It happens that RayLopez99 formulated :
> On Friday, November 27, 2015 at 9:37:12 AM UTC+8, FromTheRafters wrote:
>  
>
> I thank you for the "repo" link; it suggested a lot.
>
> I also code for fun (I do demos of stuff that I want built, then generally 
> hand it over to professional programmers; C# is my language), and I'm amazed 
> at how much faster an optimized program is over a non-optimized program 
> (10-100x, and I do try and optimize code). 
>
> So my next question is:  how do AV scanners scan so fast?  Do they have a 
> special "emulator sandbox" that will try and 'run' a suspected piece of 
> malware?  I doubt it, since if so, the virus writer will defeat such emulator

> by simply introducing delay into their malware, such as by having the malware

> 'wait' 5 seconds before doing anything; this will defeat an emulator sandbox 
> since time is of the essence and time = money, so no time can be wasted by AV

> companies.  

Essentially, yes. Add to that the armoring of a virus or other malware 
which is not so much to evade automatic detection by AV software, but 
to make the malware reverse engineering task more difficult. It makes 
their 'zero-day' last longer.

If you're not tired of reading yet:

http://www.symantec.com/connect/articles/who-goes-there-introduction-access-vir
us-scanning-part-two
--- NewsGate v1.0 gamma 2