一句话，让我惊呆了，LiveGrid成为神话了，还是LiveGrid被误解？小谈：ESET LiveGrid

驭龙

今天我看到样本区的一句话,我顿时惊呆了,原话如下,看起来很多人都不是十分了解LiveGrid啊,好吧,今天我来小说一下.

eset的云上面的文件一般就是经过分析师测试后才加入eset云的

首先ESET 的LiveGrid分为多部分：

第一部分原始的ThreatSense.net，这部分是用户提交样本由ThreatSense实验室工程师人工分析。之后发布特征库更新。

另一部分是文件信誉，对比全球ESET用户的系统上的可执行文件情况，收集文件信誉，创建黑白数据库，这一部分是自动化的处理，不是人工，因为没有任何公司使用人工处理文件信誉，那是不可能完成的，只有自动化系统无法分析的情况下，才有可能人工参与分析。

还有一部分是黑白数据库，就是黑白名单，信誉差的文件有可能拉入黑名单，信誉高的文件放在白名单，目前不清楚LiveGrid是否采用诺顿的那种Insight高级算法分析，个人觉得应该不会仅仅是以文件流行程度区分信誉度，不然就太简单了。

还有在LiveGrid中黑名单里的文件，如果被确认为威胁文件，ESET会直接提取特征码，发布特征库更新。

好了，今天就先说这些，等明年我回归以后，送上详细的介绍和小评测

对了，我附上ESET LiveGrid的官方原文简介。

Built on ThreatSense.NET® advanced early warning system, ESET LiveGrid® utilizes data that ESET users have submitted worldwide and sends it to ESET's Virus Lab. ESET Virus Lab specialists then use the information to build an accurate snapshot of the nature and scope of global threats in order to release relevant updates to our virus signature database, keeping ESET adaptive to the latest threats.

Moreover, it implements a reputation system that helps to improve the overall efficiency of our anti-malware solutions. When an executable file or archive is being inspected on user’s system, its hash tag is first compared against a database of white- and blacklisted items.

If it is found on the whitelist, the inspected file is considered clean and also flagged to be excluded from future scans. If it is on the blacklist, appropriate actions are taken – based on the nature of the threat. Only if no match was found, the file is scanned thoroughly. Based on results of this scan the file becomes a candidate to extend the corresponding list. This approach has a significant positive impact on scanning performance.

This reputation system allows for effective detection of malware samples even before their signatures are delivered to user’s computer in via updated virus database (which happens several times a day).

笑红尘自古多情

ESET7...进步不怎么大...那个托盘图标..不想吐槽了...

驭龙

笑红尘自古多情 发表于 2013-11-19 13:25
ESET7...进步不怎么大...那个托盘图标..不想吐槽了...

其实ESET V7的三大新技术，还是非常震撼的，呵呵

Exploit Blocker

Exploit Blocker is designed to fortify often exploited application types on users’ systems, such as web browsers, PDF readers, email client or MS office components. It adds another layer of protection by using a completely different technology, compared to techniques focusing on detection of malicious files themselves...

Instead, it monitors behavior of processes and watches for suspicious activities that are typical for exploits. When triggered, the suspicious behavior is analyzed and the threat might be blocked immediately on the machine. Certain suspicious activities are processed further in our cloud systems, which gives Exploit Blocker the potential to protect users against targeted attacks and previously unknown exploits, so called zero-day attacks.

Related products - Exploit Blocker Technology is used in:

    ESET Smart Security
    ESET NOD32 Antivirus

    Hide

Advanced Memory Scanner

Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen the protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation or/and encryption. This causes problems with unpacking and might pose a challenge to bypass for ordinary anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective infection prevention even from heavily obfuscated malware.

Related products - Advanced Memory Scanner Technology is used in:

    ESET Smart Security
    ESET NOD32 Antivirus

    Hide

Vulnerability Shield

Vulnerability shield is an extension of firewall and improves detection of Common Vulnerabilities and Exposures (CVE’s) on the network level.

By implementing detections for CVE’s of widely used protocols, such as SMB, RPC and RDP, it constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitations of vulnerabilities for which a patch has not been released or deployed yet.
Related products: Vulnerability Shield is used in

    ESET Smart Security

笑红尘自古多情

驭龙 发表于 2013-11-19 13:35
其实ESET V7的三大新技术，还是非常震撼的，呵呵

Exploit Blocker

ESET最新7版 在我的win8.1 32位 企业版 无法安装....

新技术的威力还等后面时间来验证...

别像avast8一样 喊得响亮，实际上是睁眼瞎...

dalianjhc1986

算了 不想多说 是我的问题

驭龙

笑红尘自古多情 发表于 2013-11-19 13:38
ESET最新7版 在我的win8.1 32位 企业版 无法安装....

新技术的威力还等后面时间来验证...

其实这次V7重要的改进是抵御活动威胁的，正常使用根本无法发现，有一点跟DrWeb 的DPH类似，不过我系统上有虚拟机，所以一直没有玩ESET 7，明年在虚拟机里玩一会儿，测试一下，哈

wwdboy

支持一下

此前此后

企业版什么时候更新呀，听说7有一个版本能在server系统上安装？

驭龙

此前此后 发表于 2013-11-19 22:44
企业版什么时候更新呀，听说7有一个版本能在server系统上安装？

这个我还真的不清楚，毕竟企业版追求的是稳定