Buzz word: “cloud anti-virus” – what is it all about?

“Cloud” is definitely one of the IT sector’s most popular marketing words of recent years. The virtual clouds promise you easy and mobile access to data and services. The anti-virus sector has also come to use this technology. Fast scans and very low resource usage are clear advantages of cloud-based scanners. But, as usual, there are two sides of the coin. 

What is a cloud?

Cloud-computing is, put simply, the distributed delivery of IT infrastructure over a network. This can be basically anything. Storage services in particular are currently in vogue, where a computing center often offers storage over the web. You can use this storage on your PC at home just like a conventional local hard drive even though it is really located hundreds or even thousands of miles away. As you, the user, never know exactly which server your data is on, we speak of a data cloud where everything is stored.

Complete programs and services are also offered via cloud. Just like conventional client/server architecture, spreadsheet software for example is run on an external computer, which is a server. You are provided with an interface on your own PC via the Internet, which allows you to use the software. This is very convenient as it requires no software to be installed, and computationally intensive operations are also outsourced.

Conventional anti-virus solutions have a problem

Conventional virus scanners are still based on signatures. Yet sooner or later they will be stuck between a rock and a hard place as the number of newly discovered malware variants doubles every 12 to 18 months. This then multiplies the number of signatures to be loaded exponentially. Virus scanners detect malware using these signatures, which are essentially digital fingerprints (see our article Signature recognition or behavioral analysis – Which is better?).

This means that scanner-based security software uses more and more storage space every year and affects users who have a bad Internet connection in particular, as they have to load the signatures either directly during installation or during the first online update. Some providers require several hundred megabytes – a nightmare for users who do not yet have a broadband Internet connection. They also use a lot of RAM as the signatures need to be in the RAM for quick scans. High memory usage has a negative effect on the performance of older PCs in particular and makes these programs lose valuable points in comparative tests. Yet a greater memory usage usually also means more signatures and therefore better detection rates in general.

What are the advantages of cloud anti-virus technology?

Security solutions in the virtual cloud solve almost every problem that conventional, locally installed malware mashers have. The user only has to download pure scanner technology, which is only a few megabytes or even kilobytes from most providers. All signatures are located on a centralized scan server and can be updated at any time, without any delay and in any number desired.

In a way, the cloud scanner does the opposite of conventional signature scanners by creating signatures from the files found on the PC and submitting them to the scan server for analysis. If there is a hit, it will alert you of an infection as usual. You cannot see that this whole procedure is handled externally. You only see the result and that the scan is running way faster and using much fewer resources. The cloud scanner also detects deviations from normal system status by combining the data of a vast user community very quickly, which is another advantage. This makes it possible for the system to be viewed as a whole and to detect new unknown malware variants.

So what’s the catch?

It just sounds too good to be true. Faster, better, using fewer resources – if this were all true, there would be no more conventional virus scanners. The devil is in the details for cloud anti-virus software: A regular PC hosts 300,000 to 500,000 files on average. If all these were scanned, uploading the signatures created on the fly to the scan server would take forever.

This is exactly why cloud anti-virus software filters the files to be scanned in the first place according to different rules and parameters. For instance, there are some file types or paths that are generally considered safe. Many cloud anti-virus solutions therefore come with huge whitelists. These are sort of inverse signatures that classify known programs as safe. This massively reduces the number of files to be scanned – even though more data needs to be downloaded to your PC.

This incomplete scan is, however, the Achilles heel of this technology. If not all of the files are properly scanned there are always gaps that malware can use, whether these are as yet unused paths or a file type that has been considered safe until now.

Another problem is that files that the scan cloud has not yet detected at all are, in most cases, entirely submitted to the cloud for further analysis. If you were happy about the small download, you’ll get a nasty surprise when scanning for the first time: countless megabytes are uploaded to the cloud. And many will not even be aware of the fact that private or important company data ends up on third-party servers.

Hybrid technology as the best solution

We believe that combining a cloud service with a conventional anti-virus scanner offers the best of both technologies. This is why many Emsisoft products use cloud features.

First of all, Emsisoft Anti-Malware offers the possibility of participating in the “Emsisoft Anti-Malware Network”. If you enable this option, all decisions regarding alerts from the behavior blocker are directly submitted to our server. This enables other users to see if the majority of the community allows or blocks a program and thus helps you to make a decision. There is also a “trust index” for every program based on statistical calculations. Programs that are definitely safe are put on a whitelist, and there will be no further alerts for this program.

Emsisoft Anti-Malware’s scanner also asks if you would like to submit suspicious patterns in newly discovered files (only program files, no documents). Our analysis team then analyzes the suspicious file thoroughly and creates a new signature if need be. This helps Emsisoft and also all users by reducing the response time in the event of new malware outbreaks and offering the best protection possible.

Our HIPS-based firewall Emsisoft Online Armor also uses the Emsisoft Anti-Malware Network. Saved rules for allowed and blocked programs are submitted to the Emsisoft cloud in order to reduce future alerts. False alerts are avoided in an efficient manner without lowering the security level.

Incidentally, all data on program files stored in the Emsisoft Anti-Malware Network is visible to everyone and even searchable. The Emsisoft cloud is thus not closed, but absolutely transparent and can be accessed through a website as an interface at any time. There are currently more than 12 million known program files (as of November 2012), including geographical distribution of malware occurrence. See for yourself:

Have a Great (Malware-Free) Day!

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback:

  • Pingback: Find Auto Title San Antonio()

  • Pingback: Home()

  • Pingback: Berbera Beach()

  • Pingback:

  • Pingback: win online()

  • Pingback: marine blue condo singapore()

  • Pingback: lakeville forum()

  • Pingback: clermont residence singapore()

  • Pingback: sell my phone()

  • Pingback:

  • Pingback: Free Rom Downloads()

  • Pingback:

  • Pingback:

  • Pingback:

  • Pingback: voir son site()

  • Pingback: Car Title Loans Albuquerque NM()

  • Pingback: car title loans in california()

  • K. Loch

    I’ve been dealing with some unusual security situations as of late with my network and PC. I gotta admit, out of all the articles and blog posts, I enjoy reading Emsisoft’s newsletter the most. But lately all of the security software is falling down on the job for me, especially in regard to firewalls. I’m reading up on network security — learning far more than I ever wanted to know – and I’m not an office manager working for a corporation anymore. I’m self employed trying to manage the security of my home network with a couple of ancient desktops, newer laptops, tablets, phones, Bluetooth – dual band wireless, IPV6 – tunneling… ARGH! The list is endless! It’s taking more and more away from my work and that’s bad. Slowing down means slowing down the income revenue. Something I can ill afford.

    I depend on the cloud not only for business but backups and my software. And I almost lost my backups during a restore thanks to security issues. Now I not only back up to the cloud, but to USB drives and even good old fashioned DVD’s. Better have too many than lose the important stuff. I really like the premise behind Emsisoft’s Online Armor firewall, but have had terrible luck on Windows 8.1. It goes strong for about a day then crashes, locks up and eventually dies a violent death. I’ve spent enough money on failed virus protection that I’m hesitant to jump again – I feel like I’m getting bled dry, if not by the malware then by the antivirus companies and I’m still dealing with security issues.

    My roundabout point here is that there’s got to be a whole lot of reinventing fast! Part of the burden of scanning can be done by the cloud host itself – like Google does when you upload to Gdrive or send email. So storage companies and program providers can do their part to help with the load. But after that we’re resorting to bits and pieces floating in the proverbial nether of the cloud for the user. Too much for an overwhelmed entrepreneur who doesn’t have an IT department to call on.

    The prevailing theory was the bad guys don’t target the little Joe. Not enough cash, they want a big score like the hacks hitting major corporations. But hold on a sec – I think we need to take a hard look at this theory for I strongly believe it’s changing too – especially with Cryptoware/Ransomware. The bad guys can now easily hit a bunch of poorly secured small biz networks and the next thing you know, the data is hostage. I heard some ransoms translated anywhere from $100 – $500 US. Do the math – if they hit a couple hundred small networks – even if only half pay – that’s still a solid payday using scripts that run by themselves and don’t need to be watched. In fact many don’t need anyone to “know” how to hack, the code and how-to’s out there on free hubs for newbs to copy, paste, send – and get paid – or get a good laugh over the trouble they caused. It still means lost time, possibly lost data, lost revenue, and increased expense for both big and small business.

    The cloud is changing not only our computing habits but how we do business. And until the overwhelmed one person entrepreneur puts on the IT hat and actually comes up with a SECURITY PLAN for their own computer and network, they’re going to find themselves in trouble just like I did. It doesn’t matter if your small business consists of 1 employee or 100 or 1000. Time for users to go proactive and get that plan in place. I almost lost everything but got lucky this time – I’m not taking any chances again. Neither should anyone else.
    K. Loch

    • NatBe

      oh yeah there are are a lot of reasons to get a virus and to get hacked, including no reason. And including, using you as an avenue to a bigger fish. I like your posting.

  • Pingback: Beats Monster Mixr()