The good news is that Collective Intelligence (CI), the engine for Internet security created in 2006 by Panda Security's malware research laboratory, recently processed its 200 millionth malware file via the cloud. That's also the bad news.
CI uses the Internet "community" -- users of Panda's free CloudAntivirus, along with other companies and collaborators -- to locate malware. The company says CI automatically detects, analyzes and classifies more than 73,000 new malware strains that appear every day, ranging from viruses to worms, Trojans, spyware and other attacks. CI now has a database of more than 25 terabytes of cloud-based classification data.
Also see "Clouds of anxiety: Companies worry about security of cloud computing"
Unfortunately, the company has reached this milestone because the threats also keep getting faster and more abundant. According to Panda, a third of all the malware in existence was created in the first 10 months of 2010. The average number of threats created daily rose from 55,000 in 2009 to 63,000 in 2010 to 73,000 this year.
Microsoft reported this past May that one of every 14 downloads from the Internet may contain malware code. Social media -- particularly Facebook -- has become fertile ground for malware attacks.
So, is Collective Intelligence actually winning the war on malware, barely keeping up with it or falling behind? Pedro Bustamante, senior research adviser at Panda, believes CI is keeping up. "Real-time scanning, classifying and disinfecting malware via the cloud, is the only way to scale with the pace at which cybercriminals are distributing new threats," he says. But he acknowledges the enemy is sophisticated, well-funded and highly motivated. The purveyors of malware are not a random collection of "bad guys," he says. "They are organized criminal organizations, structured like a medium/large company."
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
They have development departments and conduct QA against the most popular antivirus and Internet security products, he adds. They have marketing departments that recruit affiliates who they pay-per-install based on geo-location of the infected PC. They have business ties with other organized groups to install other types of malware such as rogue antivirus, etc.
"I wouldn't be surprised if some of these groups also have political ties in some Eastern European countries for 'protection' from being shut down," he says.
With the speed and ease with which malware is being created, is even an improvement to six minutes to classify a threat too long? Bustamante says more important than the raw time of responding to a specific file is the "prioritization of queues." CI, he says, is able to focus on the most important and prevalent first, and ignore variants that are, "no longer in the wild, nor will (they) ever be."
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
One of the best ways to improve CI, he adds, is to join it -- for free. The company's Cloud AntiVirus now has more than 12 million users. But he says Panda can improve with more of the kind of, "intelligence we are gathering from our cloud-based system."