I'm not an expert, but this seems to be a real step up in detection methods. "MX-Virtualization" Dramatically Improves Detection of New Malware Threats CLEARWATER, FL--(Marketwire - March 4, 2009) - Sunbelt Software, a leading provider of Windows security software, today announced the availability of its new malware analysis technology, MX-Virtualization™ ("MX-V"), as part of a significant enhancement to its popular VIPRE™ Antivirus + Antispyware product line. MX-V is a compact, high-speed virtualized Windows environment integrated directly into VIPRE, which performs rapid behavioral analysis of potential malware. The integration of MX-V is the latest addition to VIPRE's arsenal of detection methods to help protect users from unidentified or new variants of malware. "With MX-V, we have created a method to rapidly analyze potential malware by observing its behavior in a virtual environment, providing enhanced protection against new or unknown threats," said Alex Eckelberry, CEO of Sunbelt Software. "Furthermore, because we developed the technology using an emulation technique known as Dynamic Translation, it is extremely fast, able to do its work without compromising system performance." Background The rapidly evolving sophistication of malware makes traditional detection methods increasingly obsolete, as new strains of malware use highly complex obfuscation techniques designed to hide from even the most sophisticated analysis systems. MX-V is a major step in solving this problem by analyzing potential malware in a highly compact, proprietary virtualized Windows environment, tightly integrated into the VIPRE scanning system. Without any user interaction, malware is executed in an environment that mimics many core Windows functions, and analyzed for certain malware signatures and behavioral characteristics. This new functionality enables VIPRE to detect many types of malware without the necessity of creating a constant stream of dedicated signatures and heuristic systems. MX-V is part of a number of other detection methods used by VIPRE, including classic signature detection and heuristics. The performance impact on a user's system is virtually unnoticeable, in keeping with Sunbelt's commitment to delivering next-generation antivirus without the large memory and CPU footprint common to other solutions. Availability The MX-V technology is available immediately in the latest VIPRE definitions update (definitions series 5,000 and up), in both the consumer and enterprise versions of VIPRE. The update also includes other enhancements, including improved signature and heuristic detections.