The main thrust of the article is that Blink will be able to find and detect brand-new viruses by running suspect programs in a virtual machine and observing their behavior:
The Norman SandBox, Maiffret described, is a fast, stand-alone virtual machine, which tests the code of executables to see whether they’ll do interesting things, such as changing the Windows System Registry startup keys, or some very interesting things, such as connect to an IRC chat server somewhere in Russia.
Rather than scan everything all the time, however, the new Blink will scan newly discovered executables, and may perhaps rescan them if, for instance, their patterns or file size appears to have changed. But if it’s the same executable, by default, Blink will only scan it once.
This story is only available to subscribers.Don’t settle for half the story.
Subscribe now Already a subscriber? Sign in
Get paywall-free access to technology news for the here and now.