Immunet, a startup launched by two former Symantec executives, recently announced the public Beta of Immunet Protect, a free application that takes Malware detection and removal into the cloud, with a strong reliance on community-based detection.
Immunet “takes a new approach” to a “decades old” problem, the company announcement says. That problem is the reliance on signature-based Malware detection that often comes too late to protect against new Malware, or Heuristics scanning that can flag legit software as malicious. Adding to this is the nature of the anti-Virus industry, where vendors see little need to cooperate.
“People are still getting viruses at alarming rates and traditional Anti-Virus software catches less than 50% of today’s new threats,” said Oliver Friedrichs, Immunet Founder, and CEO.
“We need to take a new approach to this problem. Immunet’s Collective Immunity is the first to combine Community-based protection, Cloud Computing and Collective Intelligence to protect you better.”
Before we dig into that statement, let’s look at what Immunet Protect does. Immunet Protect is a program that uses a grid of connected systems to detect and remove malicious threats. This is where the cloud reference comes in from. As Immunet’s community grows, so – in theory – will the level of protection.
“Your computer is always connected to the Immunet Cloud, providing you with real-time AntiVirus protection with a detection set that is always up to date. No more delays, no more updates, and no more bloat. This is the power of cloud computing,” the company explains.
According to details on the product, it will take the “collective” wisdom of currently installed security software, as well as knowledge on applications installed across the Immunet community. In short, a whitelist of known good applications, which is something seen in late 2008, when Symantec launched Norton Insight and Norton Community.
At the time Symantec said that Norton Insight uses data from millions of Norton Community members, and “allows the Norton security products to avoid scanning any files that are commonly found on most computers and statistically determined to be trusted.”
If a threat is detected in the Immunet community, the signatures that reside in the cloud will detect it and remove it.
If the threat is a new one, then “Immunet Protect collects security judgments on what is, and what is not safe from its community. These aggregated judgments are coalesced in the cloud, and, if they are sound, made available to the rest of the Immunet Community immediately.”
Friedrichs has said, most recently in an interview with Symantec owned Security Focus, that cloud anti-Virus isn’t new. Admitting that McAfee, Panda, and Prevx each have cloud offerings or have pitched cloud services.
"We are approaching this from a different perspective," he said to Security Focus. "Cloud is the technology that the product is built on from the start. We are not patching this on to an existing product, this is the fundamental model for Immunet Protect."
A good statement and one that is sure to defend what they are doing compared to the others in the anti-Virus industry. However, while the point is valid, as many vendors have slapped the cloud brand on an existing product just to keep buzz-word worthy traction, the notion of community based threat detection, or “Collective” protection, is nothing new.
Take for example SPAMfighter. SPAMfighter is a community based spam protection that harnesses, in Friedrichs’ own words, “community-based protection” to block spam based on how community members flag email. Cloudmark’s anti-Spam application, Cloudmark Desktop, does the exact same thing, only slightly better.
As mentioned, Norton Insight uses a community-based strategy for protection, which allows the Norton scanning engine to focus not on known files, but the ones that are potentially malicious. If an application within Norton’s Community is marked as legit, or after time is simply harmless, it is marked as trusted. This speeds up Norton’s scanning, while at the same time uses a collective layer of protection for other Norton Community members. If an application is detected as malicious by one Norton Community member, they are all protected from it.
McAfee uses cloud-based coverage in their Total Protection line of business applications, and with new releases, is likely to layer this into consumer product offerings. The technology from McAfee that drives this layer of community-based coverage is Artemis. Artemis is “always on” and allows McAfee customers the ability to “leverage the community's threat intelligence,” the company says.
Lastly, we have Panda. Panda Security has used Collective Intelligence in one form or another since the company was founded in 1990. Panda’s Collective Intelligence, which has advanced considerably over the years as grid computing took off, does exactly, almost word for word, what Immunet pitches.
It was surprising to see Panda’s marketing on Immunet’s press release. While Panda’s marketing did not appear word for word, when you see enough press releases from a company, certain phrases stand out. So when this reporter read the overview of the Immunet product, there was an instant feeling of déjà vu. Immunet even has a subsection labeled Collective Intelligence on their product overview page.
Not to mention, Immunet’s release comes months after Panda’s Cloud AntiVirus. If you look at the marketing between the two products, they are the same. They both use cloud-based protections, both pitch “Collective Intelligence”, even if Immunet calls it something else, and both offer bloat-free, always active defenses.
When Friedrichs said, “we need to take a new approach to this problem,” he referred to the anti-Virus industry and the problems they face with full protection and Malware coverage. He was correct. Something needs to be done.
However, when he added, “Immunet’s Collective Immunity is the first to combine Community-based protection, Cloud Computing and Collective Intelligence to protect you better,” he was wrong.
Immunet is not the first to offer collective anything, nor will it be the last.
Immunet works on Windows installations, and is recommended as a added layer of protection for systems with Norton 2008-2010, AVG 8.5, or McAfee 2009 installed. They have not tested Immunet with other anti-Virus software.
You can register and download it here.
[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]