As you know we've been using Panda Collective Intelligence from-the-cloud-scanning technologies since about two years ago, initially in our online scanners ActiveScan and also in our Panda 2009 consumer products. Thanks to Collective Intelligence we are able to use complete automation (community-driven information, threat analysis, multiple technology checks, malware/goodware determination and signature creation) to protect against the newest and most dangerous variants faster than using the traditional signature approach.
I'm happy to report that we've now integrated the Panda Collective Intelligence cloud-scanning technology into the VirusTotal service. You'll notice it by the 10.x version numbering next to the Panda engine.
To see Panda Collective Intelligence in action let's look at a new malware that started spreading a few hours ago (MD5: a0713a3639c9d4901daf774022f4bfd2). It is an Adware/Antivirus2009 rogue antivirus. Let's run it through VirusTotal and see the results as of 02.12.2009 12:35:51 (CET):
Check the updated VirusTotal scan result here (search for a0713a3639c9d4901daf774022f4bfd2) to see how other engines add detection progressively.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
21 comments
No doubt your from-the-cloud-scanning is aggressive on maleware and other threats. good work you guys have done.
Good news Pedro!! That will be very helpful for getting real detections from the big-cloud not like others with their tiny signature files 🙂
Hola Pedro, buen trabajo!!
Que me dices de la iniciativa de McAfee de disponer de dos análisis en Virus Total, uno sin Artemis y otro con, ¿como lo ves? Pienso que la repercusión puede ser muy buena si pudiéramos hacer algo similar, ¿no te parece?
Saludos,
Marcelo
Yeps… detections DID change:
http://www.virustotal.com/analisis/93725ffadb680f065328aad444768b34
But you failed to make the detection in new scans… FAIL!!!
xD
One very rare example of something catch by the technology of Panda… must computers I “visit” with panda antivirus have many others that it didn’t detected (even with all protections active)… when everyone else seems to know about them… well it’s the good technology… just my 2 cents
Dickcopter, not sure what happened with your scan. It shows ok for me at http://www.virustotal.com/analisis/3ff1ebaa287d468bb44464dba769fd0b
John, of course we don't claim to detect 100% of everything all the time. Nobody can. The best you can do, in addition to following best practices and keeping your OS up-to-date with patches, is make sure all PCs have the latest versions of the anti-malware with the latest sigs and take advantage of the latest protection technologies.
CI is helping us a lot to detect the new variants faster, ceratinly much better than with the traditional method. It is not a silver bullet and will not replace common-sense.
i’m using panda since 2003, 2009 products are the top of them for best proactive defense, heuristics technology,……..etc., but 1 thing i don’t like is send to panda in quarntine of 2009 prodcuts don’t send files file bigger than 2 mb.
Once CI detected, how long it takes to make it available to daily updates, just in case, if internet is down?
In the case of Panda products which use CI it depends on the prevalence of the file. This is where the community-watch aspect of CI kicks in. If it’s an old sample or something that’s not out there infecting users in-the-wild, it might not make it to the local signature as it’s not really needed in the local signature. Bigger local signatures are bloated with “dead malware” and this only takes up valuable PC resources.
Thanks Pedro.
I also notice, at times Virustotal did not detect the new sample but yet another sites virscan.org, detects it as suspicious. I reckon this is due to Panda 9.051 at Virustotal did not use hueristic whereas virscan has turn on Panda hueristic. How about now with the new Panda 10.x?
Panda is the best Antivirus solution, without doubt. But in next version, i hope the boot op time will minimize while using Panda.
my wife install pcpandora 5.0 on my computer . she want to watch for me .can panda remove it ? help me
in 2010 version hope to see a totally new interface and query to CIS for real time protection just like F-Secure has done in his 2009 versions.
when some of the client update to the virustotal, it show panda detected, as retail got the collective intelligence. But the cooperate did not detect the virus, this will confuse the customer
panda internet security 2009 is number one .my computer use Pentium D, 2.80GHz, 512 RAM, 80GB sam sung SATA II .panda internet security 2009 run faster .but it remove pcpandora :http://www.*******.com/trial_download.php .other people install it on my computer
It’s not just the boot load that panda solutions need to make less heavy, is also the overall experience! Most people that use computer for work, students and gamers don’t like Panda solutions because they are very heavy and make everything go slower that what would be an acceptable level… even if you have an Intel Dual core processor (or newer).
Panda solutions need to be “fine tune” and “code optimized, or code remake” to make it run (and let the rest) run much (much, much!) more fast. Not meaning less protection… but less impact in computer resources.
hey, even Symantec (the must famous for the high impact in computer performance…) understand this and in this new version is much more fast on load and use (I don’t think is actual so good on detection as they say, or the reviews say… but that’s another story).
Budee, the current version already checks against CI in real-time while downloading files or email from the Internet and during an on-demand scan.
Yehee, you're right about this as in the past it's taken too many resources. We've improved this a lot with the current 2009 versions and will improve much much more with the versions we'll release this year, specially on memory usage.
Lets go to: http://www.virustotal.com/buscaHash.html and this time insert: c92246b79c5378afe8c80af9f78f9130abf1c338 or maybe this: 95ddd67400ba77611ced255c55fa4965fc0c1629
grate result, right? I don’t think it too.
Pedro, what about on access detecion to CIS, becuase most of time for a file i do on demand scan and panda detects the virus , but running the same file shows unknown virus detected or suspicous file neuterlized warrning.
since panda 2005 1 thing is not improved in PIS, is cleanning a file inside archives, doing the on deman scan results notified not renamed, delted or quarntine.
Panda detects Windows Vista Setup a Virus.. LOL
Interesting John. Is that a file from the original Vista CD or downloaded from somewhere? Please share an MD5 or send me the file in question to pedro.bustamante@pandasecurity.com.