In association with heise online

05 February 2009, 12:06

New VIPRE fangs

An interview with Sunbelt CEO Alex Eckelberry

Dj Walker-Morgan

heise Security UK got a chance to talk with Alex Eckelberry, CEO of Sunbelt Software about its newest weapon in the battle against malware and what Windows 7 and Morro mean to anti-Malware and anti-virus vendors.

heise Security UK: You're in London launching VIPRE (Virus Intrusion Protection Remediation Engine) and VIPRE Enterprise, Sunbelt Software's anti-malware solutions, in the UK. Now, you make a lot of claims about your higher performance virus and malware technology, so I'd like to ask you what makes VIPRE different?

Alex Eckelberry: Fundamentally, we didn't expect to be an anti-virus company 4 or 5 years ago. It was actually a total accident. What happened was we released this anti-spyware product, CounterSpy and it was very successful. We were surprised, but we knew that the success was going to be short-lived because, guess what, all the AV companies were going to catch up and they were going to come up with their own anti-virus products with anti-spyware.

So we though that it was just a short-lived opportunity and that we would need to come up with a combined solution. So we did really what everyone else did; we went out to Eastern Europe and licensed an anti-virus engine that we would bundle in with the anti-spyware engine. We would have two engines combined with each other, so you would have anti-virus and anti-spyware and "Bob's your uncle", right? And everyone did this; it was the cheapest way to do it. We actually prototyped this thing, but we never shipped it, because it was disappointing.

hS: In what way?

Alex Eckelberry, Sunbelt Software CEO
Alex Eckelberry, Sunbelt Software CEO
AE: You can't put two four cylinder engines together and try to make a V8, you actually have to design something from scratch. We really felt we could do something that was better, and the reason was that we would bring an approach that was more relevant to today's threats like spyware as opposed to viruses, and the spyware engine is totally different to a virus engine, the anti-spyware engine is a system cleaner, it just goes through and pounds the machine to pieces and pulls out 5000 registry keys and hundreds of files and all this junk, there's so much junk in today's infestations, whereas a virus engine is very surgical and goes through and carefully pulls out pieces of a file, so the 2 philosophies are different, and if you can combine the two so that you would get the viruses, but you would also have this sort of system cleaner approach, you would have a very interesting product. The other thing we observed is that AV engines have gotten to the point of, say like the American car companies in the 1970s, where they just kept adding cool tail fins and chrome, but the performance metrics weren't improving, they really weren't. We were seeing that users were un-installing the anti-virus products because they just didn't, they'll risk getting infected because the performance penalty was so large.

hS: So how did you approach combining the two tasks?

AE: We said let's do something totally new ... we're going to make a new engine that is cross-compilable. That is, first of all it's a win32 engine, cross-compilable into Linux, cross-compilable into Mac. Make something that's a highly portable AV engine, but have obviously different customisations, basically modifiers for different OSs and make something that's runnable on the gateway, but also runnable on the client, one single platform for all these things, as opposed to having one engine that's very client specific and other engine that's very gateway specific. We spent a couple of years doing that and millions of dollars, millions of dollars of investment, dozens of programmers working on it, recruiting people from other anti-virus companies aggressively, we brought a lot of people on from Trend and Panda, some of the good internal guys.

Next: The unpacker problem

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit