Home > All, Security Issues > Panda: anti-virus, cloud and free

Panda: anti-virus, cloud and free

On 3 June, Luis Corrons, the technical director at PandaLabs, blogged about Panda’s Cloud AntiVirus: a new version means that it is coming out of beta. The traditional route is ‘beta = free’ -> ‘full release = paid for’. But Panda has chosen a different route: Panda Cloud AntiVirus remains free. Instead, Panda has also released Cloud AntiVirus Pro, a paid-for version of the same antivirus, but with ‘VIP support’ and other tweaks to appeal to the commercial user.

All of this begs two questions, one technical and one commercial: does cloud-based anti-virus work; and is giving away your software a viable business model? I turned to Petter Lautin, Panda Security’s UK and Ireland managing director, for answers.

Petter Lautin, MD for UK and Ireland, Panda Security

Does cloud-based anti-virus work?
Panda developed its cloud strategy before Cloud became a buzzword. It was a solution to an IT problem rather than a marketing strategy. “The problem is the sheer size of the malware threat,” explains Petter. “We’re currently receiving 70,000 new malware samples every day; and it’s still growing, rapidly. The question is how can you handle numbers like this? You don’t have to be a skilled hacker to create and use viruses or even build botnets to spread them – I think the Mariposa botnet proves that.” (See A chat with Luis Corrons, technical director at PandaLabs for comments on Mariposa.)

“Back in 2006 we knew we would have to do something different,” he continued. “We created a system called Collective Intelligence, which is basically a server park full of terabytes of memory and hard disk space where we have now, I think, around 40 million classified malware samples — and growing.” But the concept wasn’t just another central sample depository: the idea was to develop an automated way of collecting, analysing and storing the malware. “It’s all automated – 97 to 98 percent of new samples will be dealt with automatically, and the signatures will be created automatically. It’s only the brand new malicious code, the top tiny percent, that our lab technicians will deal with manually – but it means that they can dedicate all of their time to that, and can very quickly come up with a contra attack or signature, and deal with it.” Other companies, that haven’t gone down this route, he points out, sometimes have to employ hundreds or even thousands of technicians, sometimes in low labour-cost countries, to do the same thing. “Then the whole cloud thing happened, and we realised, well, actually that’s what we’re already doing – we just don’t call it that. So we started to build our endpoint solutions, corporate as well as consumer, so that everyone could take advantage of Collective Intelligence through the internet instead of being dependent on having huge local signature files. We moved to the cloud before the cloud became a buzzword.”

OK. so that’s the signature database, and it’s ‘in the cloud’. But how does Cloud Antivirus work, and is it effective?

“Where you have traditional anti-virus,” explained Petter, “you install it on your computer, it will take megabytes of disk space and memory space – and then you have to install the signature definition file which is growing and growing and growing. It’s a huge footprint on both your disk and your RAM. And then, of course you have to update it. It’s all very intrusive. A lot of people still don’t bother, while others do it perhaps once a week when it should be done at least once every day. That’s a typical traditional solution.” Sound familiar?

“But with Cloud AntiVirus,” he continued, “all you have is the tiny memory footprint of a 15Mb signature file to protect you when you’re not online – and that will be constantly updated with the latest information when you are online. You get 15 megabytes of current threats rather than the 500Mb of historical threats with a traditional solution. In use, you don’t need to update it, that happens all the time automatically; and it has a minimal performance hit on your day-to-day computing.” Once Cloud AntiVirus is installed, only a new program or code is checked; firstly locally against the current active threat database and the local heuristics, and then, only if it fails these, is it sent to Collective Intelligence to be dealt with. “Cloud AntiVirus will look at the code locally. It will say, this is unknown – we need to know what it is; and it will send a tiny hash up to the cloud taking 125 kb, the same performance impact you get when you click on a URL. It will be dealt with by Collective Intelligence, which has something like 40 million malware samples sitting in the Cloud. It will come back with an immediate response and you have almost real-time protection. And if you are the lucky one to be the first to be attacked by something brand new, it will be quarantined by CAV on your laptop; it will be dealt with by Collective Intelligence in our Labs; and you’ll get an update within hours with a signature for that new threat. On top of this, all the other users of Collective Intelligence around the world – and we now have 10 million free CAV users – will immediately get the benefit of that new knowledge.”

In short, Cloud AntiVirus reduces the performance overhead on your own computer, eliminates the intrusiveness of continual signature updates, minimizes the zero-day period of zero-day threats, calls on the largest possible malware sample database, uses the herd intelligence of millions of other Panda users – and is free.

Free. What sort of business model is that?
“Two points,” says Petter. “Firstly, a Morgan Stanley survey in America has shown that 46% of consumers rely on free security software, and that’s expected to increase to nearer 60%. I’d be surprised if things in Europe are very different; so that’s a fact of life we can’t ignore. Secondly, believe it or not, there are many people out there who are still not using any anti-virus product at all. For them, this is a perfect way to start because it gives you the basic anti-malware protection that everyone needs to have. From there we can start to talk about what you should have rather than must have: a firewall, ID theft protection and all sorts of things on top of that. Which is what you get with our Internet Security Suite. So we have three reasons for doing it this way:

  • we’re building a brand – the more people we get using our free software, the more people know about us.
  • it’s also about the data collection for Collective Intelligence – we have 1000s of customers who pay for our protection. We want to ensure that they get the best detection rates possible. All the free users connected to Collective Intelligence enormously increase the value of Collective Intelligence. The more users we have, the more samples we get, the better the quality of the service – for all of our users.
  • yes, we also want capitalize commercially via Cloud AntiVirus Pro – but it is easier to convert a free user into a full paying customer than to sell Panda Pro to a brand new customer.

I’ve said it before, but I’ll say it again: I love the straight-talking, no bullshit, this is the way it is you get from Panda.

Cloud AntiVirus (free): download

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s