I just wanted to give you all a quick heads-up to some things we’re doing to VIPRE.
If all goes to plan, we will start beta-testing our new 3.2 core engine next week. This is not an upgrade to the product itself, rather simply an upgrade to our detection engine (which comes as an automating update to the defs). We expect to go live on this new engine sometime in mid-February.
This new engine has some important new enhancements for the detection of both existing malware, and new, unknown threat/variants.
First, we have dramatically improved the GenScan technology (a method of doing pattern analysis on files).
Secondly, we have added a lot of improvements in our detection methods overall. Lots of little things, too many to list.
But finally, the big news will be our release of our new proprietary MX-Virtualization technology (MX-V).
As a bit of background, VIPRE uses a number of different techniques to detect the presence of malware, including classic signature detection and heuristics. MX-V adds to this arsenal an extremely compact virtualized Windows environment to test for the presence of malware.
The rapidly evolving sophistication of malware makes classic detection methods increasingly obsolete, as new strains of malware use highly complex obfuscation techniques designed to hide from even the most sophisticated analysis systems. Primary among these methods is the use of compression systems (“packers”) that require antivirus vendors to create specialized de-compression methods (“unpackers”) to analyze a file. The necessity to continue to add specialized unpackers to a virus engine is one of the major challenges faced by antivirus companies today. It also creates an additional danger for users faced with new threats, since antivirus companies are unable to create signatures rapidly enough to meet the onslaught of new obfuscation techniques.
In the MX-V system, malware is executed in a virtual Windows environment that mimics many of the core Windows functions — registry, file system, internet connection, mouse clicks, etc. The actions of the malware are then analyzed for behavioral characteristics common to malware, or to look for certain malware signatures. By analyzing malware in this fashion, VIPRE is able to detect many types of malware without the necessity of creating a constant stream of dedicated unpackers and signatures for each variant of a piece of malware.
Technically, MX-V is an extension of VIPRE’s built-in emulation, which uses a method known as Dynamic Translation (a form of binary translation) to break the performance barrier of standard emulation. (Classic CPU emulation is generally unable to achieve a speed higher than 10 MIPS, making it unusable for large-scale use.) Dynamic Translation is a technology which recompiles, on-the-fly, large parts of a program in order to boost performance up to 400 MIPS. It is the use of Dynamic Translation that makes Vipre’s built-in emulation, and the MX-V layer that is an adjunct to it, capable of rapidly analyzing systems for the presence of malware.
MX-V’s main appeal is its ability to enhance the detection of completely new variants or families of malware. In my opinion, it’s a significant technology.
Again, we expect to begin beta-testing this new engine sometime next week, and it will be open to testers. I’ll let you know when it’s up.
Separately, we expect to have a product upgrade in the next several weeks that will add some additional under-the-hood functionality to help detection and removal of malware. It’s not related to the above new core engine update, but it also will continue to improve VIPRE’s detection and remediation.
In Q2, we will be shipping VIPRE 4.0 and VIPRE Endpoint Protection (VEP) for Enterprise (to be marketed as “VIPRE + Firewall” in the consumer edition). VIPRE 4 will add some nice additional features to the existing product; VIPRE Endpoint Protection will add a firewall, HIPS, IDS, and a number of other nifty features. VIPRE 4.0 will be a free upgrade if you’re under maintenance; VEP will have a nominal upgrade charge to additional functionality.
As always, feel free to post any questions, observations, or comments. And for those of you who are helping us spread the word on VIPRE, thank you for all your help!
Alex Eckelberry