查看: 2012|回复: 6

[一般话题] Customer-focused prioritization

发表于 2013-1-9 23:22:18 | 显示全部楼层 |阅读模式
本帖最后由 飞霜流华 于 2013-1-10 03:15 编辑


微软恶意软件保护中心 (MMPC)的指导思想是保证每一位客户的安全。我们的研究团队和自动化的系统无时无刻不在努力实现这一愿景。

攻击者正在研究的威胁数量在持续增加。例如,上月我们收集和分析了 2000 万个新的潜在的恶意软件文件。这些文件中的百分之六被列为恶意软件。在这6%中,通过检测超过100000 个文件来提取出的新的特征码——这些都被用来尽可能快地保护尽可能多的客户。这些新的签名可阻止300万客户感染 400 万独特恶意软件文件,同时我们现有的签名保护另外的 1100 万客户免受 7200 万文件感染。

我们的自动化的系统处理许多提交给 MMPC的样本并自动添加为新的恶意软件签名。为防范更多的既定恶意软件家族,我们的技术人员需要深入研究和克服这类软件用来逃避我们的保护的新技术。Dorkbot 就是这类软件的一个示例。上个月我们保护 729,000个客户防止被 Dorkbot 感染 。但是,如果我们没有分析最新的传入文件和写 361 新签名速度不够快,我们的70,000客户将曾因为Dorkbot的规避检测而受感染。

为了保护尽可能多的客户,尽快优先分析2000 万新文件是每个月我们面临的巨大挑战。

我们的优先次序策略是以客户为导向的。随后,我们依靠超过 10 亿客户的计算机数据,以确定恶意软件的影响,并且数以百万计的客户计算机已登记,帮助我们收集和确定新的恶意软件。因为我们可以清楚地看到哪些恶意文件正在影响我们的客户,因此我们能够根据现实世界中恶意软件的流行率和影响程度确定我们响应进程的优先级。




Dennis Batchelder

原文:http://blogs.technet.com/b/mmpc/ ... prioritization.aspx

Customer-focused prioritization

Our guiding vision at the Microsoft Malware Protection Center (MMPC) is to keep every customer safe from malware. Both our research team and automated systems work around the clock in an effort to achieve this vision.

The volume of threats that attackers are developing continues to increase. For example, last month we collected and analyzed 20 million new potential malware files. Six percent of these files were classified as malware. From that six percent, just over 100,000 files resulted in the development of new signatures to detect these files - all to protect as many customers as possible and as quickly as possible. These new signatures prevented three million customers from getting infected by four million unique malware files, while our existing signatures protected an additional eleven million customers from 72 million files.

Our automated systems process many samples submitted to the MMPC and automatically add signatures for new malware. For more established malware families, our researchers need to look deeper and overcome the new techniques the family is using to evade our protection. Dorkbot is an example of one such family. Last month we protected 729,000 customers from Dorkbot infections; however, if we didn’t analyze the latest incoming files and write 361 new signatures fast enough, 70,000 of our customers would have been infected by Dorkbot’s evasions.
Prioritizing the analysis of 20 million new files each month, in order to protect as many customers as quickly as possible, is a huge challenge for us.

Our prioritization strategy is customer-focused. Subsequently, we rely on data from over a billion customer computers to determine malware impact, and hundreds of millions of customer computers have enlisted to help us identify and gather new malware files. Because we can clearly see which malicious files are affecting our customers, we are able to prioritize our response process by using real world measurements for prevalence and impact.

The anti-malware industry has a long-established system for sharing collected malware files. We analyze these files in order to fine-tune our own sensors, and we may even write signatures when we believe they will protect our customers against threats they haven’t yet seen. We use a customer impact evaluation process that queries our sensors to look for similar malicious files across the ecosystem to help us make that determination.

As proactive and effective as this customer-focused prioritization approach has been, there have been infrequent occasions when we had to remediate an infection because a new signature didn’t reach our customers in time to block it. For example, last month this impacted a fraction of one percent of our customers. Although we are proud of the protection service level we do provide, we are constantly striving for better results by fine-tuning our systems and sensors, and continuing to invest in automation and cloud-based technologies that allow us to deploy the latest protection to our customers even faster.

We realize that the way we prioritize our protection may not always align with how the independent anti-virus product testers measure our effectiveness. We believe that adhering to a customer-focused prioritization process allows us to protect and keep our customers safe.

Dennis Batchelder
Partner Program Manager
Microsoft Malware Protection Center



参与人数 2人气 +2 收起 理由
柳生月如 + 1 摸死鹅
驭龙 + 1 唉!你也要离MSE区而去,MSE区咋办?


发表于 2013-1-9 23:24:30 | 显示全部楼层

发表于 2013-1-10 01:39:17 | 显示全部楼层


参与人数 1人气 +1 收起 理由
柳生月如 + 1 版区有你更精彩: )


发表于 2013-1-11 00:10:38 | 显示全部楼层


参与人数 1人气 +1 收起 理由
柳生月如 + 1 擦,色A居然卖萌


 楼主| 发表于 2013-1-11 20:40:24 | 显示全部楼层
solstice1988 发表于 2013-1-11 00:10

发表于 2013-1-11 20:44:55 | 显示全部楼层
飞霜流华 发表于 2013-1-11 20:40

 楼主| 发表于 2013-1-12 19:02:42 | 显示全部楼层
solstice1988 发表于 2013-1-11 20:44

您需要登录后才可以回帖 登录 | 快速注册


手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-11 09:00 , Processed in 0.130200 second(s), 17 queries .


快速回复 客服 返回顶部 返回列表