Discussion in 'other anti-virus software' started by Unep, Nov 24, 2005.
Does KAV has Virtual PC tecnology, like NOD32, bitdefender and Norman?
No, it is only using signatures.
What is Virtual PC technology for A/V software? Could you explain?
Only signatures? But KAV has heuristics too...
This one: http://www.securitypipeline.com/network/18900335
"Zajac: We have basically two general methods of heuristic technology. The first one is active, and the second is passive. The passive algorithm is based on analysis of the instructions in a particular file or in a particular piece of code. An expert system performs analysis of certain characteristic sequences of the code instructions. If the instructions have a virus- or worm-like nature, an alert is triggered. The second is even more sophisticated. It's based on virtual PC technology. We throw a file into a confined section of the memory where the entire computer is simulated with all its devices, memory, drivers, etc. Then we let the file--which arrives through e-mail--run in this confined, virtual PC environment. In this confined environment, our system can make a very good, educated guess regarding the malicious nature of a file. The trick is to have an algorithm which works in real time, does not trigger false alarms and works with a high degree of precision. In general, we're two to 50 times faster than any competing system. We have the only system in the world that not only detects all existing viruses in the world, but does it in record time."
Yes, it does also use heuristics, but the fast updating of signatures means that you will rarely see a heuristic detection. I have only had one or two.
Anyway Kav 2006 will also add a proactive module consisting of these:
But you havan´t answered my question... )
Does KAV use virtual PC technology?
I didn't answer it because i didn't know what you meant by virtual PC technology, but if you mean sandbox, then no, it doesn't.
Hehehe... thanks Don Pelotas
I think there is a terminology confusion about Virtual PC Technology.
Microsoft defines this technology as follows;
"Virtual machine technology applies to both server and client hardware. Virtual machine technology allows multiple operating systems to run concurrently on a single machine. In particular, the Virtual PC and Virtual Server products allow one or more legacy operating systems to run on the same computer system as the current Windows operating system. Today, many older x86-based operating systems are supported by Virtual PC and Virtual Server. Virtual PC for Mac allows for one or more Windows operating systems to run on the Macintosh operating system, allowing users to run a Windows operating system and Windows applications on a Mac."
Perhaps, we must talk about "Proactive Defense". It will be better.
"And further back
* First renewable antivirus databases released: viruses appeared so rarely that weekly updates were sufficient
* First external antivirus databases developed: increasing antivirus engine capabilities and significantly decreasing update file size
<b> * A processor emulator served as the basis for a heuristic analysor: unknown viruses were detected including polymorphic viruses"</b>
I'd replace "Virtual PC" term with "Virtual Environment"...
Also KAV2006 and Panda use host PC as "virtual environment". Only drawback is that you can't use such heuristics for On-Create/On-Copy events, but just for On-Execute...
Does anyone know if the KAV 2006 beta will run under x64 xp?
Separate names with a comma.