One of the mechanisms used by anti-malware applications is to institute a virtual "sandbox" to isolate suspicious files from the rest of the system while they are quickly analysed for malicious content or behaviour. Creating a sandbox requires the anti-malware software to essentially institute a Virtual Machine - a computer …
so if I run a VM on say Vista of XP with anti-malware (different types) on each OS and run a sand box registry and have firewall and anti virus checker how long till my system will be hacked?
Not all sandboxes emulate
The article is as good as it goes, and indeed a challenge for Norman is that their Sandbox presents a 'wide' target. However, there are vendors on the market (ourselves of course as one good example) that do not emulate but sandbox with native Windows and do not require virtualisation. By running native Windows without virtualisation, we significantly reduce the scope for malware to detect the sandbox or avoid analysis.