Proventia Desktop

on April 26, 2005

Proventia Desktop Takes New Tack on Malware

This is interesting. Proventia has a new anti-malware application that is different from most others in that it doesn’t rely on signatures to detect malicious software. Instead, it seems to use some sort of virtualization/emulation to execute attachments in a virtual environment:

If the program exhibits malicious behavior, such as attempting to harvest addresses from the Microsoft Corp. Outlook contact list or trying to kill anti-virus software, Proventia quarantines the message and attachment.

If there is no malicious behavior, the software allows the attachment to execute on the user’s PC. But in both cases Proventia creates a fingerprint of the attachment for future reference.

I am assuming this is something that runs on attachments in e-mail or something. I can’t imagine it would perform well enough to do an actual full-filesystem scan or runtime on-access/run scanning.