Vipre detection improvement

Discussion in 'other anti-virus software' started by lotsamosi, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. lotsamosi

    lotsamosi Registered Member

    Joined:
    Jan 9, 2008
    Posts:
    8
    I'm not an expert, but this seems to be a real step up in detection methods.

    "MX-Virtualization" Dramatically Improves Detection of New Malware Threats

    CLEARWATER, FL--(Marketwire - March 4, 2009) - Sunbelt Software, a leading provider of Windows security software, today announced the availability of its new malware analysis technology, MX-Virtualization™ ("MX-V"), as part of a significant enhancement to its popular VIPRE™ Antivirus + Antispyware product line. MX-V is a compact, high-speed virtualized Windows environment integrated directly into VIPRE, which performs rapid behavioral analysis of potential malware. The integration of MX-V is the latest addition to VIPRE's arsenal of detection methods to help protect users from unidentified or new variants of malware.

    "With MX-V, we have created a method to rapidly analyze potential malware by observing its behavior in a virtual environment, providing enhanced protection against new or unknown threats," said Alex Eckelberry, CEO of Sunbelt Software. "Furthermore, because we developed the technology using an emulation technique known as Dynamic Translation, it is extremely fast, able to do its work without compromising system performance."

    Background

    The rapidly evolving sophistication of malware makes traditional detection methods increasingly obsolete, as new strains of malware use highly complex obfuscation techniques designed to hide from even the most sophisticated analysis systems.

    MX-V is a major step in solving this problem by analyzing potential malware in a highly compact, proprietary virtualized Windows environment, tightly integrated into the VIPRE scanning system. Without any user interaction, malware is executed in an environment that mimics many core Windows functions, and analyzed for certain malware signatures and behavioral characteristics. This new functionality enables VIPRE to detect many types of malware without the necessity of creating a constant stream of dedicated signatures and heuristic systems.

    MX-V is part of a number of other detection methods used by VIPRE, including classic signature detection and heuristics. The performance impact on a user's system is virtually unnoticeable, in keeping with Sunbelt's commitment to delivering next-generation antivirus without the large memory and CPU footprint common to other solutions.

    Availability

    The MX-V technology is available immediately in the latest VIPRE definitions update (definitions series 5,000 and up), in both the consumer and enterprise versions of VIPRE. The update also includes other enhancements, including improved signature and heuristic detections.
     
  2. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I think Norman has been doing similar kind of "sandboxing" for like 7 years.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But for some reason Norman Sandbox never made any significant breakthrougs... :(
     
  4. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    I can vouch the knowledge and expertise to Inspector Closeau. I'm sure they're are not wasting time to create this new technology which is working according to their lab tests. :D

    EDIT: I personally am interested in this new technology and await AV-COMPARATIVES test. Sunbelt posted a blog today. http://sunbeltblog.blogspot.com/2009/03/mx-virtualization-announced.html Read the comments.
     
    Last edited: Mar 4, 2009
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    no big surprise. they have some very good folks working on their products and it can only get better.:)
     
  6. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    So MX-V is basically for real-time scanning, where it puts every running program in a sandbox to guage it. Right ?
    So this will not have a direct impact on on-demand based test results, I guess. Its in someways similar to DW.
     
  7. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Wrong, read the comment from Alex E. It's both on-access and on-demand. :)
     
  8. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    They'll benefit. If he stays in one place for a while. He's been moving around a bit the last couple of years.
     
  9. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Sorry, didn't read that fully (and/or understand it fully). In that case it probably similar to some other advanced heuristic tech. available in other products.
    Sunbelt claims MX-V is superior to Heuristic approach. But that time will tell.
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Not really. He's been working for ESET, FRISK and now Sunbelt. Thats not all that much changing.
     
  11. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    209
    Location:
    The Angel Isle
    If it comes anywhere near the 'big boys' in on-demand/detection testing and certifications there will be a mass exodus to it.

    It's quite phenomenally light and has no impact on system performance when scanning.
    Gone are the days where I had to walk away from the PC while a full scan was carried out!

    :thumb:
     
  12. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    So, Inspector Clouseau is Michael St. Neitzel?
     
    Last edited: Mar 6, 2009
  13. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    Yes, he is :D
     
  14. alexeck

    alexeck Registered Member

    Joined:
    Dec 1, 2004
    Posts:
    33
    That's different. The Norman sandbox is a standard emulator.

    Our emulation is different, as it uses a very high-speed method of virtualization, Dynamic Translation. There are a few other AV vendors that do this, but not many. On top of Dynamic Translation we added Windows virtualization.

    MX-V is part of the detection pipeline of VIPRE -- we'll run a number of checks on a file both during on-demand and real-time scanning. MX-V will kick in if we can't determine what the file is. We'll actually "run" the file in the virtual environment.

    There are no major perf issues. If you're running VIPRE right now, it already has MX-V in it. It happens without any user interaction.

    And yes, Michael St. Neitzel is Inspector Clouseau, he works for Sunbelt and he wrote MX-V himself, while Eric Sites, our CTO, wrote the basic Dymanic Translation method that MX-V is based on.

    Alex Eckelberry
    CEO, Sunbelt Software
     
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Does Vipre scan web traffic ?
     
  16. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    nope.. not yet :D
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    But its protection level is untouched by most others here. :thumb:
     
  18. renegade08

    renegade08 Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    431

    Trjam, how is performing Vipre?

    Has anyone tested vipre with some malware collection and can someone tell what are detection rates?


    Trjam, I saw yesterday that you have F-Secure, and couple a days ago F-Prot.

    Man, it's hard to keep tracking all you change.

    Maybe you should write you changes in your profile. It would be interesting to read.
     
  19. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    You do realize some of us have multiple PC's and even multi-boot setups right?
    It is possible to own and even like several products at one time on different machines. Make sense? It does not necessarily mean he changes that frequently. Avatars are easy to change to show support for a product. :thumb:
    Now if I could just find an avatar for Vipre... Hmmmm.
     
    Last edited: Mar 6, 2009
  20. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Hi Jeff

    What firewall are you working with ?
     
  21. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Did you do a home grown test? No professional tester results available yet or are there?
     
  22. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Strengths are its light footprint and its fast scan speeds.

    Weaknesses are that; it is unsuited for those on slow connections because of the sizes of the initial program download and the first update package. Further, no official confirmation of detection rates. But since it is still maturing, my guess would be that it is in Tier 2/3 for detection with AntiVir/KAV being in Tier 1.
     
  23. renegade08

    renegade08 Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    431
    Yes i realize that. I have multi-boot setup right now.
    :thumb:

    Make sense. But i don't understand what you are so negative about my post.


    My primary question was regarding Vipre. Make sense ??

     
  24. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Sorry if it came off negative, I was in a mood.. lol. Did not mean anything towards you at all. :thumb:
    I've been here long enough to see him change avatars a lot and he catches a lot of flak here for it... Not my business I know, like I said I was in a mood...
    Life marches on.......:D
    Long live VIPRE!!
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    how often does Vipre usually update? every hour? every 3 hours? i dont want to know what you can set it to check, i want to know how often actual updates are given.
     
Loading...
Thread Status:
Not open for further replies.