New Cloud-Based Antivirus Strategy Unveiled

John Lister's picture

A new security firm says it has come up with a way to stop malicious software before it reaches a user's computer. The "Isolation Platform" will initially be offered to business users, but remains to be seen how practical the solution is.

According to makers Menlo, the main problem with most security tools are that they are based around the idea of examining programming code on a user's computer, and trying to determine if the code is malicious. Only if everything appears to be OK is a program allowed to run on the computer.

Menlo says that's flawed because malware creators are often one step ahead of security firms, meaning security software may not recognize the latest strain of malware, and are therefore unable to determine of a program is in fact malicious in nature. Though security software can also vet code using heuristics -- in effect, applying rules of thumb to find suspicious content -- that doesn't always work, either.

Technique Likened To a "Bullet-Proof" Window

Isolation Platform takes a very different approach. It acts as an intermediary between the user and the website or other online file they are viewing. When a user visits the site, it's actually opened on a "virtual container" on a computer operated by Menlo.

The Menlo system then checks that once it has executed the relevant code, it doesn't create any unwanted effects due to malware. Only after passing this check does it then send a safe copy of the page or file to run on the user's computer. A press release for the software described the approach as "kind of like viewing and interacting with the Internet through a bullet proof window." (Source: pehub.com)

Unlike some previous attempts to use this strategy, Isolation Platform creates a new "container" every time the user clicks on a link to visit a new page or open a new file. The previous container is then wiped out, something designed to ease security files.

No Special Software Needed

Another advertised benefit of the system is that it doesn't require the user to install any special software or modify their browser. It should run on any browser running on any device with any operating system. (Source: techcrunch.com)

The big question is whether the process will slow down web surfing because of the extra time to open the code on Menlo's servers, check it and then relay it to the user. While that inevitably adds a tiny amount of time to every web page visit, Menlo appears confident it won't cause a noticeable delay.

There's also the privacy issue. While Menlo says it "wipes out" files after use, users will need to feel confident that the company won't keep a record of what sites they have visited.

What's Your Opinion?

What do you think about this approach to dealing with security threats? Is it something you'd try out if and when it becomes available for consumer use? Would the security benefits outweigh any concerns about routing your data through another third party?

Rate this article: 
Average: 4 (4 votes)

Comments

Dennis Faas's picture

A major benefit is that processing is done offsite and is operating system independent.

The idea sounds interesting, but appears to operate similarly to free antivirus / antimalware already available for PCs - except from the cloud. In that case, I don't see it being much different.

On the other hand, you could easily achieve a higher level of protection by simply running a virtual machine locally (but only if you're using a PC with decent hardware specs).

dave.bailey_4729's picture

It seems to me that any infectious software could employ a wait period before deploying its payload - thus defeating the approach outlined in the article. Am I misunderstanding the way this would work?

stephen3588's picture

Doesn't Comodo (or whatever they've changed their name to) already do this? I've been running all my pc's thru their free DNS address since last year. Once in a while when surfing I get a Comodo page popping up warning me to continue to the chosen site at my own risk. That sounds like the same thing Menlo is going to do.

stooobeee's picture

At this point, no indication is given whether what is checked through their servers remains private. Why not just use a "sandbox" on the local machine and not take the chance?

ethan4972's picture

Agreeing with dave.bailey_4729 on this one. It would be very simple for a virus just to have a wait time, therefore defeating the point.