Antivirus "cloud" protection: rapid response times and minimum false positives

30 Sep 2010
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, announces the release of an article titled “Antivirus weather forecast: cloudy” by Yury Mashevsky, a Strategic Technology Expert for the Company. This article is the first in a series devoted to “cloud” technologies in the antivirus industry.

We use the term antivirus “cloud” to refer to the infrastructure that an antivirus company uses in order to process information obtained from the computers of those who use a specific personal product which can identify new, as yet undetectable threats, in addition to performing a number of other tasks. Meanwhile, the user’s archiving and data processing technologies remain hidden. The antivirus program sends a request into the cloud to see if there is any information available about a particular program, activity, link, or resource. If deemed dangerous, all necessary operations will be performed automatically. The rapid response time to new threats and the low level of false positives provided by “cloud” technologies make them indispensable in the antivirus industry.

By gathering and processing data about suspicious activity from each participant in the network, “cloud” protection is, essentially, a powerful expert system designed to analyze cybercriminal activity. The data needed to block the attacks launched against users’ computers are provided to all of the participants in a cloud network, which helps prevent subsequent infection.

“Cloud” technologies make it possible to detect new, as yet undetectable threats, as well as their sources. Unlike normal antivirus updates, algorithms used to detect malicious content are inaccessible to malicious users, rendering them immune from study. The only real drawback that cannot currently be resolved is the dependency of user protection on the existence of a stable connection.

“Сloud” protection has already proven itself to have a number of major advantages: it identifies and blocks new threats at a very high rate, and it doesn’t only block threats — it also blocks the sources spreading them. This helps us envisage a new direction of development in the antivirus industry”, stated Yury Mashevsky. “Furthermore, all of these advantages can be automated using an expert system with a very low false positive rate. “Clouds” are not just a fad — they are an effective user protection technology. As they develop, their importance and role within the antivirus industry will continue to grow.”

In 2008, Kaspersky Lab was the first antivirus developer to launch a new product for home users featuring integrated ‘Cloud Security Technologies’ - Kaspersky Internet Security 2009. “Cloud” security technologies are integrated into Каspersky Internet Security (version 2009 and later) and Kaspersky Pure and operate by referencing the Kaspersky Security Network.

The full version of “Antivirus weather forecast: cloudy” is available at www.securelist.com/en.