I'm not an expert, but this seems to be a real step up in detection methods.

"MX-Virtualization" Dramatically Improves Detection of New Malware Threats

CLEARWATER, FL--(Marketwire - March 4, 2009) - Sunbelt Software, a leading provider of Windows security software, today announced the availability of its new malware analysis technology, MX-Virtualization™ ("MX-V"), as part of a significant enhancement to its popular VIPRE™ Antivirus + Antispyware product line. MX-V is a compact, high-speed virtualized Windows environment integrated directly into VIPRE, which performs rapid behavioral analysis of potential malware. The integration of MX-V is the latest addition to VIPRE's arsenal of detection methods to help protect users from unidentified or new variants of malware.

"With MX-V, we have created a method to rapidly analyze potential malware by observing its behavior in a virtual environment, providing enhanced protection against new or unknown threats," said Alex Eckelberry, CEO of Sunbelt Software. "Furthermore, because we developed the technology using an emulation technique known as Dynamic Translation, it is extremely fast, able to do its work without compromising system performance."

Background

The rapidly evolving sophistication of malware makes traditional detection methods increasingly obsolete, as new strains of malware use highly complex obfuscation techniques designed to hide from even the most sophisticated analysis systems.

MX-V is a major step in solving this problem by analyzing potential malware in a highly compact, proprietary virtualized Windows environment, tightly integrated into the VIPRE scanning system. Without any user interaction, malware is executed in an environment that mimics many core Windows functions, and analyzed for certain malware signatures and behavioral characteristics. This new functionality enables VIPRE to detect many types of malware without the necessity of creating a constant stream of dedicated signatures and heuristic systems.

MX-V is part of a number of other detection methods used by VIPRE, including classic signature detection and heuristics. The performance impact on a user's system is virtually unnoticeable, in keeping with Sunbelt's commitment to delivering next-generation antivirus without the large memory and CPU footprint common to other solutions.

Availability

The MX-V technology is available immediately in the latest VIPRE definitions update (definitions series 5,000 and up), in both the consumer and enterprise versions of VIPRE. The update also includes other enhancements, including improved signature and heuristic detections.

I think Norman has been doing similar kind of "sandboxing" for like 7 years.

But for some reason Norman Sandbox never made any significant breakthrougs... :(

I can vouch the knowledge and expertise to Inspector Closeau. I'm sure they're are not wasting time to create this new technology which is working according to their lab tests. :D

EDIT: I personally am interested in this new technology and await AV-COMPARATIVES test. Sunbelt posted a blog today. http://sunbeltblog.blogspot.com/2009/03/mx-virtualization-announced.html Read the comments.

no big surprise. they have some very good folks working on their products and it can only get better.:)

So MX-V is basically for real-time scanning, where it puts every running program in a sandbox to guage it. Right ?
So this will not have a direct impact on on-demand based test results, I guess. Its in someways similar to DW.

Wrong, read the comment from Alex E. It's both on-access and on-demand. :)

-{ Quote: "I can vouch the knowledge and expertise to Inspector Closeau. " }- They'll benefit. If he stays in one place for a while. He's been moving around a bit the last couple of years.

-{ Quote: "Wrong, read the comment from Alex E. It's both on-access and on-demand. :)" }-
Sorry, didn't read that fully (and/or understand it fully). In that case it probably similar to some other advanced heuristic tech. available in other products.
Sunbelt claims MX-V is superior to Heuristic approach. But that time will tell.

-{ Quote: "They'll benefit. If he stays in one place for a while. He's been moving around a bit the last couple of years." }-

Not really. He's been working for ESET, FRISK and now Sunbelt. Thats not all that much changing.

If it comes anywhere near the 'big boys' in on-demand/detection testing and certifications there will be a mass exodus to it.

It's quite phenomenally light and has no impact on system performance when scanning.
Gone are the days where I had to walk away from the PC while a full scan was carried out!

:thumb:

-{ Quote: "Not really. He's been working for ESET, FRISK and now Sunbelt. Thats not all that much changing." }-
So, Inspector Clouseau is Michael St. Neitzel?

-{ Quote: "So, Inspector Closeau is Michael St. Neitzel?" }-
Yes, he is :D

-{ Quote: "I think Norman has been doing similar kind of "sandboxing" for like 7 years." }-

That's different. The Norman sandbox is a standard emulator.

Our emulation is different, as it uses a very high-speed method of virtualization, Dynamic Translation. There are a few other AV vendors that do this, but not many. On top of Dynamic Translation we added Windows virtualization.

MX-V is part of the detection pipeline of VIPRE -- we'll run a number of checks on a file both during on-demand and real-time scanning. MX-V will kick in if we can't determine what the file is. We'll actually "run" the file in the virtual environment.

There are no major perf issues. If you're running VIPRE right now, it already has MX-V in it. It happens without any user interaction.

And yes, Michael St. Neitzel is Inspector Clouseau, he works for Sunbelt and he wrote MX-V himself, while Eric Sites, our CTO, wrote the basic Dymanic Translation method that MX-V is based on.

Alex Eckelberry
CEO, Sunbelt Software

Does Vipre scan web traffic ?

-{ Quote: "Does Vipre scan web traffic ?" }-
nope.. not yet :D

But its protection level is untouched by most others here. :thumb:

-{ Quote: "But its protection level is untouched by most others here. :thumb:" }-


Trjam, how is performing Vipre?

Has anyone tested vipre with some malware collection and can someone tell what are detection rates?


Trjam, I saw yesterday that you have F-Secure, and couple a days ago F-Prot.

Man, it's hard to keep tracking all you change.

Maybe you should write you changes in your profile. It would be interesting to read.

-{ Quote: "
Trjam, I saw yesterday that you have F-Secure, and couple a days ago F-Prot.

Man, it's hard to keep tracking all you change.

Maybe you should write you changes in your profile. It would be interesting to read." }-

You do realize some of us have multiple PC's and even multi-boot setups right?
It is possible to own and even like several products at one time on different machines. Make sense? It does not necessarily mean he changes that frequently. Avatars are easy to change to show support for a product. :thumb:
Now if I could just find an avatar for Vipre... Hmmmm.

-{ Quote: "But its protection level is untouched by most others here. :thumb:" }-
Hi Jeff

What firewall are you working with ?

-{ Quote: "But its protection level is untouched by most others here. :thumb:" }-Did you do a home grown test? No professional tester results available yet or are there?

Strengths are its light footprint and its fast scan speeds.

Weaknesses are that; it is unsuited for those on slow connections because of the sizes of the initial program download and the first update package. Further, no official confirmation of detection rates. But since it is still maturing, my guess would be that it is in Tier 2/3 for detection with AntiVir/KAV being in Tier 1.

-{ Quote: "You do realize some of us have multiple PC's and even multi-boot setups right?" }-

Yes i realize that. I have multi-boot setup right now.
-{ Quote: "It is possible to own and even like several products at one time on different machines. " }-
:thumb:

-{ Quote: "Make sense?" }-
Make sense. But i don't understand what you are so negative about my post.


My primary question was regarding Vipre. Make sense ??

-{ Quote: "Trjam, how is performing Vipre?

Has anyone tested vipre with some malware collection and can someone tell what are detection rates?
" }-

-{ Quote: "
Make sense. But i don't understand what you are so negative about my post.
My primary question was regarding Vipre. Make sense ??" }-

Sorry if it came off negative, I was in a mood.. lol. Did not mean anything towards you at all. :thumb:
I've been here long enough to see him change avatars a lot and he catches a lot of flak here for it... Not my business I know, like I said I was in a mood...
Life marches on.......;D
Long live VIPRE!!

how often does Vipre usually update? every hour? every 3 hours? i dont want to know what you can set it to check, i want to know how often actual updates are given.

-{ Quote: "how often does Vipre usually update? every hour? every 3 hours? i dont want to know what you can set it to check, i want to know how often actual updates are given." }-

last time i tried it(maybe a few months back) it updated after 2 days or somethingh. That was the main reason for me not to use it. A signature product needs to update least once a day for me. Anyways last time i contacted their live support chat for some basic questions regarding CS active protection i almost wanted to past the conversation here. The gal that assisted me wasnt capable of awnsering any questions, had me waiting long times whiole contacting a senior and in the end got upset with me because she didnt know how CounterSpy worked ???

Anyways sorry for getting all offtopic, i know Alex is a great guy n armed with the inspector Vipre should be alot better then say the likes of comodo av

-{ Quote: "last time i tried it(maybe a few months back) it updated after 2 days or somethingh. That was the main reason for me not to use it. A signature product needs to update least once a day for me. Anyways last time i contacted their live support chat for some basic questions regarding CS active protection i almost wanted to past the conversation here. The gal that assisted me wasnt capable of awnsering any questions, had me waiting long times whiole contacting a senior and in the end got upset with me because she didnt know how CounterSpy worked ???

Anyways sorry for getting all offtopic, i know Alex is a great guy n armed with the inspector Vipre should be alot better then say the likes of comodo av" }-i tried the trial 15 days and it really impress me and the best part of it it is the heuristic part of the antivirus you set it up on high and this beast rocks:thumb:

-{ Quote: "how often does Vipre usually update? every hour? every 3 hours? i dont want to know what you can set it to check, i want to know how often actual updates are given." }-

From the Malware Research Labs:

http://www.sunbeltsecurity.com/definitions.aspx

they dont seem to have very many updates a day.... but they do seem to have a lot of definitions added each update... hmmmm

-{ Quote: "Sorry if it came off negative, I was in a mood.. lol. Did not mean anything towards you at all. :thumb:
I've been here long enough to see him change avatars a lot and he catches a lot of flak here for it... Not my business I know, like I said I was in a mood...
Life marches on.......;D
Long live VIPRE!!" }-

O.K. No problem. :thumb:
I thinked that something was "wrong :wacko: " with you, but i didn't know it was your mood :lurking: .

Yes it was not your business !!:dry:

I see Vipre signature at your profile. Are you using it ? If so, can you tell us your impressions.

I've been running this for 48 hours now. I removed Avast and PCTools Firewall Plus (the active protection) to avoid any initial conflicts. I run Safari 4 beta and theres a significant increase in response time (from an already fast browser) with just Vipre running.

Opening new folders and files can take some extra time while Vipre does its thing. There is an option to stop checking new folders etc but I hope the small delay is worth the security. Once the folder is opened there is no more delay.

My next step was to put back a firewall so I though maybe their own firewall should work best with their anti product but big mistake there, YMMV. Serious loss of speed and screen freezes on my system (dedicated to browsing 1.8 pentium 4, 1 mb memory, XP SP3) immediately so that had to go.

I went back to PCTools Firewall and even with the enhanced security and packet verification on they work great together.

I use OpenDNS, run a hosts file, I have a lot of the so called bad domains blocked at my router, use Sandboxie when browsing questionable sites, and run a series of free on demand scanners once a week ( MBAM, SAS, Norton Security scan through Google Pack, AVZ, occasionally Kaspersky VRT, Sophos & Panda Anti Rootkits) so I just want a level of safety for what I consider safe browsing.

One thing I would caution on is that Thunderbird is seriously slowed by Vipre. If you go to getsatisfaction.com Sunbelt has a support forum there and there are a lot of users complaining about their email being blocked etc.

It seems the definition update that I downloaded with Vipre had just addressed the problem but I still found an aggravating delay in sending and receiving emails so I went back to GMail direct

-{ Quote: "From the Malware Research Labs:

http://www.sunbeltsecurity.com/definitions.aspx" }-

Hmmm, that is way better then last time :thumb: 2 updates at least a day is comforting

-{ Quote: "O.K. No problem. :thumb:
I thinked that something was "wrong :wacko: " with you, but i didn't know it was your mood :lurking: .

Yes it was not your business !!:dry:

I see Vipre signature at your profile. Are you using it ? If so, can you tell us your impressions." }-

Something is wrong with me.. Too many hours in front of personal confusers!!;D

As to the detection of VIPRE? Dunno, I haven't had any problems on my PC's in years. However, it is very light. I even run it on my gaming rig, which is Vista 64 bit, and can play Crysis wars online without any slow downs!! Very impressed with that!! Not to mention I have met the Inspector and from what I can tell it is a solid company run by good folks!!
Very happy with my purchase!:thumb:

I had this installed before and it seemed to work fine.However when I tried to reinstall it later it keep telling me the file was corrupt.I ran ccleaner after the uninstall as always to get rid of leftovers.Would I have a file left that's corrupting my install????

-{ Quote: "I had this installed before and it seemed to work fine.However when I tried to reinstall it later it keep telling me the file was corrupt.I ran ccleaner after the uninstall as always to get rid of leftovers.Would I have a file left that's corrupting my install????" }-


rookieman,

I ran into that problem with the corrupt file thing when trying to install Vipre this last time. I contacted Vipre through their Chat Support, and I was told that they put a freeze on my license key because I installed/uninstalled Vipre one too many times. They did unfreeze my license key, and I'm running Vipre now.

I don't know if that is the problem you're having, but thought I would mention it just in case.

Thanks Graystoke,I'll have to take a look into that:thumb:

-{ Quote: "last time i tried it(maybe a few months back) it updated after 2 days or somethingh. That was the main reason for me not to use it. " }-

This is not true. I use VIPRE for at least 6 months now, in a productive environment and they provide signatures updates many times every day except maybe weekends.

I think that this time VIPRE Antivirus is the most light and effective antivirus you can use, be sure especially at business, not to mention the support.

Regards
joter

-{ Quote: "This is not true. I use VIPRE for at least 6 months now, in a productive environment and they provide signatures updates many times every day except maybe weekends.

I think that this time VIPRE Antivirus is the most light and effective antivirus you can use, be sure especially at business, not to mention the support.

Regards
joter" }-

Im not making it up, it happend period - during the week 2 days went by without updating

I've been getting two virus updates per day, the last several days. I even got updates on this past Saturday and Sunday. I've gotten one so far today.

Yes. Today i finished a meeting and our viruslabs will work 24/7 now. There will be some noticeable improvements with updates very soon ;D

Can we espect the 15-day trial to be extended to "normal" 30 days trial as all other products?

Regards

i for one like this so far. testing it out and its running great ic will you be involved in the next av comparatives? or anything upcoming?

Off topic post removed. Stay on topic please.