Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Most people know better than to connect a computer to the Internet without first installing up-to-date antivirus software. But even the best software protection won’t catch every new virus, and performing a thorough system scan can require plenty of processor power, slowing some computers to a crawl.

New research from the University of Michigan suggests that computers could be better protected from viruses without sacrificing performance if antivirus software were moved from the PC to “the cloud”–a collection of servers that work seamlessly as one powerful machine. Using this approach, researchers found that they could detect 35 percent more recent viruses than a single antivirus program (88 percent compared with 73 percent). Moreover, using the distributed software, called Cloud AV, they caught 98 percent of all malicious software, compared with 83 percent, on average, for a single antivirus solution.

“We were concerned about the fact that the detection coverage of antivirus software from most popular vendors was poor,” says Farnam Jahanian, a professor of computer science and engineering at the University of Michigan. If a single PC could use a combination of antivirus services, Jahanian says, security could be improved, but this would be a huge drain on resources. “We can run multiple programs, in parallel, and by doing that we’re moving the antivirus functionality into the network cloud and addressing the limitations of antivirus services that reside only on the personal computer,” he adds.

Jahanian and his colleague Jon Oberheide started by scanning 10,000 malware samples collected over the past year using several different antivirus programs. Oberheide notes that each program had its own strengths and weaknesses and that malware missed by one program would often be caught by another. So, to make the most of each program, the researchers installed 12 different antivirus programs on servers running the University of Michigan’s College of Engineering network. Volunteers also installed a small piece of software on their computer to detect the arrival of any new file, whether that was an e-mail attachment or a downloaded program.

New files are converted into a unique string of characters, or a “hash,” of less than 100 bytes, which is sent to Cloud AV for analysis. If a file can’t be identified, it is sent in its entirety for full analysis. Other files can be identified as either safe or a threat based on hashes stored in a database maintained by Cloud AV.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, Web, cloud computing, anti-virus software, network security

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me