Previously it took up to 2 hours for our customers to get their local detection patterns updated. Considering the pace at which today’s malware is adapting against local detection capabilities, our customers needed a faster and more robust detection.
Therefore Avira Free Antivirus now uses a hybrid approach to combine our offline detection with cloud based technologies. Our free product now has the same Avira Protection Cloud (APC) technology that was introduced in 2012 for our paid products.
In a nutshell Avira Protection Cloud is a large distributed system that is home to our most advanced detection systems at Avira. It’s capable of detecting new, fast-adapting and sophisticated malware. If our product detects suspicious behaviour on a client, the executable components associated with that event will be checked with APC. This involves first checking if that file is already known to us and depending on the result also sending that file to APC for detailed analysis. Once a file has been uploaded and analysed, the result is available to all customers world wide without the need to send it in again.
The generic advantages are much faster reaction times, also referred to as live detection updates. Another feature is ‘detection protection.’ As the files have to be uploaded to our back-end systems, fast detection evasion via automatic local modification of the malware files is not longer a viable option for the malware authors, thus our detection mechanisms are better protected and stay effective for a longer period of time.
For the sake of brevity I want to mention that due to the additional detection of APC we were able to deliver the highest detection possible to all our customers. This has resulted in industry leading detection and that same level of detection is now available for all our free customers. In a future article I will also talk about the details of our most sophisticated detection systems deployed in APC: Special Engine, NightVision and AutoDump.
To talk a bit about the implications of scale: Every day 50 million suspicious files are checked and about 200.000 suspicious and unknown files are uploaded to APC by our customers. 50.000 of these uploads are malware, adware or PUA (potentially unwanted applications). All 200.000 files have to be analyzed in real-time as we will not allow execution of these suspicious files until they are classified.
To be able to do real-time analysis of such a vast amount of files, APC is distributed around the globe in multiple data centers and is designed to be fault-tolerant, secure and highly available. The system scales automatically according to the customer demand is able to sustain operation even if a whole data center goes down. This uptime performance is necessary as the bad guys never sleep and our customers need to be protected 24/7.
In summary I can say that we are really proud to be able to ship our most sophisticated detection to all our free customers. It is the contribution of our Avira Protection Labs to secure and support the digital lifestyle of all our customers and is a huge step forward regarding our free mission at Avira, enabling our customers to live free on the internet.