新品上市

卡巴斯基Mac反病毒软件登录中国 卡巴斯基Mac反病毒软件于7月20日正式在中国市场发售,以保护中国Macintosh计算机用户免遭恶意软件威胁。卡巴斯基Mac反病毒软件可保护家庭或企业网络免遭Mac操作系统平台下病毒及多种网络威胁的侵害,并能消除Windows和Linux操作系统下的类似威胁。     

“超级巡警”——KV200的使用

近年来，在我国的反病毒产品市场上，国内外优秀的各种反病毒产品纷纷涌现，形成防病毒卡等硬件产品和杀病毒软件共存的局面。在我国国产的杀病毒软件产品中，公安部的KILL系列杀病毒软件和KV200查解病毒软件等均为计算机用户喜爱的杀病毒软件。KV200查解病毒软件是KV100查解病毒软件的最新版本，在保留了KV100的全部性能优点外，还采用了新的技术，增加了新的功能。KV200采用独特的开放式系统，用户自己可以抽取新病毒的特征码或在有关专业报刊上获取新病毒的特征码来扩充病毒数据库。同时用户还可以自己增加杀毒代码或在有关专业报…     

金山打出50元促销牌

“我们思考、准备了很长时间,在杀毒软件市场技术和服务趋于同质化的今天,这个举动意义巨大”,9月11日,金山公司毒霸事业部总经理王峰一席话引出金山软件为期50天的大型促销活动:个人防病毒软件金山毒霸和个人网络防火墙金山网镖的最新版本《金山毒霸2003》和《金山网镖2003》将以50元的价格销售。活动     

常见计算机病毒的防治

计算机病毒是一种有害程序,它破坏计算机系统资源,造成用户文件的损坏或丢失,甚至使计算机系统瘫痪,反病毒软件是对计算机系统软件进行修复,本文介绍了计算机病毒的特点以及反病毒软件的使用等,以保障计算机系统安全运行。     

安全 趋势科技防毒墙网络版OfficeScan

卡巴斯基互联网安全套装7．0单机版中，产品除了包含反病毒软件7．0所有功能外，还添加了更具针对性的安全保护技术。它在反病毒软件7．0的基础上，内置了个人防火墙，为计算机防御入侵和数据泄漏提供新一代保护；而个人防火墙使用IDS／IPS技术来监控网络活动，防止黑客控制用户的计算机或者窃取数据；     

趣闻内幕

大骗局：微软最近收购了罗马尼亚的一家反病毒软件公司GeCAD。于是获得了该公司的主要开发工程师。这一行动的直接后果是使RAV系列反病毒软件退出了市场这使得Linux用户们深感不安,因为RAV是Linux上最主要的反病毒软件。根据一个报告的说法,微软将使用GeCAD的工程师采开发新产品     

软硬结合 共铸坚固的PC

精英集团及其在国内唯一总代理讯怡公司和金山公司宣布双方结成战略合作伙伴 ,精英主板将全面捆绑金山公司反病毒软件－金山毒霸,双方本着为用户提供一个良好的工作环境的原则,从产品到市场进行全方位的合作,这是全球最大的主板厂商与中国反病毒软件企业最大的一次合作。     

KILL98网上自动升级

为了加强网络用户对计算机病毒的安全防范,北京冠群金辰软件有限公司于1月20日在公安部小礼堂举行了“KILL98主动服务系统开通仪式”。该主动服务系统的开通旨在为广大KILL98用户,提供全新的网上安全信息服务。该项服务是将网络发展的新技术引入KILL98售后服务体系,是信息安全领域首创的一种全新的服务模式,通过Internet网络KILL98可为用户提供网络产品的快速升级服务,同时又可以为用户提供计算机反病毒技术的重要信息。     

让PPTV不再占用网络资源

正相信有不少用户在使用PPTV网络视频软件时,都会发现系统进程中驻留着名为ppap.exe的PPTV后台服务进程,此项服务进程总是在后台默默占据着用户的网络资源。这样的做法对于P2P在线视频播放软件其实也属于正常现象,如果没有海量用户上传流量,软件是无法做到流畅播放。     

似毒非毒怎么办?

在清除计算机病毒的过程中,有些类似计算机病毒的现象纯属由计算机软件故障引起,同时有些病毒发作的现象又与某些软件故障类似,如引导型病毒等。这给用户造成了很大的麻烦,许多用户往往在用各种查解病毒软件查不出病毒时就去格式化硬盘,这样做不仅影响了硬盘的寿命,而且还不能从根本上解     

计算机病毒与反病毒检测系统技术分析

针对计算机被病毒感染和破坏造成严重损失,在分析了计算机病毒的特征和反病毒检测系统技术的基础上,提出了一种高效的病毒特征检测机制.首先,例举先进的反病毒技术有实时扫描技术,启发式代码扫描技术,虚拟机技术和主动内核技术等;然后,分析了二进制可执行病毒脚本病毒和宏病毒的特征提取技术,设计出一个简单蜜罐系统来获取病毒样本;其次,为了解决特征代码不能检测未知病毒的问题,对引擎做了改进,提出了一种融合AC自动机匹配算法和BM算法的ACBM多模式匹配算法.算法在匹配病毒特征时,具有效率高,速度快和准确度高的特点,以特征代码法为基础杀毒软件是病毒检测系统是下一步研究目标.     

数字签名验证技术应用探究

在病毒动不动就伪装成系统文件的今天,鉴别工作让人费神费力,如何快速鉴别有害程序成为关注焦点。本文介绍了数字签名验证技术,阐述了笔者利用微软的签名验证原理,开发了一款针对系统中的可疑进程、驱动、服务和文件进行快速、准确地勘察工具。     

Comparing files using structural entropy

One of the main trends in the modern anti-virus industry is the development of algorithms that help estimate the similarity of files. Since malware writers tend to use increasingly complex techniques to protect their code such as obfuscation and polymorphism, anti-virus software vendors face problems of the increasing difficulty of file scanning, the considerable growth of anti-virus databases, and file storages overgrowth. For solving such problems, a static analysis of files appears to be of some interest. Its use helps determine those file characteristics that are necessary for their comparison without executing malware samples within a protected environment. The solution provided in this article is based on the assumption that different samples of the same malicious program have a similar order of code and data areas. Each such file area may be characterized not only by its length, but also by its homogeneity. In other words, the file may be characterized by the complexity of its data order. Our approach consists of using wavelet analysis for the segmentation of files into segments of different entropy levels and using edit distance between sequence segments to determine the similarity of the files. The proposed solution has a number of advantages that help detect malicious programs efficiently on personal computers. First, this comparison does not take into account the functionality of analysed files and is based solely on determining the similarity in code and data area positions which makes the algorithm effective against many ways of protecting executable code. On the other hand, such a comparison may result in false alarms. Therefore, our solution is useful as a preliminary test that triggers the running of additional checks. Second, the method is relatively easy to implement and does not require code disassembly or emulation. And, third, the method makes the malicious file record compact which is significant when compiling anti-virus databases.     

刍议计算机反病毒技术的产生、发展和现状

随着计算机病毒越来越猖撅,计算机安全越来越受到人们的重视,计算机反病毒技术也发展得越来越快。论文介绍了计算机反病毒的产生,介绍了当今最新最先进的计算机反病毒技术,有CPU反病毒技术、病毒码扫描技术、实时反病毒技术和虚拟机技术等。     

Novel active learning methods for enhanced PC malware detection in windows OS

The formation of new malwares every day poses a significant challenge to anti-virus vendors since antivirus tools, using manually crafted signatures, are only capable of identifying known malware instances and their relatively similar variants. To identify new and unknown malwares for updating their anti-virus signature repository, anti-virus vendors must daily collect new, suspicious files that need to be analyzed manually by information security experts who then label them as malware or benign. Analyzing suspected files is a time-consuming task and it is impossible to manually analyze all of them. Consequently, anti-virus vendors use machine learning algorithms and heuristics in order to reduce the number of suspect files that must be inspected manually. These techniques, however, lack an essential element – they cannot be daily updated. In this work we introduce a solution for this updatability gap. We present an active learning (AL) framework and introduce two new AL methods that will assist anti-virus vendors to focus their analytical efforts by acquiring those files that are most probably malicious. Those new AL methods are designed and oriented towards new malware acquisition. To test the capability of our methods for acquiring new malwares from a stream of unknown files, we conducted a series of experiments over a ten-day period. A comparison of our methods to existing high performance AL methods and to random selection, which is the naïve method, indicates that the AL methods outperformed random selection for all performance measures. Our AL methods outperformed existing AL method in two respects, both related to the number of new malwares acquired daily, the core measure in this study. First, our best performing AL method, termed “Exploitation”, acquired on the 9th day of the experiment about 2.6 times more malwares than the existing AL method and 7.8 more times than the random selection. Secondly, while the existing AL method showed a decrease in the number of new malwares acquired over 10 days, our AL methods showed an increase and a daily improvement in the number of new malwares acquired. Both results point towards increased efficiency that can possibly assist anti-virus vendors.     

计算机病毒防护的软件措施分析

在计算机、网络的日常维护中,应该确定良好的软件使用和操作习惯,实行有效的杀毒防毒软件搭配措施,从而充分发挥软件杀毒防毒的最优功能。本文将通过对计算机病毒防护软件使用过程中应注意的问题说起,介绍了计算机病毒防护软件搭配使用的具体措施,从而推出了一个具体的搭配方案。     

反病毒引擎及特征码自动提取算法的研究

随着网络的广泛普及,计算机病毒带来的安全威胁日趋严重.提出了一种反病毒引擎的设计方案,该设计采用3种特征码格式(MD格式、两段检验和格式、字符串格式).同时,又提出了针对VB应用程序的病毒特征码自动提取算法.最后通过实验1对这3种特征码格式进行了性能比较,通过实验2对自动提取算法的有效性和准确性进行了验证.     

如何防范和清除U盘病毒

随着USB设备的普及应用,U盘病毒的威胁必将长期存在。为了有效防范和清除U盘病毒,需要分层次使用不同的方法,包括关闭系统自动播放功能、手动创建autorun.inf文件、设置U盘为不可写状态、综合运用通用型杀毒软件与专用型杀毒软件等,本文对这些技巧进行了简要介绍。     

An intelligent PE-malware detection system based on association mining

The proliferation of malware has presented a serious threat to the security of computer systems. Traditional signature-based anti-virus systems fail to detect polymorphic/metamorphic and new, previously unseen malicious executables. Data mining methods such as Naive Bayes and Decision Tree have been studied on small collections of executables. In this paper, resting on the analysis of Windows APIs called by PE files, we develop the Intelligent Malware Detection System (IMDS) using Objective-Oriented Association (OOA) mining based classification. IMDS is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier. An OOA_Fast_FP-Growth algorithm is adapted to efficiently generate OOA rules for classification. A comprehensive experimental study on a large collection of PE files obtained from the anti-virus laboratory of KingSoft Corporation is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our IMDS system outperform popular anti-virus software such as Norton AntiVirus and McAfee VirusScan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine (SVM) and Decision Tree techniques. Our system has already been incorporated into the scanning tool of KingSoft’s Anti-Virus software. A short version of the paper is appeared in [33]. The work is partially supported by NSF IIS-0546280 and an IBM Faculty Research Award. The authors would also like to thank the members in the anti-virus laboratory at KingSoft Corporation for their helpful discussions and suggestions.     

计算机病毒检测工具的实现

病毒检测是计算机安全领域的重要技术之一,是反病毒技术的核心。利用病毒检测技术便于发现计算机系统是否受到安全威胁,同时也可以及时通告用户做好病毒防范措施,本文设计实现了一个对该病毒的检测工具。