In addition to employing several antivirus services in parallel, Cloud AV makes use of information received from multiple users. Whereas ordinary antivirus software simply looks at the files and activity on one machine, Cloud AV can compare the files on thousands of machines. Catching a virus on one system automatically protects any other machine connected to Cloud AV from the same threat.
“We’re able to do something that’s impossible to do when you run antivirus software only on your desktop,” says Jahanian. This network effect also helps keep bandwidth requirements low because once Cloud AV has analyzed one particular spreadsheet, it doesn’t need to scan the entire file again when it arrives on someone else’s computer.
“Sometimes the best ideas are simple ideas,” says Wenke Lee, a professor at the College of Computing at the Georgia Institute of Technology. Lee adds that the research provides a realistic scenario. “A lot of papers are written using synthetic data or small-scale network traffic, but this work is an actual demonstration of the system’s capabilities,” he says.
Although other companies offer server-side antivirus services, these only use one detection system and can only analyze files being sent across the network. Google provides a similar scanning service, called Google Message Security, for companies that use its Web-based applications. “We very much agree that putting these types of solutions in the cloud makes a lot of sense, given the way that they evolve, morph, and mutate,” says Adam Swidler, head of Google applications security.
But it’s still unclear whether a network-based solution like Cloud AV could be deployed very widely. “If you start putting billions of messages through this process, some questions of scalability arise,” says Swidler.
Another issue is privacy, since such a system logs every file that comes in and out of a computer. This is one more question that has yet to be answered. “When you talk about cloud-computer and data security, you’ve got to be sure, based on the terms of service, that the data is going to be provided to the customer [when he or she wants it] and made secure,” says Swidler.