I still remember the very first meeting we started talking about the cloud three years ago. It was 2006, a sunny day, and a few of us were meeting in a room on the 7th floor of our old building. Mikel Urizarbarrena, our founder, started talking about the evolution of the Internet, and how we could take advantage of it to improve our customer's protection level. Many buzzwords like Web 2.0 started floating around, and I was reminded of the first time we talked about TruPrevent, back in 2002… so it was going to be something big ๐
From the lab's point of view, we were already overwhelmed with an increasing and non stopping flood of malware at that time. Nothing new, the amount of malware was multiplying per a factor of two every year, and even though the cloud had some issues –and still has, because there is no perfect technology- it was a smart approach to solve the different problems we were facing at that time (adding a huge volume of detections, faster updates, etc.). Furthermore, we saw an early opportunity to use the cloud for some exciting stuff:
– Adding some self-developed technologies that could not otherwise be run on a user's computer.
– Detecting good files (aka goodware.)
– Using new approaches to detect malware (contextual information, correlation of different behaviours.)
At the time, one of our major concerns was that a lot of people were infected even if they were supposed to be protected, and even worse, they didn't know that they were infected. Se we started building up what we now call Collective Intelligence 1.0, a database with all the knowledge we had about malware. At the same time we were developing a proof of concept in-the-cloud scanner (code name: Nanoscan) to validate that our feeling about infection rates was right, and to test the cloud technology and confirm it was worth the effort.
A few months later we released Nanoscan. It was light (~300kb), and it could scan the different processes the computer was running at the same time as the scan. Collective Intelligence back then was not able to run all the technologies we had in the lab, but it was good enough to show us what was happening out there. And as far as we know it was able to detect more malware than any antivirus product (including Panda!) since no one else had this kind of technology integrated in an antivirus. Another nice feature in Nanoscan was that it queried the Windows Security Center so we could know if there was an antivirus installed, which one it was and if it was active and updated. We gathered data for a couple of months (a few million computers scanned) and the results were as bad as we were afraid of: 23 percent of the computers scanned that had an antivirus running and updated had malware loaded in the memory. It didn't matter which antivirus it was, everyone had many users infected: McAfee (24%), Panda (15%), Symantec (23%), Trend (17%), etc. We wrote a paper about this, which you can download here.
In that moment we decided that we had to move forward and develop Collective Intelligence. And we did. Later we launched 2009 products, the same kind of products we had in the past but they were capable of connecting to the cloud when running an on-demand scan, as well as in the perimeter real time protections. A few weeks ago we launched Panda Cloud Antivirus, a brand new product we created from scratch, which is basically the first antivirus thin-client from the cloud.
So now it’s the 2nd anniversary of Collective Intelligence, and I have been playing around with the numbers, which are huge:
– + 26 millions of malware samples
– + 900,000,000,000 registries in the database
– + 18 Tb of information (now you can wonder why we don’t create a signature file with this ๐
Some curiosities:
– To send all the data through a regular DSL, would take 3 years.
– If we write down all the data on paper, it would be equivalent to 727,373 Encyclopaedia Britannica.
– If we put all that paper sheets one after another, we could walk to the moon and come back… 12 times!
We have published a nice video about Collective Intelligence in YouTube.