Baidu International Antivirus Cloud Defense Strategy and User Interaction Design

“Why do we do virus defense? To defend against the unknown. What is the unknown? In my view, the unknown can be analyzed from two angles: state and behavior. During the process we must define the unknown; otherwise our thinking becomes too vague.” On October 25, Xie Yizhi, Baidu’s International Antivirus Head of Defense & Offense, said this at the 55th Baidu Technology Salon.

The 55th Baidu Technology Salon was held in Shenzhen, allowing participants from other regions to experience the lively atmosphere and providing a venue for discussion with many local Internet security vendors.

In the session, Xie shared Baidu’s International Antivirus cloud‑defense system. He focused more on the overall thinking rather than detailed technical implementations, emphasizing ideas that could be applied to various security‑related work.

“We need to process data fast and efficiently, perform data mining and analysis, find targets, discover problems, and extract rules.” – Xie Yizhi

Changing Popup Strategy to Let Users Accept the Unknown

For Baidu’s International Antivirus team, dealing with the unknown is a core mission. Traditional antivirus pop‑ups (e.g., security guard alerts) can block some threats, but ordinary users often do not know how to respond to them. The key question becomes: when faced with an unknown, should a pop‑up be shown to the user?

“After continuous research and testing, Baidu International Antivirus developed a new pop‑up strategy,” Xie explained.

The new strategy has two main aspects:

1. The impact of a pop‑up on the user is controllable. When it is not controllable, Baidu makes it operable through an operational approach. Typically, pop‑ups target cloud files and do not affect commonly used local software.

2. Pop‑ups are operable. For example, if a newly installed software adds a startup entry that is unnecessary, showing a pop‑up is acceptable to the user.

Over time, Baidu has evolved pop‑ups from merely blocking high‑risk viruses to making them user‑acceptable and operable, adjusting text, color, position, etc.

Abandoning Traditional Cloud Defense – The Human Struggle Behind Viruses

Internet security is receiving increasing attention, and antivirus products face growing challenges. Baidu’s approach uses a cloud‑defense pre‑warning model.

The cloud‑defense strategy consists of four parts:

1. Monitoring – collecting rich data from various monitoring points to support later decision‑making.

2. Analysis – processing massive data quickly and efficiently, then discovering problems and extracting rules.

3. Response – having the capability to react once a problem is identified, which requires both the client and cloud infrastructure to be prepared.

4. Strategy – most policies are controlled in the cloud rather than locally.

Traditional main‑defense relies on local engines to judge a file’s black/white status and show a pop‑up accordingly. Baidu’s cloud‑defense, however, makes decisions in the cloud, allowing different strategies for different malware.

“The battle behind a virus is a human struggle. We don’t have to block every threat immediately; we can observe it via cloud policies and strike when the adversary’s cost becomes too high,” Xie said.

New Industry Defense Ideas – Making Antivirus Smarter

Overall, Baidu’s cloud rules serve two major functions:

1. Targeted strikes – unlike traditional antivirus that may allow a white‑listed file to act even if it triggers a risky behavior, Baidu’s cloud trust model can identify and block abnormal actions.

2. Richer actions – instead of merely deleting a file or showing a pop‑up, Baidu’s system can perform more nuanced operations tailored to the specific threat.

With this cloud‑defense system, Baidu International Antivirus has successfully mitigated threats such as the WinRAR 0‑day vulnerability and polymorphic worm infections.

“I traveled from Shantou to Shenzhen to attend the Baidu Tech Salon. Xie’s sharing gave me great insights for future enterprise virus defense,” said an attendee.

The Baidu Technology Salon, organized by Baidu, is one of the earliest open technical exchange events in China’s Internet industry. Running for four years, it aims to share leading technical ideas and practices, becoming a spiritual home for high‑end technical personnel and promoting domestic Internet technology development and industry innovation.