Mobilizing a community to fight malware

The word about Immunet’s free anti-virus solution is spreading fast. The agent installed on my computer tells me that there are currently 162,597 people in the Immunet Cloud, and that I’m protected from 12,637,576 threats. When I first installed it almost a month ago, the number of users was around 122,000.

But, what is Immunet Protect? How does it work? And what can account for such a fast adoption? These are all good questions and they will be answered, but allow me to say a few words about the company first.

Founded in July 2008 by Oliver Friedrichs, former Director of Emerging Technologies at Symantec, Immunet is still a small firm. The management team consists of three people: Friedrichs (CEO), Alfred Huger (VP of Engineering) and Dr. Adam O’Donnell (Director of Cloud Engineering).

Huger and Friedrichs go back a long way – they have co-founded SecurityFocus and Secure Networks, and have continued to work together after Symantec’s acquisition of SecurityFocus. O’Donnell joined Immunet from Cloudmark (an anti-messaging abuse company), and is responsible for the architecture and development of Immunet’s cloud AntiVirus infrastructure.

It took a little over a year for the company to push out the beta version of their community- and cloud-based anti-virus solution. Immunet Protect has been made available to download in August 2009, and the ball started rolling.

“I think our estimate for the beta was 10,000 users given we have little or no marketing budget,” shares Huger. “At the time you publish this article I suspect we will be north of 150,000 installed users. If our numbers continue at this pitch then we have a fighting chance of making 1,000,000 users this year.” Needless to say, they are pleasantly suprized by the numbers.

So, what drives this fast pace of adoption? There are multiple answers to that question:

1) The solution is free.
2) Its invitation system lets you automatically invite members of your social network into the Immunet Protect community (i.e. you Facebook and Twitter friends, Gmail and Yahoo contacts, and others). The logic behind this step is simple: by shielding members of your social network from threats, you greatly reduce the risk of threats making their way to your own computer.

3) It’s a cloud solution with an extremely lightweight agent. Thus, the solution uses up just a tiny part of your computer resources and doesn’t slow it down.
4) It works alongside other anti-virus solutions installed on the computer. What’s more, it harnesses their power – every suspicious file the solutions detect is automatically compressed and sent over to the cloud for analysis.

“We do want to be seen as a viable alternative to mainstream AV. We are confident that with the 2.0 version we’ll be shipping in May is a solution which is competitive with other AV packages,” says Hugher. “But, we install alongside other AV products because we believe two solutions work well for many users.”

“The list of solutions that Immunet Protects supports – officially and unofficially – can be found here,” he offers.

A lot of people are of the opinion that one anti-virus solution is no longer enough to catch every threat, that they are simply to “reacting” too slowly. “What do you think?” I ask.

“I think we all know someone who had up-to-date anti-virus and still got a virus so I think the argument that AV is not doing it’s job as advertised is a fair one,” he muses. “I think the reasons are varied as to why this happens, but it all boils down to the fact that this is a very hard problem to solve and that reports of detection rates that sound too good to believe, probably are.”

When announcing Immunet Protect, the company said that it takes a new approach to a decades old problem. But, cloud anti-virus isn’t a new thing. I ask Huger to explain how their product differs from other cloud offerings – other than being a solution that started off as a cloud offering, that is.

“Actually having started as a cloud product is quite significant on it’s own. It means we’re newly engineered and, as of yet, have no legacy software commanding large CPU and memory footprints in order to maintain backwards compatibility. That is an advantage we can keep as well because so much of our logic is simply ‘cloud side’ versus on the desktop,” he says.

“Our approach is unique in that it’s highly community focused and we’re attempting to move away from an analyst centric protection model which is favored by most vendors – whether they have cloud components or not. We don’t believe that current approaches, which rely on centralized review of malware by teams of analysts, scale to the problem at hand. A ‘cloud’ and ‘community’ approach are a way of trying to get in front of this problem,” he continues. “Is it a perfect approach? Certainly not, but we think it holds more promise than other approaches being used today.”

For now, I am perfectly satisfied with using Immunet Protect along with the “heavyweight” AV solution I have been using so far. Since they work so well together, there is no reason whatsoever why I shouldn’t let them coexist in peace, and I’m eager to see how they perform over a longer period of time.

I also have a few friends that have been using Immunet’s solution. Two of them were pleasantly surprised by how fast the scan process is, and wondered: “Could this be it? It did the job it was supposed to do, right?” But, their expectations were based on a misconception. “The current version of the beta product only scans running processes and those programs set to run at boot time. It’s called a ‘Flash Scan’ and people generally accept that it’s fast because of it’s limited scope. Most of the files we review are those introduced to the system after install (downloaded, etc.) and those run after we install,” says Huger.

For myself, I had one pressing question – does the company have plans to extend the protection to Macs? “Well, not in the near term. Although-¦ It is being discussed,” he says. “So, what are your imminent plans, then?”, I ask.

“In late May we are hoping to ship version 2.0 which will introduce a new Free version and a new commercial offering. Both will have nearly identical feature sets except that the commercial offering will have a ‘local host’ or offline scanner to operate when people are not connected to the cloud. Both versions will have a fully featured UI which is highly focused on ‘your’ community. We will also be shipping one new cloud engine in 2.0 called SPERO, which is lighter and faster then our current ETHOS engine.”

Don't miss