Entity

Time filter

Source Type

Bucharest, Romania

Bitdefender is an antivirus software suite developed by Romania-based software company Softwin. It was launched in November 2001, and is in its 18th build version. The 2014 version was launched on June 26, 2013, and it includes several protection and performance enhancements such as Search Advisor, Performance Optimizer and many more features.The Bitdefender products feature anti-virus and anti-spyware, improved Detection, personal firewall, vulnerability scanner, privacy control, user control, and backup for corporate and home users. PC Tuneup and Performance Optimizer are available in the Total Security Suite. In the 2014 version, it had a wallet option to save passwords, a lighter scan and computer performance. Wikipedia.


Described systems and methods allow computer security software to access a memory of a host system with improved efficiency. A processor and a memory management unit (MMU) of the host system may be configured to perform memory access operations (read/write) in a target memory context, which may differ from the implicit memory context of the currently executing process. In some embodiments, the instruction set of the processor is extended to include new categories of instructions, which, when called from outside a guest virtual machine (VM) exposed by the host system, instruct the processor of the host system to perform memory access directly in a guest context, e.g., in a memory context of a process executing within the guest VM.


Described systems and methods enable a host system to efficiently perform computer security activities, when operating in a hardware virtualization configuration. A processor is configured to generate a VM suspend event (e.g., a VM exit or a virtualization exception) when software executing within a guest VM performs a memory access violation. In some embodiments, the processor is further configured to save disassembly data determined for the processor instruction which triggered the VM suspend event to a special location (e.g., a specific processor register) before generating the event. Saved disassembly data may include the contents of individual instruction encoding fields, such as Prefix, Opcode, Mod R/M, SIB, Displacement, and Immediate fields on Intel platforms.


Described systems and methods enable a host system to efficiently perform computer security activities, when operating in a hardware virtualization configuration. A processor is configured to generate a VM suspend event (e.g., a VM exit or a virtualization exception) when a guest instruction executing within a guest VM performs a memory access violation. In some embodiments, the processor is further configured to delay generating the VM suspend event until the execution stage of the pipeline for the guest instruction is complete, and to save results of the execution stage to a specific location (e.g. a specific processor register readable by security software) before generating the event.


Described systems and methods allow protecting a host system, such as a computer system or smartphone, from malware such as viruses, exploits, and rootkits. In some embodiments, a hypervisor executes at the highest processor privilege level and displaces other software to a guest virtual machine (VM). A security application detects the launch of a target process within the guest VM. In response to the launch, the hypervisor instantiates a process VM isolated from the guest VM, and relocates the target process to the process VM. In some embodiments, when the relocated target process attempts to access a resource, such as a file or registry key, an instance of the respective resource is fetched on-demand, from the guest VM to the respective process VM. Executing the target process within an isolated environment helps to contain malware to the respective environment.


Patent
BitDefender | Date: 2015-07-23

In some embodiments, an anti-malware system accounts for benign differences between non-malicious data objects, such as differences introduced by compilers and other polymorphisms. A target object is separated into a multitude of code blocks, and a hash is calculated for each code block. The obtained set of target hashes is then compared against a database of hashes corresponding to code blocks extracted from whitelisted objects. A target object may be labeled as whitelisted (trusted, non-malicious) if it has a substantial number of hashes in common with a whitelisted object. Objects which are slightly different from known whitelisted objects may still receive whitelisting status. By allowing a certain degree of mismatch between the sets of hashes of distinct objects, some embodiments of the present invention increase the efficiency of whitelisting without an unacceptable decrease in safety.

Discover hidden collaborations