's only going to increase as hackers become more sophisticated."

The result is that antivirus vendors are pushing out larger and larger signature files to clients and servers, and sucking up more and more CPU memory. "We're seeing about 200,000 new threats per month, which translates to a file that's 60-80 megabytes," Sherstobitoff says. "The clients are being vaccinated for 5,000 to 6,000 new signatures per day. You see situations where 50 to 60 percent of the CPU is being eaten up by antivirus software at times. The question is how much CPU can the AV software eat up before it's too much?"

Worse, Sherstobitoff says, the signature-based updates are becoming less effective. In a study of almost a million clients, Panda found that 30 percent of U.S. PCs contained an active infection -- even though half of them were running up-to-date antivirus or anti-malware software. "In Europe, it's about 37 percent," he says. "In Asia, it's close to 50 percent."

Among all the PCs that Panda studied, about 80 percent contained malware, Sherstobitoff says. About half of them contained an active Trojan. "What's clear out of all of this is that the current signature-based model is not working," he says. "We need a better method."

Panda, which rolled out its Panda 2009 line just three weeks ago, hopes to address the problem by moving some of its product capabilities into a "cloud computing" SaaS model. The idea is to put the memory-intensive signatures into a central database that can be accessed via a thinner client, thus reducing the CPU drag on the client machine.

"Instead of downloading a huge 60-80-megabyte file of signatures," Sherstobitoff says, "we can deliver a subset of the data, maybe 15-20 MB, and leave the rest on a Web server." Eventually, the company plans to store less and less data on clients and servers, making less and less impact on CPU utilization. "We'd like to evolve to a 100 percent SaaS model," he says.

The cloud computing approach could also make antivirus software more effective in stopping malware and other attacks, Sherstobitoff says. By employing a broad-based set of servers for analyzing new attacks and developing vaccinations, Panda may be able to better correlate the attack data and apply computing muscle to the process. "If we see malware in one country, we can more easily correlate it with a similar attack we see in another country," he says. This makes the signature process more effective and less bulky on the client end, he says.

Of course, the cloud computing model isn't without its drawbacks. It relies on a connection between the client and the antivirus server, which means there could be network latency problems, Sherstobitoff observes. And all clients will have to be outfitted with some method of "rolling back" to local AV if the connection to the security host becomes unavailable.

"There are some issues that we'll have to deal with, but as more and more applications and data move to the Web, this approach will be more and more compatible with what users are doing," Sherstobitoff says.

Other AV vendors, including McAfee and Symantec, are offering SaaS-based products as well.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version allows unauthenticated remote attackers to start a telnetd service on the device.