Review: Panda Cloud Antivirus

NOTE: The Tech Herald has posted a review of Cloud Antivirus 1.0. If you would like to read it, head here.


Panda has released a free anti-Virus offering that resides mostly off the host system and in the cloud. Using 'Collective Intelligence', along with distributed computing and a global and community-based platform, Panda has said this new offering is entirely different from what it's created in the past. So, has it succeeded?

Starting off, installing the new Panda protection was just as fast as expected. It took no time at all, just under four minutes in the lab in order to install and start using the software.



If you read the previous article on Panda’s Cloud Antivirus, then you know the first thing you see is a seriously stripped down interface. This is a good thing, as there is no way an average user can get lost using this particular program.

As you can see from the images below, only four screens make up the entire program.

The first screen is what you see when launching the software from the taskbar, by clicking on the familiar Panda logo. If you see the big green checkmark, all is good on the system. It really is that simple in terms of a heads-up display. During testing, the only time this changed was whenever Malware was executed.



The second screenshot shows the 'Settings' tab. Here users can select the option to allow Panda Cloud Antivirus to send anonymous information to the Collective Intelligence (CI) cloud, enabling new strands of Malware to be processed and scanned.

What this means is that, by allowing this by default, users can help others by letting Panda take samples and process them should the program come across any 'new' types of Malware. This is how CI works, as explained in the previous article -- It turns the community into a Malware processing and detection lab. If one person is infected, CI will clean the infection while at the same time protecting other users from the threat.

CI is also how Panda’s Cloud Antivirus lowers system resource usage. This is because all the protections reside within a distributed network of datacenters (or 'the cloud' if you will), which, in turn, absolves the need for the user's computer to crunch data and page through an endless amount of signatures to process potential Malware.



The third screenshot represents the scanning selection. Here users can perform on-demand scanning of their entire system, or individual folders and files. The simple interface does what it says, and only that, so the drawback here is that there is no scheduled scanning.

However, while using the system, the CI actively monitors processes and new applications. So, if something is viewed as a threat, Cloud Antivirus will take action to remove it. If the removal was in error, users can always reverse the action by using the Recycle Bin find inside Cloud Antivirus.



To access the Recycle Bin, on the lower right of the interface, simply click the blue arrow, as shown below. This arrow is visible from any tab, so there is always access to it.


From there, simply select the application flagged in error and allow it.



The final tab is the 'Reporting' tab. If users want an overview of all the threats detected by Cloud Antivirus, as well as the distribution of types of threats detected, they can find that information here.

Again, the interface is clean. Users can only access what's needed and, while there are no automatic settings for scanning, the usage of CI covers monitoring in real-time.

The only downside is that, if Panda flags a program as malicious or potentially harmful, users can whitelist it and allow it to run from the Recycle Bin. This means a novice could allow something malicious after the fact, so caution should be exercised whenever using this feature.

Testing Panda’s Cloud Antivirus was down and dirty. The system used was an Intel Pentium D 3.4GHz CPU (Dual Core) with 1024MBs of RAM. The lab test computer was running Windows XP (SP3), Internet Explorer 7, and was updated with all current Microsoft patches.

Based on the testing used when Panda Internet Security 2009 was reviewed, we modified the lab environment to test only the features claimed by Panda for this new release.

There were 39 new Malware samples tested, this is because the samples tested in the first review would have been classified and recorded by Panda over time. So the idea was to test the new product with real samples, collected live from known malicious domains.


The first test, on the domain above, was to install five samples of Malware, thanks in part to the loader that's served up by this site. Please note that, as of the time this review was written, the Malware served remains live. Visiting the above domain will infect your system.

The image below shows that Panda did detect the new Malware and duly blocked it. The top image is the desktop alert, and the bottom image shows the reporting section. The top image appeared rather quickly, the second the Malware was executed. Shortly after, three more alerts appeared. The other alerts notified us of the detection of a single instance of a virus.



At the time the images were taken, CI had not updated with the actual title of the Malware. This could be a bug, as the system was online at the time of testing. However, what happens is that CI will use the Internet to test the blocked Malware and then provide a name and link to more information in the reporting section.

The launcher, which downloads and serves the samples of Malware, has a detection listing of three out of 40 on Virus Total [VT Report 04.29.2009 16:10 CET]. It is important to note that Panda is not one of the vendors listed as detecting the launcher as malicious.

In this test, Cloud Antivirus did not stop the loader from executing. This is important to note, as the promise from Panda to users applying Cloud Antivirus is quick detection and removal. So when the loader was executed, Panda lived up to its promise by blocking the payloads from infecting the system.


The second test of a known malicious URL leads to the Koobface family of Malware. This loader is in the form of a fake YouTube page that asks users to install an update to their Flash Player. Note again, this is a live URL and should not be visited as it will infect your system.





The interesting thing about this test is that the downloaded Malware has a detection listing of 13 out of 40 on Virus Total [VT Report 04.29.2009 16:29 CET], and once again Panda isn’t one of the vendors listed as having detection. When executed, Panda did not instantly warn of infection, as in the previous test. However, once a scan was launched after infection was confirmed, it detected and removed the Malware. A restart was required to complete the process.

So did Panda fail this second test? In a way, but considering that users should always scan their systems, the fact that it did detect Malware during the scan means the program did what it was supposed to. Yet, at the same time, unlike the previous test, the system was infected by the sample. With that said, once the Malware started working, prior to the reboot, it did flag one of the payload files (796525.dll) as malicious.

After the system was rebooted, the same site and Malware was launched again. This was done to test the Collective Intelligence. After all, the system was infected before the reboot, and Panda reported the infection after the scan. If CI worked, then the second infection should fail. It did.

This time, the two loader files (796525.dll and new_drv.sys) used to further infect the system were detected and removed before they could act. It should also be noted that, as seen with the first test, the initial loader, the one downloaded as a codec that delivers the payload, was not flagged as malicious.

KeyGen testing was another aspect in the lab trials of Cloud Antivirus. Like the test performed in the lab on other products, Panda’s Cloud Antivirus was tested to see if it would detect an archive of malicious KeyGens. The archive itself is full of Malware and, aside from the malicious KeyGens themselves, the extraction process will drop a Trojan into the system. As seen in the KeyGen test on Panda Internet Security, the dropped Trojan was detected and the extraction process halted.

When it came to a password-protected archive, containing 39 unique samples of Malware, Panda's offering did not detect the samples and did not flag the archive as password protected or potentially harmful. There are also no settings in the Cloud Antivirus application to help adjust and trigger these types of alerts.

Once the samples were extracted, Panda flagged 38 of the 39 samples as malicious, deleting all but one of them. The sample left behind was 'Sality.K', a known malicious application. However, Panda did at least flag this item as suspicious [VT Report 4.29.2009 17:27 CET]. The sample itself was fully operational and, once executed, infected the system. A scan was run after confirmed infection, and Panda located and disabled the Malware.

To make things interesting, another 50 samples were tested. While the test was successful, Panda had to be halted to get a solid result. This is because once the samples were extracted and placed on the system, Panda simply started deleting them. This behavior was unexpected, as it did not do this when the original 39 samples were extracted.

After the second round of extractions, with zero files in the sample folder, Panda was then disabled so all 50 samples could be placed on the system. Once a scan was launched, they were all flagged and removed. The samples left on the system failed to execute.

All of the 50 samples were basic variants of the 'Zlob' family of Malware and other known and established malicious files. These were tested to measure how quickly Panda would react to not just a known threat, but also one that has existed for some time.

The scanning baseline for Cloud Antivirus was about 20 minutes for a full system check. This is faster than the results listed on the review of Panda Internet Security, but not as fast as we expected. On the lab computer, 5.80GBs of space was used on the disk. Of that space, 561MBs was used in a folder named 'content'.

The content folder consisted of simple files to add bulk and give Cloud Antivirus something to scan. The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,816 files. It should be noted that none of these files were malicious.

So, overall, the product performed as promised. While not based totally on the previous testing methods for the purpose of scoring, the Cloud Antivirus testing did use some of the criteria.

For that reason, Panda detected 88 out of 89 live samples tested. The sample left behind in the first set of testing, while flagged as suspicious, counts as a miss because it infected the system. In the live URL testing, Panda also worked as expected, despite allowing one URL to infect the system and failing to detect the actual loaders as Malware.

Bearing that in mind, Panda earned a score of 98.87 percent in Malware sample detection (89 samples valued at 1.13 points each, rounded up). With regard to the malicious URL testing, there were seven malicious files served up by the Web sites. Considering that on the second URL test Panda missed the Malware until a scan was launched, and it did infect the system, two samples were counted as a miss. For this test, Panda earned a total score of 71.4 percent (Seven samples worth 14.30 points each, rounded up).

The final score equals an average of 85 percent. Based on the scores alone, Panda’s Cloud Antivirus certainly lives up to its claims and, for free software, provides a strong layer of protection to any host system. The detection was fast, and the ease of use and operational controls were simple to use; we can honestly say that anyone can control the software with ease. Just remember, this is still only a single layer of security and will not provide complete protection from Spam or other Web-related threats, only active Malware on the system.

We'd also like to stress that this test was harsh on Panda for a reason, not that we are cruel when in the lab, but what hurt the average score were the two missed samples from the second URL test.

If we were to count them as successful, as they were flagged as harmful by Collective Intelligence after infecting the system during a scan, or count the second test where the same samples were blocked once they were known, then the score would change to an average of 99.44 percent. If we counted the second URL test as a wash, and simply docked Panda for one missed sample, the score would change again to 92.29 percent.

While we stand behind our first score of 85 percent, it's easy to see how the score can be changed depending on how our testing methods are viewed. The point for this disclosure is that Panda’s Cloud Antivirus delivers excellent protection and, for a free product, it certainly deserves user attention.

Panda Cloud Antivirus can be downloaded by clicking here.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!