Anti Virus Software with Sandbox Approach

Anti Virus software with a sandbox approach uses a proactive antivirus solution which executes the suspicious file in a safe environment.

The Sandbox is a fully simulated computer, isolated within the real computer and normally  there is no need for any extra hardware to accomplish this.

The simulator uses full ROM BIOS capacities, simulated hardware, simulated hard drives, etc. The simulator emulates the entire bootstrap of a regular system at boot-time, starting by loading the operating system files and the command shell from the simulated drive. This drive will contain directories and files that are necessary parts of the system, conforming to system files on physical hard drives.

The suspicious file is placed on the simulated hard disk and will be started in the simulated environment. The suspicious file is unaware of the fact that it is operating in a simulated computer.

Inside the simulated environment the file may do whatever it wants. It can infect files. It can delete files. It can copy itself over networks. It can connect to an IRC server. It can send e-mails. It can set up listening ports. Every action it takes is being registered by the antivirus program, because it is effectively the emulator that does the actions based on the code in the file. No code is executed on the real CPU except for the antivirus emulator engine; even the hardware in the simulated PC is emulated.

The issue is not to monitor and stop potentially harmful actions at runtime, the issue is to figure out what the program would have done if it had been allowed to run wild on an unprotected machine, in an unprotected network, even if it is running on a NetWare server, on Linux, OS/2 or DOS.

See our antivirus software chart of the antivirus programs we recently tested, including individual reviews, full specifications, and the latest pricing information.

Get a Free Scan !