Panda Cloud Antivirus 1.0 Reviewby Steve Ragan - Nov 13 2009, 22:00
Panda Security has officially stripped the beta tag from their cloud protection offering, aptly named Cloud Antivirus. Version 1.0 of Cloud Antivirus offers several things, including a retooling of the interface, better detection, and scores of bug fixes from the previous three beta offerings. The Tech Herald reviewed the first beta, and now that the software is official, we’re testing it again.
Panda Cloud Antivirus, CloudAV for short, is a lightweight and well-rounded layer of defense for any Windows-based system. It is a full featured anti-Malware program, which offloads most of the detection and processing to a grid of systems in the cloud. When compared to the Beta, version 1.0 has several solid improvements.
The one standout feature however, aside from the detection methods, is the interface. Panda has kept the four basic tabs to control the software, ensuring that CloudAV is easy to manage and use. In reality, the stripped GUI is aimed at users who are not all that technically inclined, but who still need the protection. This means there are no layered sub-menus to mess with, and no chance of adding a firewall rule that will kill off Internet connections.
When it comes to detection, Panda has improved on their Nano engine for this newest release, as well as decreased the time it takes the cloud protections to activate. All of this while lowering the bandwidth and system resource consumption.
The unpacking process took about 90 seconds, and the overall installation of the software itself another minute or so. Overall, when compared to the beta, the newest version of CloudAV is slightly faster. However, we expected a fast installation, so there was no surprise here.
The configuration options are the same. Those of you who used Beta 3 of CloudAV and upgraded to 1.0 will be allowed to use your existing Panda account, everyone else needs to create a new one. The account allows various features, and will play a role in future enhancements. For now, what it allows is the ability to join the anonymous data collection program. The program will collect threat information and pass it on to Panda for analysis. After the installation and configuration screen where you either create or login to your Panda account, you’re ready to use the software.
Interface and Usage:
The interface seen below (showing the look of the beta on top and version 1.0 on the bottom), gives you an idea of how the look and feel has changed in the newest CloudAV release. All of the options are still there, and they all work exactly as they did in previous versions, so there will be no need to relearn the software.
If you read the review of the beta version, or you are an existing CloudAV user, then you already know the controls. However, to be brief, the image below is the main interface.
As you can see there are four tabs. The fisrt is a gear, which controls CloudAV's settings. Right now you can manage proxy settings if needed, and opt in or out of automatic management of viral infections and information sharing. In the future, this section may be expanded. To the right of that is the magnifying glass, this is where you can run a Quick Scan. A Quick Scan will search system folders, program files, and other important system areas for infections, and take action if needed. If you want a deeper scan, this is the area where you can pick a drive or folder and scan it fully.
The bar graph symbol is the report area, where you can track detection stats for the last 24-hours, week, month, or since the program was installed. The reporting gives just enough information to explain things, but leaves out information that might cause some confusion. Lastly, you have the status tab. This tab will tell you if CloudAV has discovered any problems, and uses colors to make things standout.
There is also a visual change to the GUI that is pure eye candy. When you click and drag a window, or just click and hold, it will become transparent. While this has no impact on the protection or operation of CloudAV, it’s a neat little warm fuzzy.
Scanning with Cloud AV:
The Malware detection and scanning tests were performed on an Intel Pentium D 3.4GHz CPU (Dual Core) with 1024MBs of RAM. The lab computer runs Windows XP (SP3), Internet Explorer 8, and at the time of testing, had all the current Microsoft patches.
Starting with the scan test, we tested CloudAV against 1.32GB of random files to add bulk for scanning. The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives, for a total amount of 21,806 files. It should be noted that none of these files were malicious. Overall, the lab system was using 7.08GB of hard drive space.
One thing about the scanning in CloudAV is that the first scan is the slowest. While a Quick Scan will hit all the common areas searching for Malware, the selective scan, where you pick a folder or drive for granular scanning, was the slowest scan performed when we scanned all of drive C. Since CloudAV doesn’t offer a scheduler, you will have to launch the deep scans manually.
As mentioned, the first scan is slowest. After that, the scans will get faster as the CloudAV cache builds up. Even the selective scan, which took almost an hour to finish the first time out, shaved fifteen minutes off the total when ran a second time.
Below are the scan results.
Quick Scanning CloudAV
Scan 1: 00:06:14
Scan 2: 00:00:53
Scan 3: 00:00:47
Scan 4: 00:00:51
Scan 5: 00:00:48
Scan Average Time: 00:01:54.6
For comparison here are two manual selective scans.
(Drive C) Scan 1: 00:56:35
(Drive C) Scan 2: 00:41:44
As you can see, the Quick scan is lightning fast, and the selective scan, while much slower, still improves the more it is used. There were 322,840 files scanned on drive C for this test.
Malicious URL detection:
For the Malicious URL testing, we treated CloudAV like any other security software and threw the book at it. We selected ten domains, each confirmed malicious, and judged CloudAV on a block or allow basis. If it stopped the attack, it passed, if not it failed.
hxxp://gerenstar.com/download/ (random string)
This site attempts to install a Rogue anti-Virus called AntiAID. The installation file was blocked by Panda as Sinowal.gen.
Each of these three domains serve drive-by-downloads and were subsequently blocked by Panda. The various Malware offered by these sites were flagged as Trj/CI.A.
These URL’s were all blocked by Panda. What is unique here is that each of them comes from the recent Koobface variant spreading itself via wall posts on Facebook. Two were blocked as Trj/CI.A and one, a Rogue anti-Virus scanner (Internet Antivirus Pro), was called suspicious and blocked as well.
These two domains served up botnet related Malware. Each one was flagged as suspicious by Panda and blocked.
This URL failed the test. When you visit the link, it installs a Rogue anti-Virus named Cyber Security. The Rogue was allowed to download, install, and become fully optional with no warning other than the one from Internet Explorer. As the Rogue was installing, and afterwards running its fake scan and launching warning windows left and right, CloudAV remained silent.
To resolve the issue, we stopped the Rogue anti-Virus’ processes and launched Malwarebytes Anti-Malware to clean up the infection. After cleanup, Malwarebytes Anti-Malware discovered over thirty (30) infection points on the system and removed them all.
For the record, VirusTotal shows only 7 out of 41 security vendors as being able to properly block this Rogue anti-Virus application. [VirusTotal]
Malware detection testing for CloudAV was the same as any other security vendor we’d test. There were 400 samples used for the test, and out of those, CloudAV missed 8 of them. The samples are a mix of Rootkits, Worms, Trojans, malicious PDF and email attachments, Rogue anti-Virus installers, and more.
The list below details the samples missed by CloudAV and are linked to VirusTotal to compare detection rates.
When compared to the beta version, the first official release of CloudAV is almost a completely different product. The cosmetic improvements leave all of the functionality in place, but offer an “easy on the eyes” advantage. Nano, the engine technology that hooks into Panda’s Collective Intelligence, is faster this time around. It was quick enough before, but there is a noticeable improvement in reaction time and scanning.
There was one bug that we came across during testing. The suggested actions link on non-neutralized detections lead to the online help manual. We’re not sure why, but there was no immediate resolution for the issue. However, this was the only semi-negative thing discovered during testing.
For this review, we used the same testing methods that we used for Panda Internet Security 2010. However, there is no Spam protection in CloudAV. To keep things fair, we simply scored and tested what was available. This means there were only 90 points available for this review. With that said, CloudAV scored an 85 out of 90.
CloudAV is clean looking, fast, and free. If you are currently without Malware protection, then this is a solid pick. You can get it here.