Tales from cloud nine
Mihai Chiriac BitDefender
download slides (PDF)
At last year's VB conference we promised to answer a set of questions concerning the performance of cloud-based anti-virus
software. The feedback was overwhelming, both from fellow researchers and large corporations, particularly ISPs. No wonder,
since the number of viruses grows at an exponential rate. Being able to provide instant protection, enhanced detection
rates at (possibly) less bandwidth cost proved to be a winning combination.
In the first part of the presentation we will describe, in detail, our cloud-based anti-virus engine, including a set of
statistics, optimization opportunities that were revealed only after performing a few hundred thousand scans, comparisons
with current technologies, etc. We will talk about the benefits and drawbacks of keeping at least part of the virus
signature database and scanning logic on our servers and, more interestingly, about the instances when cloud-based
scanning is clearly more efficient than traditional approaches.
The second part of the presentation will cover a new client-server technology, called 'IMD' (Intelligent Malware Detection).
The client side of IMD runs on the client and is responsible of gathering 'IMD Flags', while the server side is responsible
for collecting the flags, applying rules and ultimately deciding whether a file is suspicious or not. We will also
describe some cases when the server has enough information to automatically blacklist files, thus reaching the holy grail:
instant detection.
VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.
Early bird discount available until 15th June 2010.