Safety in numbers: Immunet Protect integrates with Facebook to allow users to see if their friends use the software.
“There is no easy solution to the problem, unfortunately,” says Jon Oberheide, a PhD student at the University of Michigan and the lead author of the paper. “The battle is quite asymmetric, with the scales being tipped heavily in the attacker’s favor. We need to focus our efforts and resources on approaches that will significantly reduce this asymmetry, instead of continuing the endless game of reactive catch-up, which the vendors are obviously losing.”
To process and analyze viruses faster, several companies have moved to a cloud model, where–rather than putting an intelligent analysis engine on every user’s computer–the scanner is a “dumb” program that converts each new file into a list of attributes that are then sent to the software provider’s servers. Those servers analyze the file attributes and determine whether it is malicious.
Other antivirus firms have already started to rebuild their antivirus software incorporating the cloud-computing model. McAfee, Panda and Prevx already provide some level of automated analysis as an online service for users.
Pedro Bustamante, senior research advisor with Panda Security, argues that community data can help antivirus firms prioritize their analysis efforts. Panda sees nearly 50,000 files a day, of which some 37,000 are samples of malicious code.
“I have not seen a product yet that is using community as a factor in detection,” he says. “I think it could be a nice complement to detection technology but not a stand-alone solution.”
However, Immunet’s approach puts the company at the very early stages of a cloud antivirus solution, Bustamante adds. “It takes a long time to develop these technologies in the cloud.”
Friedrichs underscores that Immunet’s service is not complete–it’s still in development. The company is working on adding generic detections and heuristics for flagging large categories of threats, which should make them easier to identify. In addition, the company is currently considering ways of handling potentially harmful files when the user’s computer is not connected to the Internet.