[Lion7718]

Source: BetaNews

The security research firm known that first came to prominence in 2001 after having discovered the gaping security hole in Microsoft Internet Information Services exploited by the worm it dubbed "Code Red," has thrown its hat all the way into the security software ring. This morning, eEye becomes an anti-virus company, going to bat against Symantec and McAfee, and integrating Norman anti-virus technology into its Blink Professional security suite.

What will distinguish the new Blink from its competition is Norman's approach to evaluating executable program behavior before it runs. As eEye Chief Technology Officer Mark Maiffret explained to BetaNews, the new Blink system will actually run executable files in a protected virtual machine, which the company says will still be called the Norman SandBox.

When eEye began scouting potential anti-virus vendors for inclusion in the new Blink, Maiffret said, "we had a large kind of honey pot that we had set up with about 20 or so antivirus vendors, and consistently the one company that kept detecting viruses ahead of time, before everybody else, was Norman. The reason we liked it is because they have real great generic technology to be able to generically identify viruses based on their characteristics, rather than using constantly updating a known signature database."

The Norman SandBox, Maiffret described, is a fast, stand-alone virtual machine, which tests the code of executables to see whether they'll do interesting things, such as changing the Windows System Registry startup keys, or some very interesting things, such as connect to an IRC chat server somewhere in Russia.

Rather than scan everything all the time, however, the new Blink will scan newly discovered executables, and may perhaps rescan them if, for instance, their patterns or file size appears to have changed. But if it's the same executable, by default, Blink will only scan it once.

Full Story