The HiVE Is Live

Advanced Heuristics Will Breed Signature-less Detection

BitDefender is proud to announce that phase 1 in the implementation of the HiVE program (heuristics in virtual environments) has gone into full use in "real-world" systems. BitDefender customers are now protected by an entirely new layer of detection technology.

"What HiVE really does, in layman terms, is that it creates a virtual computer-inside-a-computer, where pieces of software that look suspicious are run, to see if they try to do any of the things that viruses and worms usually do. From there on, well, if it looks like a duck and quacks like a duck, we'll shoot it," declared Bogdan Dumitru, BitDefender CTO. "We are very worried that the number and variety of new viruses and worms will continue to increase, so we are constantly on the lookout for new technologies that will move us away from the reactive paradigm of signature-based detection."

"The HiVE technology has been two years in the making, and will only be phased in completely by the end of the year," said Viorel Canja, Head of Research at BitDefender Labs. "This is new ground for us, and we're treading carefully, but the first results give us much reason for hope. The detection rates we've seen in tests are quite good, and further refinements should bring us even closer to our stated goal of 60% detection with HiVE. However, the reaction time gain is even more important than the detection rate. With HiVE in place, customers will be protected against some new viruses before virus samples even reach our lab."

The HiVE technology is based on behavior analysis in a virtual environment and has evolved from a previous concept, which was awarded an IST prize in 2003. The original MIDAS concept also referred to malware detection through behavior analysis, but with a focus on intrusion detection.

 Share