Immunet’s CEO Oliver Friedrichs agreed to answer some questions about the company, its business and the technology it uses to detect of malicious software.
What is your definition of a cloud antivirus solution?
A pure cloud antivirus solution relies on a detection set that resides on Internet servers, or “in the cloud.” A lightweight desktop agent is used to query this detection set whenever new files are installed on your computer, or when you perform a scan of running applications. Traditional antivirus products store this detection set locally, and in recent years, that database has grown to use anywhere from 50 to 100 megabytes of additional storage space. Immunet Protect is a pure cloud-based product since our detections are stored on the Internet by Immunet and accessed on-demand when required.
What are the advantages of cloud AV?
A cloud AV product is much different than a traditional antivirus product, and it requires re-architecting all components of the AV products. It moves the actual detections into the cloud. The following are what we believe are just some of the benefits:
Malicious software that is packed in different ways to evade antivirus is a major problem right now. We will likely see packed programs that will require millions of signatures to catch. How does cloud AV solve this problem?
Cloud AV can deal with packed, metamorphic, and polymorphic threats through the use of domain-specific generic signatures that will detect families and variants of these threats. The development of such signature formats are the key to the future success of cloud-based antivirus, and Immunet is heavily focused in this area.
Immunet previously has said that it has decided not to use the detections of other antivirus solutions in its inputs when determining if a program is malicious or not. Can you explain that?
Let me clarify a statement that I made previously on what we do when running alongside another antivirus product. Immunet Protect sees when other security products detect or block threats. It’s quite easy to do this without interfering with or tampering with other products in any way. More specifically, we see threats that the user has received in some form arrive on their computer, and get quarantined. This information is sent up to Immunet; much like SANS DShield and Symantec DeepSight work for intrusion events. We track this information for reporting purposes and are still determining whether or not this information can be used directly to generate detections.