Like HowStuffWorks on Facebook!

How a Cloud Antivirus Works


Cloud Antivirus Features

If you have any experience using antivirus software, the user interface (UI) of cloud antivirus software should look familiar. After all, its primary job is the same as any other antivirus application: Scanning your computer to identify and clean up any malware. Therefore, you'll find these common functions in a cloud antivirus UI:

  • Scan the entire computer or certain folders on the computer.
  • Adjust when to make automatic scans and what files to include in them.
  • View detailed reports to see what malware was detected during a scan.
  • Take actions to remove or restore any quarantined files, or files that were neutralized in some way until you decide to restore or delete them.

The unique features in cloud antivirus are those you won't see in the UI. We've already seen that cloud antivirus splits its tasks between your computer (a client application) and Web servers elsewhere on the Internet. Because of this split personality, cloud antivirus can leverage resources from across the Internet to better defend your computer against malware. For each cloud antivirus product, these resources come together to form a central database of malware data.

This malware data is collected in different ways depending on the product. For example, Panda Cloud Antivirus gets data for what it calls its Collective Intelligence from IT and software industry resources, honeypots (computers used to trap malware) staged worldwide and feedback from customers [source: Ilascu]. Immunet Free Antivirus depends on its entire community of users (the Immunet Cloud) to learn about potential threats, adding the data to its Collective Immunity technology [source: Immunet]. Cloud antivirus servers run algorithms on the data to classify malware by different qualities, including level of threat.

What makes these malware databases special, though, isn't just their collection techniques. Their real advantage is how quickly they can make that data available to you. Rather than waiting to download some big patch for your antivirus software every few weeks, your computer can scan for the latest threats while you're online, catching them within minutes of their addition to the database.

For offline access, a cloud antivirus product might keep a cache of malware data on your local computer. The cloud antivirus software can keep this cache up-to-date as long as you're online. This cache won't include the entire database of malware threats, but it will include malware that presents the most common threats to your computer.

So far, we've looked at the general features of cloud antivirus software. For a better idea of what this looks like, let's examine the user interface for one of these cloud antivirus products.