Virtual Machine Protection Technology and AV Industry

Statistics show that about 80% malwares are protected by one or more kinds of so-called packers. Virtual Machine technology radically subverts the idea that packed executables must transform them into their unpacked state, sooner or later, to make themselves run normally because partial or all original instructions have been replaced with virtualized instructions series that are parsed, interpreted and executed when the program is run.
The complicated implementation mechanism makes VM protection system possess anti-emulation ability naturally because a complicated VM can exhaust the resources of an emulator easily. Even not, the time to emulate a sample packed by a VM protection system is often too long to tolerate, especially for on-access scan. The paper discusses how the prevalence of packers with VM technology will affect the AV industry that may have to face changes in some areas, including research direction, evaluation standards etc.
Zhenxiang Jim Wang has several books and more than 60 papers published. He specializes in reverse engineering technology, static unpacker development and virtual machine protection technology research, etc. He joined Microsoft in 2007. In 2004, he was interviewed by Programmer, a famous Chinese computer magazine, to talk about the assembly language education and reverse engineering based on his experiences.