查看: 19120|回复: 70
收起左侧

[分享] 简译Avira Protection Cloud官方白皮书

  [复制链接]
欧阳宣
头像被屏蔽
发表于 2014-10-3 17:46:58 | 显示全部楼层 |阅读模式
本帖最后由 欧阳宣 于 2014-10-3 17:49 编辑

http://bbs.kafan.cn/forum.php?mod=redirect&goto=findpost&ptid=1773402&pid=32823949

http://www.avira.com/files/for-business/Whitepaper_ProtectionCloud_EN.pdf

把pdf下载下来了看看,还是翻译下吧,让更多人了解红伞的技术进步。






1.Introduction
        1.1.Why the Protection Cloud?
        1.2.What is the Avira Protection Cloud?
        1.3.How Does the Avira Protection Cloud work?


2. Key Advantages of the Avira Protection Cloud
        2.1. Community Intelligence
        2.2. Real-time Updates
        2.3. Detection Protection
        2.4. Lightweight Profile


3. Benefits at-a-glance


4. FAQ








1. Introduction-简介



While the concept of cloud computing is familiar to many, the Avira Protection Cloud represents a different approach to internet security. Therefore, Avira has
developed this document to help familiarize you with the next generation of internet security – the Avira Protection Cloud (APC).
随着云计算的概念为人们所熟知,APC展现了对网络安全的全新实现方式。因此,Avira发表这篇文档,以让人们了解下一代网络安全方案——Avira防护云(APC)。


We will start with a brief introduction of the Avira Protection Cloud and then move on to its fundamental segments. Afterwards, we will highlight the advantages of this new platform and finally we will end by answering some frequently asked questions.
我们先从APC的简要介绍开始,然后进入基础介绍。然后我们将概括新平台的优点,最后解答一些常见的问题。



1.1 Brief Introduction-简要介绍


The Avira Protection Cloud began with a question; how can users protect themselves from malware when hackers and malware authors are evolving at a frightening rate? Each day, hundreds of thousands of new bits of malware are developed and released into the wild. Trojans lay waiting in email attachments. Rootkits sabotage the tools designed to defeat them. Adware leads to annoying and potentially unsafe popups and keyloggers record passwords.
APC发端于一个疑问:在软件破解与侵入以恐怖的速度增长的情况下,用户该如何保护自己免受恶意软件危害?每天有几十万种新的恶意软件被编写和传播。木马潜伏在邮件附件里。rootkits直接攻占了本应消灭它们的工具。广告软件推送着无语甚至可能有害的弹窗,还有记录着密码的键盘记录器。




In the past, PC security was a straightforward affair. Antivirus software developed reactive measures that provided enough time to react to new viruses. However,hackers and malware authors improved their skills as well, and soon a competition between hackers and antivirus programs emerged. Like an arms race, it was a vicious cycle, each side trying to outperform theother.
在过去,解决PC安全是一种简单粗暴的事。杀毒软件的针对性措施有足够时间来应对病毒的变化。但是病毒作者与破解者也在变得牛逼起来。很快一场在破解者与杀软之间的竞赛开始了。如同军备竞赛一样,这是一个无尽的循环,双方都想超越对方。


Hackers attacked with viruses and security experts built massive virtual walls to keep them out. In response, hackers simply kept attacking the program until they found a way through the wall. When they did, security experts responded by making the virtual wall thicker and taller. In response, malware authors simply probed these new antivirus defenses again until they found another weak spot. Then security experts were forced to build yet another wall, which of course the hackers would eventually defeat. Day in and day out, hackers and security experts were locked in a struggle to stay one step ahead of each other.
破解者以病毒发起攻击,而安全工作者建起了虚拟的高墙。病毒作者不停发起攻击直到找到墙的某个漏洞为止。安全专家对此的回应是不停加高加厚这堵墙。病毒作者于是又直接探查这新的反病毒措施直到发现下一个漏洞。于是砖家们只能建起另一座墙,而这座墙最终也会被破解。日复一日,专家和病毒作者陷入了一场只为领先一步的纠缠中。


For many years, this model of reactive defense was the cornerstone of successful internet security. However, this approach was not sustainable. Ever-increasing security measures simply weighed a PC down, consuming valuable resources that were better spent on computing tasks. Users needed smarter protection. More recently, a new challenge has emerged outright cyber warfare waged by experienced professionals. Today, hacking is no longer the work of lone individuals writing malware for their own mischievous entertainment. There are organizations that specialize in consumer and private espionage, data theft, identity theft, money laundering and all manners of internet fraud and blackmail-and they are good at what they do.
许多年以来,这种被动防御的模式成为了成功网络安全的基石。但是这不是一种可持续的模型。逐渐增加的安全措施拖慢了计算机,占用了本应用作PC里其它用途的计算资源。用户需要一种更智慧的保护。最近以来,安全专家的虚拟作战出现了新的挑战。今天,破解和做免杀不再是个人的莫名其妙的娱乐行为。一种针对消费者的专门进行隐私揭露,偷取信息,窃取身份等等恶意活动的组织已经出现——而他们确实擅长于此。


The major difference is that this new generation of hackers now has access to the same antivirus programs as the users. Once they posses the actual antivirus product for themselves, writing a new malicious code becomes easier.They simply use an automated process to test their codes until they find a particular permutation that gets through the wall.  Therefore, thicker walls are no longer the answer. Simply placing PCs behind massive Firewalls and filling them full of cutting-edge malware detection only defends users against known threats. A new way of thinking about antivirus was needed and it is precisely in this environment that the Avira Protection Cloud was born.
最大的区别在于这种全新的破解与普通用户一样能够得到最新的杀软。只要他们能得到安全软件本身,做免杀就变得很容易了。他们只需要自动化地测试代码,直到发现墙的新漏洞就可以了。因此,更厚的墙就不管用咧。部署防火墙和最新的反病毒防护也只能让用户免受已知威胁的危害。我们需要一种对反病毒的全新思维,而APC就是为此而生。

1.2 What is the Avira Protection Cloud?-APC是什么

The Avira Protection Cloud is a global, online cloud-based system that provides lightweight and state of the art file-classification in realtime. It is a round-the-clock, intelligent internet security system distributed across multiple data centers. In more simple terms, the APC is a global network of PCs all feeding into an online file definition database. These files are classified using state of the art algorithms and systems and then made available to users in real time. The result is a fast, lightweight, highly responsive and very reliable antivirus platform.
APC是一个全球的在线云系统,提供轻量而尖端的实时文件分析。它是一个被部署在多个数据中心间的快速响应智能网络安全体系。拿人话来说,APC是一个由接入了在线特征库的计算机组成的全球网络。文件被通过精密的算法和系统分析,然后结果被实时推送给用户。这是一个快速,轻量,响应度极高而且十分可靠的反病毒平台。

1.3 How Does the Avira Protection Cloud Work?-APC如何工作?

The Avira Protection Cloud process begins when a single APC-protected PC, located anywhere in the world, accesses an unrecognized file. When this occurs, the user receives an alert and the Avira Protection Cloud process automatically swings into action.
APC的流程开始于任何一台连入APC的计算机在发现一个未知文件的时候。此时用户会收到提示,APC的在线分析会自动开始。


In mere split seconds after the unknown (not suspicious, simply unrecognized) file is accessed, a “fingerprint” of this unidentified file is instantly uploaded to the Avira Protection Cloud. Once received, the file’s fingerprint is compared to the millions and millions of safe and unsafe file definitions already stored in the Avira Protection Cloud. If the file corresponds to a previously recognized file that is known to be safe, the process is approved, the user accesses the file and life goes on as normal.
在获取到未知文件的几秒后,此文件的指纹会被立刻上传到APC。接收完毕后这个指纹就会被与APC中的几百亿条安全或危险的文件定义进行比对,如果文件符合已有的安全文件定义,用户就能照常访问文件,一切继续。


However, if the file cannot be identified, the APC will request the user to upload the complete file for a full analysis. After scanning, if this full file is found to include malware, the APC will instantly quarantine it and define it as “malicious”. The APC completes this process in a matter of seconds (of course, if the file is infected, the user will also receive an alert). On the other hand, if the new file is determined to be malware free, the APC will label this file as “safe” and make that information available to all requesting APC users- preventing them from having to complete the same process.
但是如果文件依然未知,APC将请求用户上传完整文件以作彻底分析。扫描之后,如果文件包含已知恶意代码,APC将立即隔离文件并标记为“有害文件”。整个过程在几秒内就可完成,用户也会收到警告。但,如果新文件被确定为无毒,APC会将文件标记为安全,并将结果公开给其他所有提交了此文件请求的APC用户,以跳过他们的分析过程。









2. Key Advantages of the APC-APC的关键优点

2.1 Community Intelligence-集群智慧

A main advantage of the APC platform is that it leverages Avira’s global network of over 100,000,000 users towards detecting new viruses. Each day, untold numbers of files are accessed as users surf, scan, shop, browse, stream, download and chat. This represents an astounding number of files to examine, but at the same time, it represents a golden opportunity to greatly expand Avira’s malware detection footprint.
APC的一个主要优点就是它动员了avira超过一亿的全球用户来共同侦测新病毒。每天,用户在上网、扫描、下载、聊天的时候会有不计其数的文件被访问,这样就有超多的文件需要检查,但这也是Avira拓展病毒检测范围的绝好机会。


To capitalize on this, the APC connects the scanning potential of millions of independent machines into a single, central malware definition platform. The APC then acts as a distribution hub, dispersing new virus definitions to APC users across the globe in real-time.
为了最大化利用这点,APC将数以百万计的PC的实时监控过程与一个完全集中的恶意特征库相连。接着APC又成为分发中心,将新的病毒定义实时推送给每一位APC用户。


To put it plainly, instead of one computer working independently to locate and identify new malware, the APC empowers every APCequipped PC across the globe with the ability to contribute to global internet security by submitting unrecognized files for analysis.
换句话说,与以前一台电脑单一来定位与识别新病毒不同,APC让横跨全球的每一台APC加持的计算机都提交未知文件进行分析,共同为网络安全贡献力量。

2.2 Real-Time Updates-实时更新

The second advantage of the APC is that, in contrast to a scheduled-update antivirus system, the APC employs a real-time update system. In a traditional antivirus system, a PC user had to manually update their antivirus in order to be protected from newly defined threats. Between these updates, a PC’s virus definition is actually not  current. This leaves the PC vulnerable until the next update arrives. However, within the APC, detailed information about tens of millions of files is updated and communicated continuously, every second, 24 hours a day, seven days a week. This means that every APC user benefits from immediate, on-demand access to the most current virus definitions – literally seconds after they are discovered.
APC的第二个优点是它是实时更新着的体系,而不是按日程更新的。在传统的反病毒体系中,PC用户需要定期更新杀软以获得新的威胁定义,在两次更新之间,PC的病毒定义并非总是最新的。这让PC变得存在漏洞。(译者注:这也是俺放弃GD这类BD系杀软的唯一原因)但是在APC中,每一天,每一分,每一秒都有数以千万计的文件信息被更新和推送。这意味着APC的用户能实时快速访问到最新病毒定义,往往过程就在新病毒被发现的几秒内。

2.3 Detection Protection-对检测本身的保护

As mentioned, aside from simply accessing personal PCs, malware authors are clever enough to hack directly into a local antivirus program and view its detection processes from the inside. Hackers then use the antivirus program itself as a sort of laboratory to develop new viruses or adapt their malware to remain undetected. Yet, since the APC stores these processes on the Cloud, these processes are invisible and inaccessible to hackers. Avira calls this third APC advantage “Detection Protection”. Since the APC is not a local product, hackers are not able to view the entire antivirus platform and therefore are not able to investigate the variousmodules and engines performing tasks within. It is far more difficult to hack software that you cannot see. Second, once a virus is developed, a hacker must test their virus codes by uploading them and their different permutations en masse. Without a local product to use as a testing platform, hackers cannot complete this critical step.
正如上边所提到的,除了直接侵入个人PC,病毒作者还能直接侵入本地杀软程序来从内部观察检测过程。杀软被破解者当成了检验新病毒和恶意软件不被检测的实验室。但,APC将检测放在云端,无法被破解者获取。Avira称之为“检测的保护”。因为APC不是一个本地的产物,病毒作者也无从观察整个反病毒平台和研究完成检测任务的多个引擎与模块。想破解你看不到的软件可就难得多啦。此外,新病毒编写好之后,破解者需要提交许多次代码和代码的变种,在没有本地内容作为测试平台的情况下,这关键一步就无法完成了。

2.4 Lightweight Profile-轻量架构

The fourth advantage of the APC is its incredibly lightweight profile. By offering Avira’s awardwinning detection engine on the cloud, users are benefitting from a product that accomplishes much more using far less local resources. Furthermore, APC-based scanning requires significantly less network traffic since initially, only the small file fingerprint is uploaded. This way, the APC can process 1000 virus definition requests using only12 Kilobytes.
APC的第四个优点就是它极度轻快的架构。通过将Avira首屈一指的检测引擎放到云端,用户能够感受到产品对本地资源的占用大大减少了。此外,由于只上传文件的指纹,基于APC的扫描与最初相比大大减少了网络传输量,APC处理1000条病毒定义只需要12kb。


At the same time, Avira Protection Engineers have reduced latency by designing the APC with high-performance caches that scale according to the number of requests. The result is a leaner, slimmer antivirus platform that consumes significantly less PC and network resources when compared to traditional onboard antivirus platforms. This is especially important since there is simply no way a consumer PC could have the resources to run the Advanced Generic Detection processes included in the APC as the Artificial Intelligence platform features some of the world’s most advanced file analysis module.
与此同时,Avira的安全专家还通过根据收到请求的数量来建立高速缓存的方式来减少延迟。最终的成果就是一个快速灵巧的反病毒平台,所占用的PC和网络资源都比以前的在端反病毒系统少得多。尤其要考虑到想运行APC中许多尖端的通用检测, 普通的消费者PC的配置根本无法达到要求。这是一个由人工智能平台部署的世界一流的文件分析模块。


For example, Avira has automated malware analysis processes using advanced algorithms that interpret newly discovered files and classify them without any human intervention. This Artificial Intelligence uses convex optimization, a technique designed to minimize convex functions and convex sets to reduce instructions and use specifics to create generalities regarding unknown file types. These generalities are then used to classify files into “good” or “bad” using thousands of characteristics as inputs.
举个例子,Avira的自动化病毒分析采用了强力的算法将新文件进行破译,在不需要人工干预的情况下对其分类。人工智能采用了凸分析优化:这是一种利用凸集和凸函数的性质为未知文件提取特性的技术。这些特性被用来将文件分类为好和坏,调用了数以千计的特征。




Quite simply, the APC’s proven scanning technologies operate on such a massive scale, that they are far too large and complex to run on a consumer PC.
简单的说,在APC里进行的扫描技术是如此之大如此之繁复,以至于无法在单台消费者PC上完成。









3. Benefits at a glance-亮点总结

  • Community Intelligence greatly expands the scope of detection-集群智慧大大拓宽检测范围



  • Cloud storage allows users to take advantage of the Avira scanning engine, which is consistently ranked No.1 in proactive and reactive AV testing-云存储让用户得以采用avira业界一流的扫描引擎



  • Augmented Avira self-learning technology classifies files without relying on human intervention-精心调节的自学习技术无须人工干涉即可分析文件



  • Low resource consumption for local machines-本地机器上的低资源占用



  • Avira Protection Cloud database holds several hundred gigabytes and terabytes of uploaded files, but does not require these files to be stored locally-APC数据库保有大量上传文件,但不需放在本地



  • Automated database requires no previous knowledge and minimal user effort-自动化数据库学习成本低,减少人工操作



  • Avira Protection Cloud grows and expands as users go through their day-to-day computing activities-APC会随着用户的日常活动而完善扩展



  • Dynamic file classification for advanced persistent threats-针对高级顽固威胁的动态文件分析



  • Enhanced protection against rapidly evolving malware families-针对快速迭代的病毒家族的增强保护



  • Seamless integration with existing Avira product line and cross-platform support without eroding service-在不侵扰本地服务的情况下与Avira本地产品的无缝整合



  • The APC is a closed loop system that does not store any personal information. The APC relies on file “fingerprints” and is entirely anonymous-APC是一个不储存用户信息的闭环系统。APC操作的是匿名的文件指纹。












4. FAQ-你问我答

  • What kind of data does my PC exchange with the APC?-我的计算机会与APC交换哪些数据?



Initially, only a small identifying portion of a file, called a “fingerprint” is uploaded. However, if that fingerprint is unrecognized, the APC will request the user to upload the entire file for a full analysis. Furthermore, only information about executable files is uploaded to the Protection Cloud (executable files end with .exe or .dll). Files such as PDFs, text files (.txt and .rtf), pictures (.jpeg, etc.), Word documents and other private files are not uploaded to the Cloud.
最初,只有文件的定性部分被上传,被称为指纹。但是如果指纹是未知的,APC会请求用户上传整个文件作完整分析。接着,只有可执行性文件(.exe或者.dll)的信息会被上传。诸如PDF,文本文件,图像,Word文档和其他隐私文件不会被上传。


  • Can anyone get access to my uploaded data?-有人能获取我上传的数据?



No. Uploaded data is only used for malware analysis and is saved in our cloud data center. Sharing this data with third parties is prohibited. The process is entirely automated and no human checks the files individually. Most importantly, when uploading fingerprints or files, the user’s identity is automatically deleted to ensure complete anonymity.
不,被上传的文档只被用作病毒分析,存储在我们的云数据中心。将数据分享给第三方是被禁止的。整个过程完全自动,不会有人单独检查这些文件。最重要的是,在上传文件指纹时,用户的身份信息为了确保完全匿名已经被删除了。


  • Is the uploaded data encrypted?-上传的数据是否被加密?



Yes. Every communication step between the user’s system and the Protection Cloud is always encrypted using Transport Layer Security, or TLS.
是的,用户与APC之间的每一步都是用TLS加密的。



看过走过路过的加个分鼓励下吧。大家国庆快乐~

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 5人气 +5 收起 理由
驭龙 + 1 版区有你更精彩: )
心跳回忆 + 1 赞一个!
尘梦幽然 + 1 版区有你更精彩: )
huihui458 + 1 我只想知道怎么免费用?或变相免费用?
fuzhk + 1 国庆快乐

查看全部评分

本帖被以下淘专辑推荐:

aaa839
发表于 2014-10-6 07:30:26 | 显示全部楼层
本帖最后由 aaa839 于 2014-10-6 07:38 编辑
欧阳宣 发表于 2014-10-4 23:04
先继续做几年OEM狂魔,赚够钱再说

其实我还是断不了对主防的期盼,但愿APC能将对行为分析的学习成果 ...


真的有點拿命
APC整套架構360是沒有參與
APC 內部Avira代號名為NightVission 當時計劃是2011年已開始
首次出現是2013版本

Avira的APC有自我學習能力的AI,行為分析都有(雲端),
但此等不會加入至本地,但留意APC本地會有一份Local Decider,Local Decider是一份類似是否需要上傳的名單

而且APC不單單只是雙撃,掃描(快速系統掃描)已經存在
如果遇上APC已知但本地病毒庫是還未增加的,就是不用雙撃都可以顯示為HEUR/APC (Cloud)

而且就算Avira 2012派人來=/=雙隻在APC有合作,雖然看似相近

但是雙撃=/=才起作用,不全對
触發APC雙撃上傳,只限於是未知檔案才會觸發
而APC已知檔案是直接報上Fingerprint

而且SHA指紋只是防止多次APC雖對已知文件都要上傳,減少系統資料

這樣設計的原因是出於效能因素
就是避免APC會拖慢系統效能

APC的觸發監控是依賴了即時防護上
但未來會增加Kernel Sensor,不需要再必須雙撃才有機會觸發APC

apc上傳不是建基於失敗才上傳
APC遇上已知/未知文件,都是會自直接以SHA去看看是否雲端已有結果,如果雲端沒有該檔案的資料SHA/已知的檔案SHA值與雲端的不符才會要求你上傳

差點忘記一點,APC還有一個叫URL-Cloud,運作模式都是整合於即時防護
URL Cloud發現你下載未知檔案時都會自動交由APC要求你上傳

說APC=360雲,甚致360應該收購,這些幻想全部歸0吧,CEO接手時已經說不會賣公司,部份猜測不要再寫
dunshiwumen
发表于 2014-10-3 18:08:15 | 显示全部楼层
感谢楼主分享
情歌王子
发表于 2014-10-3 18:10:09 | 显示全部楼层
看不见我、看不见我
zandalong
发表于 2014-10-3 18:23:58 | 显示全部楼层
看样子红伞的云机制做的不错。
fuzhk
发表于 2014-10-3 18:59:32 | 显示全部楼层
好复杂,但真的靠谱吗
清道夫900
发表于 2014-10-3 19:06:34 | 显示全部楼层
谢谢分享,不错不错/
欧阳宣
头像被屏蔽
 楼主| 发表于 2014-10-3 22:18:49 | 显示全部楼层
@huihui458  APC在免费版里就有部署。
huihui458
发表于 2014-10-3 23:39:12 | 显示全部楼层
欧阳宣 发表于 2014-10-3 22:18
@huihui458  APC在免费版里就有部署。

就是说的云吗?

还以为有单独的工具呢
欧阳宣
头像被屏蔽
 楼主| 发表于 2014-10-3 23:44:22 来自手机 | 显示全部楼层
huihui458 发表于 2014-10-3 23:39
就是说的云吗?

还以为有单独的工具呢

不在免费版里部署apc,怎么达到红伞大量采集未知文件的目的嘛,收费用户辣么少。
八连杀
发表于 2014-10-4 10:21:43 | 显示全部楼层
云是什么时候出来的?
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-26 04:29 , Processed in 0.138607 second(s), 22 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表