Panda Antivirus or: How I Learned to Stop Worrying and Love the Cloud

http://www.cloudantivirus.com/en/

I’ve been using this for a while (uninstalled Security Essentials) and it is pretty cool. It’s lightweight, doesn’t need to download definitions, has very minimal network usage (lighter than any other AV program), and is perfect for the people who you know will never update their definitions or look at their AV program ever. Quick install as well.
I never have to worry about my CPU usage or scheduled scans anymore. It’s all in the cloud.

I think I’m going to keep it. It is free after all.

Do you have any idea how effective it is at detecting virii?

99.4% detection rate, higher than any of the free ones including Security Essentials.

Then it doesn’t work. Seriously… what?

Source? I didn’t see it in the most recent VB100/AV-Comparatives* reports.

  • While their utility might be questioned, you at least can’t question their accuracy.

I think PC got the number from AV-test.org.

Well, at least not in the traditional manner.

Is there any description how it works on that rather silly website? Those “cloud” and “real time” buzzwords seem to imply that it’s simply constantly updating its virus definitions.

I get a cold shiver when I see the words “Panda” and “Antivirus” in the same sentence. My folks and my wife had Panda AV Platinum Edition on their machines, and it was a train wreck solved only by its complete and utter uninstallation.

That website is horrible.I cannot find even one freaking screenshot, I watched through that video hoping they would show the actual product…but no.

Sticking to Avast for now (as I did for the last 6 years), but I am willing to give it a chance…later.

The Web site is a joke, but the tech behind PandaCloud is solid.

So, does it just send every file you interact with to the cloud? Or maybe just sends a file’s signature or something?

Yeah, exactly what is the tech behind PandaCloud?

One word… Magnets.

I haven’t found much about the actual tech yet. It has to be more than just signatures/hashes (or at least it better be), since that only catches a portion of malware. This article implies that whole files are uploaded to the cloud for further scanning, though it must be restricting it to executables to avoid uploading your entire system.

My concern would be about the apparent delay in files being submitted to the cloud and finally being analyzed. Does it not let you run the program at all until it’s scanned? Does it go ahead and run it anyway and then just warn you when the alert comes back, by which time Virut’s already overrun your system, stolen your WoW account, and made it nigh-unrecoverable?

This is from the forum:

http://www.cloudantivirus.com/forum/thread.jspa?threadID=51101&tstart=0

A Lightweight Thin-Client that Off-Loads the Hard Work to the Server

The client portion of Panda Cloud Antivirus has been designed from the ground up to protect PCs in a non-intrusive way. Basically we’ve redesigned the traditional on-access interception techniques to work on a slightly different way, adapting to users real needs of reduced performance impact while concentrating on the truly important aspects of protection when it is needed.

Traditionally AV engines have intercepted files and objects in multiple layers (entry vector, file system and execution). In each layer, each object is scanned by multiple technologies, such as antivirus signatures, rules, heuristics, behavioral analysis, etc. This redundancy of scans results in a degradation of user experience as the AV ends up consuming a lot of valuable PC resources and impacting global performance.

Even as a lightweight agent, Panda Cloud Antivirus provides excellent protection as it applies intelligent interceptions and scans of the files in the local PC based on Collective Intelligence and its local cache copy. It does this by implementing different types of on-access scans which are defined as follows:

• On-Access Scan. This is the maximum priority resident scan that is applied only to objects which are truly a security risk in a specific point in time: files which are being executed or used. The file is intercepted, prevented from running and disinfected if found to be malicious.

• Prefetch Scan. There are other elements such as files downloaded from the Internet which, while not being executed at a specific point in time, have a much higher risk and probability of being executed at any time. These files should be watched more closely than files which have barely any activity, as we can expect them to be executed, unpacked, copied or moved shortly. A Prefetch Scan basically launches an asynchronous local & cloud query on the file to scan it “as soon as possible” without impacting performance. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.

• Background Scan. Lastly a normal PC has hundreds of thousands of files in its hard drive. Most of these files are not executing normally and simply just “sit there” until either the use double-clicks on them or they are called upon by another process. These are considered the least dangerous files from a security perspective. Panda Cloud Antivirus will continuously run Background Scans on these in an asynchronous manner while the PC is idle, without impacting performance at all. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.

I’d love to know more about this=> especially the load balancing when gaming.

So they don’t do wasteful multi-level scans… but they scan files when they AREN’T being read or executed? And then again when they ARE?

This sounds like marketing bollocks, and I’ll believe it after it’s tested by several indie sources.

I don’t know why Panda seems so intent on obscuring this thing in a whole lot of marketing mumbo-jumbo, but it’s fairly straightforward. The software is a front-end to interface with a massive database of malware definitions as opposed to forcing you to store those definitions locally. This means you never, ever have to update it yourself.

It doesn’t consume a lot of resources or interfere with the operation of any PC I’ve seen it installed on. You can get a much cleared overview of it in this DownloadSquad Interview.

Even if you don’t want to experiment with it on your gaming or production rig I think it’s a sensible choice for people who aren’t tech savvy. The fact you never need to click an update button or have your PC on at a particular time to grab a scheduled update means it’s definitely going on my mother’s and mother-in-law’s PCs.

The article you link refutes this entire quote! Definitions are stored locally. They must be stored locally because files are scanned locally (only some files are even uploaded “to the cloud”). Offline mode means definitions must exist locally for when you aren’t connected to the net. Since only executable files are uploaded it means they’ll only ever get submissions of malware payloads in executable files, which doesn’t seem that great.

Complaints about how ‘easy’ it is to update definitions are bunk too. Any decent AV product (read: one you pay money for) has done this fine forever.

I hope this product turns out OK. But so far, there’s nothing about it which is any different to the many other free AV scanners. It’s the same thing with a lick of paint and words like “cloud” and “online” bandied about. I’ll stick with my Kaspersky and NOD32 installs for now thankyouverymuch.