Possibly your best defense against malware: A cloud service

Posted by Wolfgang Gruener

Ann Arbor (MI) – How often have you heard the word “cloud” this week? We tend to believe that you should hear this word at least once a day, if you consider yourself an informed computer user. Following cloud computing devices, legal questions, various cloud computing projects of industry giants, we are also hearing more and more about possible services – services that may offer value and convince users to subscribe to cloud services. One of most convincing services we have seen so far is CloudAV, a project developed at the University of Michigan.

Farnam Jahanian, professor of computer science and engineering in the Department of Electrical Engineering and Computer Science, believes that cloud computing could make antivirus software much more efficient than your average antivirus software subscription is today.

Jahanian’s approach still uses conventional commercial antivirus software to check files for threats. However, the technology moves the actual antivirus software off a user’s computer into a network cloud. This allowed Jahanian’s group to run multiple antivirus software applications in parallel, each in a dedicated virtual machine. The 12 evaluated antivirus programs included Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.

 

Common sense suggests that two malware detection engines work better than just one and ten will be better than just two. But how much better? If the results published by Jahanian’s group hold up in the real world, then the improvement should be enough to make you switch to such a service once it becomes available (provided the price is right.)

According to the research group, the detection rates of any of evaluated antivirus packages ranged between 40% and 78.5% (average: 59.6%) after one week of discovery and between 62.7% and 89.2% (average 73.9%) after 3 months. Adding a second engine increased the average detection rate after one week to 77.6% and to 87.7% after 3 months. Five engines resulted in 90.5% (1 week) and 94.8% (3 months) and ten engines achieved 94.4% (1 week) and 96.7% (3 months).

The research results suggest that malware detection run in parallel are especially effective right after a new malware is expected. Every added engine can dramatically improve the detection rate. After three months, that effect levels off. Already three engines achieve a rate of 92%, which is better than the best engine out there today, according to the research group. The research results suggest that the advantages of more than five detection engines are rather marginal for viruses that have been in the wild for at least 3 months – and the cost may not scale favorably with the practical benefit.

We have to say that we are truly impressed with the results of this relatively simple idea (why didn’t we think of this?) and there may be a very interesting service in the works that will appeal especially to larger corporations. It would be interesting for the home user as well, but at this time we doubt that the capabilities of five or ten antivirus engines could be offered for a reasonable price.

But think about it: No more hassle updating your antivirus software and improved malware detection rates. Nice.