By: kurt wismer

kurt wismer — Fri, 28 Nov 2008 07:19:35 +0000

following your points in order:
1) when you’re disconnected your chances of encountering malware in the first place are vastly reduced… even so, (a) and (b) are not the only options… traditional scanning is still possible (no one says cloud-based scanning and client-side scanning have to be mutually exclusive) and there are other preventative technologies you should still be using in addition to scanning…
2) i don’t anticipate network latency being the biggest slowdown… in fact i expect (and maybe i should update my post to include this) that the analysis being done in the cloud will be more involved than what is feasible to do client-side… i don’t know that the client must necessarily block while waiting for a response from the server (at least for on-demand scanning that shouldn’t be necessary) rather than continuing and polling for answers later…
3) under the current operating scenario, analyzing the files submitted is not part of the scanning process – cloud-based scanning implicitly requires it…
4) they may foil statistical analysis, but they can’t change the fact that they’re either giving vendors their samples or they’re not getting the full picture of the detectability of the sample… neither of these options are conducive to malware q/a…
5) there are ways to avoid mitm attacks, and the DoS/DDoS scenario is identical to the scenario where the client is simply not connected….
6) ideally i think consent has to be given in different way than just accepting an EULA… i agree this is not a simple issue… this is probably the biggest problem people will have with it…
7) i’m sure the traditional scanners will remain available and malware authors *could* use them for their malware q/a, but if the cloud-based scanning does more than the client-side scanner can feasibly do then the malware author will NOT be hardening his creations against cloud-based scanning…

Comments on: The disadvantages of cloud based scanning

By: kurt wismer