Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Groupware Home
.
Overview
.
What's New
.
Internet Security
.
Outlook Connector
.
E-mail & IM Archive
.
Demos & Screenshots
.
Download Trial
.
Documentation
.
System Requirements
.
Powered by Commtouch RDP technology
Questions? Contact Us
Download Trial
How to Buy
.

March 2, 2007

BitDefender B-HAVE heuristic technology provides proactive malware protection in 602LAN SUITE Anti-virus Edition

BitDefender heuristic detection is called Behavioral Heuristic Analyzer in Virtual Environments (B-HAVE). B-HAVE technology creates a virtual computer-inside-a-computer where pieces of software are executed in order to check for potential malware behavior. This next generation heuristic detection technology is included in 602LAN SUITE Anti-virus Edition.

BitDefender B-HAVE

Virus signatures are rules pertaining to what a file looks like, somewhat like a fingerprint. However, many files, especially viruses, look different in memory than they look on disk or in transit, because they are modified in some way at run-time (e.g packed or encrypted). These files cannot be efficiently fingerprinted, since their appearance on-disk or in transit is largely irrelevant to their function.

However, self-propelled worms (malware that does not require user intervention to spread), such as the infamous Witty worm, may take minutes, not hours, to infect a sizable portion of the vulnerable population. Limitations of the signature model are evident when considered in this light, as signature updates may not arrive in time to protect the user.

An independent test performed by PC World found that BitDefender performed the best heuristic detection with 1-month and 2-month old virus signatures. The results are shown in the chart below:

BitDefender Detection Rates

Source: PC World: The New Virus Fighters

Anti-virus signatures are required to combat malware effectivately, but a good proactive heuristic engine can save your organization from many zero-day threats.

B-HAVE advantages over other heuristic technologies:

  • Generic unpacking methods which provide 0-day unpacking support for new packers.
  • Visual Basic runtime engine for proactive detection of visual basic viruses.
  • Faster because most functions implemented in the virtual Windows subsystem are not emulated, but ran natively, thus dramatically increasing the scanning speed.
  • COM support in order to fully emulate VB viruses.
  • Good against viruses, backdoors and trojans.
  • Very good static unpacker support.
  • BAT/CMD emulation embedded in the virtual machine.
Digg  del.icio.us   Furl   Google   Technorati   Windows Live   Yahoo
.
. products | download | support | buy | contact | privacy | partners | company | news | site map | feeds | Software602 News (RSS 2.0) .
.
  © 2008 Software602, Inc. All rights reserved.