About Rising Anti-Virus 2007

Rising had just released the new version "Rising AV 2007".

And Rising said that "Rising is the 3rd company (after Microsoft and VMware) in the world that had the technology of Virtual Mashine and apply it in antivirus."

Here is some introduction on its website:

Virtual Machine Unpacking Engine(VUE)
VUE minimizes resource consumption by reducing the size of virus definition file significantly.

What is packing?
Packing is like placing a “vest” over the virus in order to disguise it.

Sometimes a virus is packed multiple times. Antivirus software without strong unpacking capability cannot detect a virus, Trojan or malware under the “vests”. To solve this problem, they just identify a packed virus as a new virus by keep updating their virus definition file, or virus base. This method is resource consuming and can never safe guard PC in deed.

What is Virtual Machine Unpacking Engine(VUE) ?

VUE provides a fast, efficient and high-tech solution to combat packing. Packed virus must take off its “vest” before it infects a PC. VUE creates a virtual machine system for virus and let it take off its “vest” automatically in this virtual system. In this way, Rising Antivirus 2007 can identify all sorts of packed virus, minimize resource consumption, significantly reduce the size of virus definition file and save the time consumed for everyday update.

I wonder whether Rising is the first antivirus vendor using this technology ?
As I know, there are many other antivirus software good at unpacking, what technology do they use then ? Thank you.

 

We used to call this "generic unpacking" but they tend to attach all kinds of fancy names instead... It's not really a new thing and bunch of AV vendors is using it for ages...

 

Hi, folks: I do remember Norman Virus Control using a so-called sandbox technology to contain viruses, could be very similiar to this virtualization method. Who knows? Norman never got off the ground , generally speaking.

 

The so-called "Virtual Machine" technology was also applied in BitDefender (B-HAVE), Norman (Sandbox) and to an extent, NOD32. It is possible Dr.Web does this as well but I do not know enough about it to be sure.

Rising AV only does this for unpacking, while BitDefender and Norman use it for heuristic analysis as well.

 

This is done by other antivirus engines for years. And it has it's disadvantages aswell. First, it makes scanning of malware horrible slow (gateway scanning!). And you can trick and emulation or sandboxing, the recent breed of malware demonstrates that with every variant that is missed by the scan engines that perform generic unpacking or heuristic/generic detection with emulation.