US researchers develop cloud computing virus protection
Most PC owners nowadays know that it is not a good idea to connect a Windows computer to the Internet before you have installed current anti-virus software. But not even the best anti-virus program can catch every virus, and complete scans of an entire system take a lot of processor power and can bring already-sluggish computers to a halt.
Now, researchers at the University of Michigan say they have found a better way of protecting computers from contaminants. They have moved protection software from your local PC into the "data cloud" of the Internet, where the power of numerous servers can be clustered. This approach allows far more viruses to be detected than with stand-alone protection programs. In addition, overall performance was improved. Called Cloud AV, on average, the distributed software developed by the researchers trapped a total of 98 per cent of all the contaminants sent through the test, whereas desktop software only caught 83 per cent.
"We were worried because the detection rates of most popular anti-virus software frankly cover too small a range", explains Farnam Jahanian, computer science professor at the University of Michigan. His idea was simple: if you could use anti-virus programs from different providers at the same time on a single PC, you would have greater security. The problem was that few PCs are powerful enough to do that. "But if we put the anti-virus function into the network, we can have multiple programs running at the same time."
Jahanian and his colleague Jon Oberheide scanned 10,000 data contaminant samples that they had collected over the course of a year. They used various anti-virus programs. Each one has its strengths and weaknesses. If one anti-virus program did not detect a specific contaminant, it often caught another missed by others. To get the most out of all of these security products, the researchers installed 12 different anti-virus programs on the servers in the network of the engineering department at the University of Michigan. Volunteers then installed a small piece of software on their desktop computers to monitor new incoming data, whether as an e-mail attachment or a download. These files were converted into a hash value with an unambiguous ID for the file. This element was then sent to Cloud AV for analysis. If the file could not be identified based on the ID, it was treated as a security concern and completely uploaded so it could be scanned. Hash values for identified files were stored so that Cloud AV did not scan the same file twice.