NEW YORK -- Interop Fall 2008 -- Antivirus software is taking up more and more memory on enterprise computers, both on the client and server ends. But new software-as-a-service (SaaS) offerings -- sometimes called "cloud computing" -- may change the AV picture in the near future, according to at least one vendor exhibiting on the show floor here this week.
Antivirus and security software vendor Panda Security has completed a new study which indicates that the growth of malware and other attacks will soon overwhelm current client/server-based AV software, according to Ryan Sherstobitoff, chief corporate evangelist at Panda.
The problem, Sherstobitoff says, it that the rapid proliferation of malware necessitates the rapid growth of signature-based software programs, which vaccinate the client against each new threat. "From 2006 to 2007, we documented about 300,000 malware samples," he says. "This year, it's around 2.5 million. We have seen incidents in which 500,000 malware samples were created overnight. And it's only going to increase as hackers become more sophisticated."
The result is that antivirus vendors are pushing out larger and larger signature files to clients and servers, and sucking up more and more CPU memory. "We're seeing about 200,000 new threats per month, which translates to a file that's 60-80 megabytes," Sherstobitoff says. "The clients are being vaccinated for 5,000 to 6,000 new signatures per day. You see situations where 50 to 60 percent of the CPU is being eaten up by antivirus software at times. The question is how much CPU can the AV software eat up before it's too much?"
Worse, Sherstobitoff says, the signature-based updates are becoming less effective. In a study of almost a million clients, Panda found that 30 percent of U.S. PCs contained an active infection -- even though half of them were running up-to-date antivirus or anti-malware software. "In Europe, it's about 37 percent," he says. "In Asia, it's close to 50 percent."
Among all the PCs that Panda studied, about 80 percent contained malware, Sherstobitoff says. About half of them contained an active Trojan. "What's clear out of all of this is that the current signature-based model is not working," he says. "We need a better method."
Panda, which rolled out its Panda 2009 line just three weeks ago, hopes to address the problem by moving some of its product capabilities into a "cloud computing" SaaS model. The idea is to put the memory-intensive signatures into a central database that can be accessed via a thinner client, thus reducing the CPU drag on the client machine.
"Instead of downloading a huge 60-80-megabyte file of signatures," Sherstobitoff says, "we can deliver a subset of the data, maybe 15-20 MB, and leave the rest on a Web server." Eventually, the company plans to store less and less data on clients and servers, making less and less impact on CPU utilization. "We'd like to evolve to a 100 percent SaaS model," he says.
The cloud computing approach could also make antivirus software more effective in stopping malware and other attacks, Sherstobitoff says. By employing a broad-based set of servers for analyzing new attacks and developing vaccinations, Panda may be able to better correlate the attack data and apply computing muscle to the process. "If we see malware in one country, we can more easily correlate it with a similar attack we see in another country," he says. This makes the signature process more effective and less bulky on the client end, he says.
Of course, the cloud computing model isn't without its drawbacks. It relies on a connection between the client and the antivirus server, which means there could be network latency problems, Sherstobitoff observes. And all clients will have to be outfitted with some method of "rolling back" to local AV if the connection to the security host becomes unavailable.
"There are some issues that we'll have to deal with, but as more and more applications and data move to the Web, this approach will be more and more compatible with what users are doing," Sherstobitoff says.
Other AV vendors, including McAfee and Symantec, are offering SaaS-based products as well.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.