How CloudAV Works ? [ Video ]

A couple of weeks ago, I wrote on CloudAV – A new approach to Anti virus Softwarest where I mentioned the following lines.

I think CloudAV will be highly effective to fight against all kind of threats including the Zero day threats, but due to the behavioral analysis, CloudAV might be heavy on resources.”

But, I was wrong, behavioral analysis will not affect the performance at all, in fact after reading the paper by Jon Oberheide (one of the researchers of CloudAV, at University of Michigan), and through some emails which I sent to him, I feel like reproducing the above as.

I think CloudAV will be highly effective to fight against all kind of threats including the Zero day threats, but due to the behavioral analysis, CloudAV might be heavy on resources.”

So the correct way of saying would have been and which became the reason to post agaion on cloud AV : –

CloudAV is an anti virus system, which uses the concept of Cloud Computing i.e. a Cloud of 12 anti virus engines (10 traditional anti virus engines and 2 behavioral analysis engines) works in backend to provide a protected and secure environment.

Now talking about the requirement of a new antivirus system, why is it required, 2 major reasons have given birth to this new approach –

  • Low detection rate of already existing antivirus software in the market, and miserable detection rates for recent threats.
  • The increasing complexity of antivirus software has resulted in increased security vulnerabilities.

How is CloudAV different from already established antivirus software?

  • Antivirus as Network service, system will work as a network service, files from your system will be checked on the server, not locally as in case of traditional Antivirus software.
  • N-version Protection, i.e. N number of different antivirus engines will work to provide you an infection free system, imagine, a system, which somehow, is able to get protection from more than one anti virus softwares.

The 3 major components of CloudAV

  • Light Weight Host Agent – Sends the file to the network for analysis.
  • A Network Service – Analyzes the file.
  • An archival and forensics service – stores information about analyzed files and provides a management interface.

A schematic architecture of CloudAV is as shown here.

Working of CloudAV

Working of CloudAV

The only component of CloudAV, which is required to be installed, is the host agent, which is very light weight, so using CloudAV doesn’t require a system with some very heavy resources. Here is small video on it.

Apart from this, every file that has undergone the checking, its UID (Unique Identifier), is saved along with the report for it, in the local cache, to avoid checking the same file again and again. UID is provided by UID generator, which is a part of the host agent, and UID can be understood as a unique code for every file.

Every new file that arrives to your system, let it be via some copy operation, some download, or some installation, falls under the category of suspicious files in the eyes of CloudAV and has to undergo the checking process.

CloudAV is running successfully as an educational project in Department of Computer Science and Electrical Engineering, at University of Michigan, and has been evaluated as a very efficient Antivirus System, with a very enormous increase in detection rates, as compared to other antivirus software.

So let us hope, we soon experience a revolutionary antivirus system, in our workplaces, as it’s a network based service, so, independent users will probably not be able to enjoy the benefits of CloudAV.

I would also like to thanks Jon, for his patience in helping me with the queries.

More details about CloudAV can be seen on here and on Jon’s website.

About Manav Mishra

here to write articles about things which are somehow related to computers, internet (and at times, may be, to blogging as well). He wants to make an Identity for himself, he loves, testing new softwares and services which can really help to improve the productivity of individual.

One comment

  1. I was amused by the fact that you dismissed the “Clouds” capabilities in terms of resource utilization the first time around and am impressed with the subsequent follow-up. Your synopsis is rather accurate and does builds a sound case (on the behalf of Jon Oberheide and team) for this approach to security. Kudos to you my man…….and Kudos to the team at U of M.

    I wish my beloved Comodo Anti-virus was part of the Cloud. Sigh….someday I guess…..

    Jon, you listening?


Leave a Reply