By IANS,
New York : A new “cloud computing” approach to malicious software detection, developed by the University of Michigan, is likely to replace ageing antivirus software on personal computers.
Cloud computing refers to seamless applications and services on the Internet.
Traditional antivirus software, installed on millions of personal computers worldwide, has been found to be increasingly ineffective, according to researchers.
They observed malware – malicious software – detection rates as low as 35 percent against the most recent threats and an average window of vulnerability exceeding 48 days.
That means new threats went undetected for an average of seven weeks. The computer scientists also found severe vulnerabilities in the antivirus engines themselves.
The researchers’ new approach, called CloudAV, moves antivirus functionality into the “network cloud” and off personal computers. CloudAV analyses suspicious files using multiple antivirus and behavioural detection programmes simultaneously.
“CloudAV virtualises and parallelises detection functionality with multiple antivirus engines, significantly increasing overall protection,” said Farnam Jahanian, professor of computer science and engineering at the Michigan University department of computer science.
Researchers see promising opportunities in applying CloudAV to cell phones and other mobile devices that aren’t robust enough to carry powerful antivirus software.
The CloudAV system uses 12 different detectors that act together to tell the inquiring computer whether the item is safe to open.
Researchers evaluated a dozen traditional antivirus software programmes against 7,220 malware samples, including viruses, collected over a year. The vendors tested were Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.
Traditional antivirus software that resides on a personal computer checks documents and programmes as they are accessed. Because of performance constraints and programme incompatibilities, only one antivirus detector is typically used at a time.
CloudAV, however, can support a large number of malicious software detectors that act in parallel to analyse a single incoming file. Each detector operates in its own virtual machine, so the technical incompatibilities and security issues are resolved, Oberheide said.
CloudAV is accessible to any computer or mobile device on the network that runs a simple software agent. Each time a computer or device receives a new document or programme, that item is automatically detected and sent to the antivirus cloud for analysis.
CloudAV also caches analysis results, speeding up the process compared with traditional antivirus software. This could be useful for workplaces, for example, where multiple employees might access the same document.
The new approach also includes what the developers call “retrospective detection”, which scans its file access history when a new threat is identified. This allows it to catch previously-missed infections earlier.
Jahanian, along with doctoral candidate Jon Oberheide and postdoctoral fellow Evan Cooke, presented their findings recently at the USENIX Security Symposium.