Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Sunbelt pioneers new anti-virus technology

Software debuts nifty virtualisation trick.

Article comments

US company Sunbelt Software is set to become one of the first anti-virus vendors to embrace a promising but as yet little-used new technique for malware detection known as ‘file emulation'.

Released this week to UK users after a US launch some time ago, the company's Vipre Enterprise anti-malware client is on the face of it just another program jostling for attention with the admin-friendly claim that it can protect PCs from malware without slaughtering performance.

The company also makes play of the fact that it has written the anti-malware engine at the heart of Vipre from scratch, rather than buying it in from one of the larger AV vendors, as do many of Sunbelt's independent security rivals.

Now company CEO Alex Eckelberry has revealed in his blog that Vipre will from mid-February be automatically upgraded to use the a new heuristic technique for spotting malware by running suspect programs in a virtual machine on the host PC itself.

Known in company jargon as ‘MX-Virtualization' (MX-V), Vipre effectively creates an emulated Windows PC in a sandbagged area of memory, mimicking API functions such as the Windows registry, file system, and communications interfaces to see what a file is trying to do. This contrasts with the various conventional pattern-based techniques, which try to identify malware using unique signatures.

Although this technology is not new, few have managed to get it to work without hitting performance - running virtual machines and emulating Windows itself has been seen as a recipe for a sluggish PC. Sunbelt, however, reckons it has upped the bit-churning possible with emulation by many times over what was previously possible, making it a practical possibility for the first time.

"Dynamic Translation [used by Vipre] is a technology which recompiles, on-the-fly, large parts of a program in order to boost performance up to 400 MIPS. It is the use of Dynamic Translation that makes Vipre's built-in emulation, and the MX-V layer that is an adjunct to it, capable of rapidly analyzing systems for the presence of malware," says Eckelberry in his most recent blog.

"The rapidly evolving sophistication of malware makes classic detection methods increasingly obsolete, as new strains of malware use highly complex obfuscation techniques designed to hide from even the most sophisticated analysis systems."

In a separate interview with Techworld, Eckelberry said that as far as he was aware the only other anti-malware products to have tried file emulation in anger were Microsoft and BitDefender.

Vipre Enterprise also boasts of its anti-rootkit protection - the program runs a special module called ‘firstscan in advance of Windows loading - and advanced kernel monitoring.

The company is planning further ‘suite' enhancements to Vipre for later this year, including endpoint protection, an integrated firewall, and intrusion protection, most of which are designed to appeal to enterprise users.


More from Techworld

More relevant IT news


The_Radioman said: I use Viper on 56 computers It works very well

Alonzo said: I have actually gone without any virus protection for years because I just cannot find the balance between protection and performance If this lta hrefhttpwwwsophoscomgtantivirusltagt program has finally found that balance or at least claims to have then I am definitely interested

FromTrendMicro said: Very promising Might as be resigning from TrendMicro and apply to SunBelt

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *