Cloud antivirus differs from traditional antivirus in that a small local client is installed on the end user’s machine, instead of an entire software suite. Whereas traditional antivirus software depends on the machine’s resources, drawing from the CPU power to perform its scanning and interpretation functions, a cloud antivirus confers with the cloud server.
As an antivirus software is scanning, it’s also comparing the results of the scan against its database of known viruses, and performing a heuristic analysis. That is why an antivirus scan will typically update you on the threat’s found while it’s still scanning, in real-time. It’s scanning and consulting the database at the same time. Usually, each antivirus can also do a quick scan. TotalAV is great for this which makes it a good solution, here’s a great review of its features.
With cloud antivirus, the end user’s client scans the machine, while uploading the results to the cloud server for analysis. The cloud server then communicates back with its findings. This removes some of the impacts on the machine’s resources – basically, it utilizes less computing power to communicate with the cloud server than it does to consult a threat database locally.
The benefit of cloud antivirus is that it pools analysis results from millions of computers that upload reports to the cloud server. Basically, if someone’s computer in Hong Kong is scanned by the cloud antivirus, which finds an original and unheard of a virus, everyone else around the world is now protected instantly.
This has the added benefit that you don’t typically need to update cloud antivirus software. There might be client-side updates for GUI changes, but as far as virus definitions and critical services, it’s all on the cloud.
The drawback of cloud antivirus is that it completely relies on internet connectivity. Without an internet connection, the end-user can be left vulnerable to infection – though that point is a bit arguable, because typically, a lot of malware relies on internet connectivity to do its dirty work (sending data packets to the controller, downloading executable scripts, etc.)
Who should use cloud antivirus?
Well for starters, people who have a stable, dependable connection to the internet. That much should be obvious. That isn’t much of a problem though unless you live in some remote corner of the world.
Cloud Antivirus is a great solution for enterprise-level customers, for two reasons. First off, large companies typically have exclusive internet packages – a lot of internet providers offer enterprise-level internet. Second, because large companies are the most targeted victims of malware, they can contribute immensely to the cloud database. Think of it like “trickle down” antivirus economics.
The average user also benefits from cloud antivirus. It’s a lot simpler to use than traditional antivirus software. With traditional antivirus software, you need to install the client, routinely allow it to update, configure settings and whitelists, there’s a lot of overall effort for the end-user that goes into maintaining antivirus software. Unless you just set it and forget it, which can be good or bad (depending on your level of computer expertise).
With cloud antivirus technology, you’re putting your full trust into the cloud – which can also be good or bad, but it’s mostly good. Whereas traditional antivirus companies try to focus on more traditional virus types, cloud antivirus companies are trying to be more “all-in-one” solutions. Because the threat database is updated by the ‘millions’ of users (this can actually depend on how many customers are using the antivirus software), cloud antivirus can theoretically detect a broader amount of threats, rather than what an individual companies’ security team implements.
Do traditional antivirus companies use a cloud?
Many of them do, in fact. So you might be confused into believing that cloud antivirus is a superior technology to traditional antivirus when actually, many traditional antivirus companies have implemented cloud technology into their software.
When you install antivirus software, and it asks “Would you like to upload scan results to our database?”, that’s a form of cloud technology. So don’t be confused into believing that cloud-based antivirus software is vastly different than traditional antivirus, it really boils down to the individual company’s approach.
The main difference being that cloud-based antivirus typically relies entirely on the cloud, whereas traditional AV may use it supplementally.