计算机反病毒产品及技术的回顾与展望

引言 今年伊始,有关媒体对计算机反病毒产品的市场及技术的发展进行了不同程度的报道,专家们也相继撰文探讨反病毒技术及市场的发展问题。对反病毒市场持积极态度的人士认为反病毒技术及市场将在1995年甚至以后会有大的发展,产品销量将会大幅度增长;对反病毒市场持消极态度的人士认为反病毒市场已经冷却,或不可能有所发展或将逐渐萎缩甚至走向消亡;而对反病毒市场持中立态度的人士认为反病毒市场是一种长期的技术产品市场,会在一定的程度上有所发展,用户对反病毒产品的购买欲望将和反病毒产品出现之初大不相同,反病毒产品市场将逐渐趋于平稳,反病毒厂商在激烈的竞争中将靠自身技术的先进性来争得用户,反病毒技术本身将不断进步。但不论反病毒技术及市场目前如何变化,反病毒技术是否能够跟得上     

刍议计算机反病毒技术的产生、发展和现状

随着计算机病毒越来越猖撅,计算机安全越来越受到人们的重视,计算机反病毒技术也发展得越来越快。论文介绍了计算机反病毒的产生,介绍了当今最新最先进的计算机反病毒技术,有CPU反病毒技术、病毒码扫描技术、实时反病毒技术和虚拟机技术等。     

计算机病毒与反病毒技术研究

随着计算机病毒越来越猖撅,计算机安全越来越受到人们的重视,计算机反病毒技术也发展得越来越快。本文介绍了当今最新最先进的计算机反病毒技术,包括CPU反病毒技术、实时反病毒技术、虚拟机技术和主动内核技术等,并从多个角度探讨了计算机网络反病毒的策略。     

关于反病毒技术的探讨

计算机病毒威胁着网络的安全。本文重点探讨了目前流行的反病毒技术,涉及到软件反毒、硬件反病毒及虚拟机反毒。该文对于解目前常用的反病毒技术及反病毒技术未来的发展趋势有一定的参考意义。     

手工清除计算机病毒的通用原则与实现方法

计算机病毒的出现,对计算机系统的安全运行构成了严重威胁。人们在同计算机病毒的斗争中发展出了各种各样的反病毒方法,可基本归纳为:手工方法、软件方法和硬件方法。这几种方法各有千秋,互相补充构成了现有的反病毒技术基础。 手工方法是一切反病毒方法的基础,是人们了解病毒、认识病毒的基本途径。该方法直接、可靠、时效性好,但同时也存在对人员技术要求较高,不易推广等缺     

常见计算机反病毒技术的分析与研究

随着互联网的普及,计算机病毒采用的新技术不断出现,计算机反病毒技术也不断更新和发展。论文介绍了计算机反病毒技术的产生和发展、当今最常见的几种反病毒技术,并对其优缺点及适用场合进行了分析。     

浅析计算机病毒与反病毒技术

文章首先对计算机病毒作了整体概述,着重写了病毒的危害,在反病毒技术方面,介绍了反病毒技术和工具,并针对国内外反病毒技术现状和网络病毒发展的新趋势,提出了进一步应对措施安装防火墙来保护自己的计算机信息不受外来侵袭.     

基于VxD的防火墙技术分析

许多计算机病毒在被清除之前可能已经对计算机造成了严重危害,解决的方法是采用实时反病毒技术,在病毒入侵时就把它清除掉。通过对VxD技术的分析,介绍了实时反病毒防火墙的技术原理,论述了VxD技术在不同操作系统中防火墙的应用。     

构筑中华信息长城——访北信源自动化技术有限公司总经理林皓

97年中期,正当全国反病毒市场走入低迷的时候,林皓经过长时间的潜心研究,在国内率先提出了独到的实时反病毒概念,并对成功地完成了技术实现,最终形成了当时在国际上领先,在国内是首创的反病毒技术新产品——VRV病毒防火墙。 林皓不无感慨的说:“虽然在短短两年后的今天来看,凡是不具备实时反病毒功能的反病毒产品必将遭到市场的淘汰(如KV300等),但在当时VRV病毒防火墙的推出却引发了业内一波不小的震动。不论当时评价如何,实践是检验真理的唯一标准,时间的推移证明了实时反病毒技术的正确性,也验证了北信源公司在反病毒方面的技术领先性。” 事实上,目前国内的反病毒厂商都普遍采     

计算机病毒与反病毒技术的新动向

本文较为全面地介绍了目前计算机病毒技术的发展新动向及反病毒技术的新发展,提出了未来反病毒技术中需要加强的功能.     

一种监测计算机病毒的方法

在分析32位计算机病毒的编制和运行的基础上，提出对病毒进行自动化分析的观点，并基于面向对象技术进行了实现。改进了手动分析病毒的传统方式，深层理解病毒在宿主内的行为，方便了防毒软件的编写。同时对未知病毒的防治也有积极的意义。     

Antivirus security: naked during updates

The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti‐malware research community, development of techniques for evading detection by antivirus software is an active research area. This has led to malware that can bypass or subvert antivirus software. The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the antivirus software. Increasingly, most of the modern malware are staged ones in order for them to be not detected by antivirus solutions at the early stage of intrusion. The installers then determine the method for further intrusion including antivirus bypassing techniques. Some malware target boot and/or shutdown time when antivirus software may be inactive so that they can perform their malicious activities. However, there can be another time frame where antivirus solutions may be inactive, namely, during the time of update. All antivirus software share a unique characteristic that they must be updated at a very high frequency to provide up‐to‐date protection of their system. In this paper, we suggest a novel attack vector that targets antivirus updates and show practical examples of how a system and antivirus software itself can be compromised during the update of antivirus software. Local privilege escalation using this vulnerability is also described. We have investigated this design vulnerability with several of the major antivirus software products such as Avira, AVG, McAfee, Microsoft, and Symantec and found that they are vulnerable to this new attack vector. The paper also discusses possible solutions that can be used to mitigate the attack in the existing versions of the antivirus software as well as in the future ones. Copyright © 2013 John Wiley & Sons, Ltd.     

基于虚拟机的启发式扫描反病毒技术

在进行深入分析病毒和正常程序的区别基础上,提出对病毒进行启发扫描分析的观点,并基于虚拟机技术进行了实现。改进手动病毒分析的传统方式,深层理解病毒运行机制,方便了防毒软件的编写,同时对未知病毒的防治也具有深远的意义。     

“云安全”检测技术安全性分析

“云安全”检测已成为病毒查杀领域发展的新趋势,为对其在病毒检测过程中的安全性有进一步了解,研究了“云安全”检测体系结构以及主流“云安全”策略,针对某“云安全”检测软件的文件样本提取方式和网络传输数据的特点,分析了检测流程中存在的安全隐患,基于这些安全隐患设计并实现了“云安全”检测的规避方案,针对规避方案提出了防护建议.实验结果表明,“云安全”检测在实际应用过程中仍可能被恶意程序绕过.     

浅析杀毒软件的现状及趋势

随着病毒的破坏力越来越大,杀毒软件成为人们关注的焦点。文章首先从杀毒软件的两个重要产品（单机版和网络版）分析了杀毒软件的发展历程,然后对杀毒软件未来发展趋势提出了本人的观点,认为在杀毒技术上,要变被动为主动;在营销模式上,由收费走向免费。     

由Symantec Antivirus企业版客户端的缺陷引发的思考

本文从Symantec Antivirus企业版客户端杀毒软件对注册表的依赖这一缺陷谈起,描述了更改相应的键值后直接引发软件设置变化的这一缺陷,以及造成的影响,并提出了解决的办法,最后简述了本人对杀毒软件的完善及防毒机制的几点想法。     

基于贝叶斯分类算法的木马程序流量识别方法

针对传统计算机杀毒产品对木马程序识别问题上存在的资源消耗和杀毒滞后问题,结合网络流量的分类算法提取各种应用服务流量的特征属性,文章采用朴素贝叶斯分类算法对网络中木马程序流量进行识别。这种方法可以在一定程度上解决现有计算机杀毒产品资源消耗和杀毒滞后的问题。实验结果表明,对于网络中处在待机状态下的木马程序产生的数据流识别效果明显,只需较少量的训练样本即可获得较高的识别率。     

基于LVS的高性能邮件防病毒系统的研究与实现

本文分析了高性能邮件系统防病毒的需求,在现有邮件防病毒技术的基础上着重研究了邮件防病毒的高性能技术,并提出了在邮件防病毒子系统中引入并发、负载平衡等高性能集群技术来解决防病毒系统与新型高性能邮件系统性能匹配问题的思想。在该思想指导下,实现了基于LVS的高性能邮件防病毒系统。     

Fools Download Where Angels Fear to Tread

Our study illustrates that the risk of getting infected by malware that antivirus protection doesn't detect is alarmingly high. New malware that the antivirus engines don't have signatures for is likely to escape detection by a desktop antivirus solution. Taking precautions while using the Internet can protect users only to a certain extent. If they visit the wrong Web site or download a file infected with 0-day malware, they probably won't be protected from infection. The malware specimens that our antivirus packages didn't detect during our two-week exposure period suggest to us that signature-based antivirus software doesn't provide sufficient protection for users who live on the bleeding edge with respect to where they obtain their software. Coupled with the exponential growth of new malware variants, our findings suggest that antivirus vendors have major problems keeping the signature lag within acceptable limits.     

Testing and evaluating virus detectors for handheld devices

The widespread use of personal digital assistants and smartphones gives securing these devices a high priority. Yet little attention has been placed on protecting handheld devices against viruses. Currently available antivirus software for handhelds is few in number. At this stage, the opportunity exists for the evaluation and improvement of current solutions. By pinpointing weaknesses in the current antivirus software, improvements can be made to properly protect these devices from a future tidal wave of viruses. This research evaluates four currently available antivirus solutions for handheld devices. A formal model of virus transformation that provides transformation traceability is presented. Two sets of ten tests each were administered; nine tests from each set involved the modification of source code of two known viruses for handheld devices. The testing techniques used are well established in PC testing; thus the focus of this research is solely on handheld devices. Statistical analysis of the test results show high false negative production rates for the antivirus software and an overall false negative production rate of 47.5% with a 95% confidence interval between 36.6% and 58.4%. This high rate shows that current solutions poorly identify modified versions of a virus. The virus is left undetected and capable of spreading, infecting and causing damage.