Email the Editor    Email a Friend    Print this Page 

Combining multiple vendor offerings in a virus-scan service delivered via cloud computing technology could be very effective in detecting malware, according to research from the University of Michigan.

The new approach – dubbed CloudAV – could also provide solid protection for mobile devices, according to computer engineers from the Ann Arbor-based university.

They presented CloudAV at the USENIX Security Symposium held last week in San Jose, Calif.

A diagram shows how anti-virus in the cloud works.

Researchers found many anti-virus programs were susceptible to an attack.

The approach combines virus-detection engines of up to 12 popular security vendors running in parallel on virtual machines.

A light-weight software agent is deployed on the client machine. Every suspicious file coming on to a user's computer is sent into the cloud to be examined by the detection system.

"Anti-virus software is widely deployed by most organizations," says Farnam Jahanian, professor of computer science and engineering at the university. "What surprised us is in our study even viruses that had been out for a year weren't being detected by traditional anti-virus software."

A six-month test pitted CloudAV against the security engines offered up by 12 popular vendors: Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.

Each program was tested against 7,220 malware samples collected over a year.

CloudAV proved to be 35 per cent more effective at detecting recent threats compared to a single virus scan engine, sporting an 88 per cent detection rate for zero-day viruses. A typical user of virus scan software waits 48 days between the time new malware surfaces on the Web and the time they are protected from it.

"Attackers have a leg up in the arms race as far as malware goes," says John Oberheide, a doctoral student working on the CloudAV project. "But when you combine the capability of all members of the security software community, you can make up for the weaknesses."

The so-called "window of exposure" – or amount of time users are susceptible to new malware threats – is a challenge security vendors are always trying to address, says Shiva Mandalam, director of marketing at McAfee Avert Labs.

"From the time researchers discover malware, to the time [the antidote] is pushed up to the desktop, there is definitely risk of exposure," Mandalam says. McAfee software, he says, attempts to reduce this risk.

share: