本帖最后由 驭龙 于 2015-3-25 12:34 编辑
似乎DrWeb已经越来越看中DrWeb Process Heuristic了,看今天发布的新闻,如果DPH能杀更多的类型,那一定很强的,只可惜现在只是杀注入和勒索两大类。
Dr.Web Preventive Protection — a useful anti-virus component
February 24, 2015
Doctor Web, Ltd., announces the launch of a new project designed to inform users about the settings of the Dr.Web Anti-virus “Preventive protection” component. Users can familiarise themselves thoroughly with the component’s different settings and learn how to apply them according to their own home PC security requirements.
Dr.Web Preventive Protection is available under the Dr.Web Security Space and Dr.Web Anti-virus licenses. The new information resource acquaints users with the component’s four operational levels and with its individual settings located on the “Preventive protection” tab which can be reached by clicking on the spider icon in the system tray and going to the “Protection components” settings menu.
Dr.Web users can configure a useful anti-virus component — preventive protection.Tweet
We want to emphasise to Dr.Web users that it is in their best interests to use preventive protection to protect the information on their home PCs from damage and unauthorised access.
When you disable preventive protection, Dr.Web Process Heuristics technology―which protects your system against the newest, most dangerous malware programs designed to bypass detection by traditional signature-based scanning and heuristic analysis―stops operating. This is the very technology that makes it possible to detect encryption ransomware programs that are unfamiliar to the Dr.Web virus database. Without preventive protection, critical system objects remain unclosed and are often used by viruses to infect computers. When used, this component helps prevent access to anti-virus company websites from being blocked and legitimate addresses from being spoofed by phishing resources (this is especially critical for users of online banking). When you disable the preventive protection component, new malware that has yet to be analysed by Doctor Web, can penetrate your computer. As a result, the OS as a whole and the individual applications installed on your computer can become unstable, some applications may not launch, and you may not be able to start your PC in safe mode which in turn would make it difficult to neutralise the effects of the viral incident.
谷歌翻译
Dr.Web的预防性保护 - 一个有用的反病毒组件
2015年2月24日
Doctor Web有限公司宣布推出旨在告知用户的Dr.Web反病毒软件“预防性保护”组件的设置一个新的项目。用户可以使用该组件的不同设置彻底熟悉并学会如何根据自己的家用PC的安全性要求应用它们。
Dr.Web的预防性保护是下大蜘蛛安全空间和Dr.Web反病毒软件许可证提供。新的信息资源acquaints用户与组件的四个业务水平,并与位于“预防性保护”选项卡,可以通过单击系统托盘中的蜘蛛图标,并打算以“保护元件”设置菜单中就其个人设置。
Dr.Web的用户可以配置一个实用的杀毒组件 - 预防protection.Tweet
我们要强调以蜘蛛的用户,这是他们的最佳利益使用预防性保护,以保护不受损坏和未经授权的访问自己的家用PC的信息。
如果禁用预防性保护,蜘蛛进程启发式技术,保护您的系统免受旨在通过传统的基于签名的扫描和经营启发式分析,停止绕过检测最新的,最危险的恶意程序。这是非常技术,使得它能够检测加密勒索程序不熟悉到大蜘蛛病毒库。如果没有预防性保护,关键的系统对象仍然未闭合,并经常被病毒感染计算机。在使用时,该组件可帮助防止欺骗网络钓鱼资源被阻止访问防病毒公司的网站和合法的地址(这是用户网上银行的尤其重要)。如果禁用预防性保护组件,新的恶意软件,目前尚未通过医生网络进行分析,可以穿透你的电脑。其结果是,安装在计算机上的操作系统作为一个整体和单个应用程序会变得不稳定,某些应用程序可能无法启动,而且您可能无法以安全模式启动电脑,这反过来又使其难以中和病毒事件的影响。
关于DrWeb的预防性保护的技术细节:
Many malware programs operate according to similar algorithms, exploit the same operating system vulnerabilities, and have the same set of malicious functions.
If a suspicious program’s behavior resembles the behavioral patterns of known malware, the Dr.Web anti-virus protection system can detect and block that program—even if an entry for it has yet to be included in the Dr.Web virus database.
This is possible thanks to a whole set of diverse technologies offering protection that acts ahead of the curve. Here are just some of them:
FLY-CODE is a unique, universal decompression technology that allows viruses packed with packers unknown even to Dr.Web to be detected.
The cutting-edge, non-signature scan technology Origins Tracing™ ensures that viruses unknown to Dr.Web are highly likely to be detected.
The Dr.Web heuristic analyser, which bases its analysis on criteria typical of various groups of malicious programs, reliably detects most known threats.
Dr.Web Process Heuristic protects systems against new, highly prolific malicious programs that are capable of avoiding detection by traditional signature-based analysis and heuristic routines because they haven't yet been analysed in the anti-virus laboratory and, therefore, are unknown to Dr.Web at the moment of intrusion. Dr.Web Process Heuristic analyses the behaviour of a suspicious program to determine whether it is malignant and takes the steps necessary to neutralise the threat if one exists. The new technology protects data from corruption which makes it possible to minimise losses caused by the actions of an unknown virus.
A comprehensive analysis of packed threats significantly improves the detection of supposedly “new” malicious programs that were known to the Dr.Web virus database before they were concealed by new packers. In addition, with such an analysis, there is no need to add redundant definitions of new threats into the virus database. With Dr.Web virus databases kept small, a constant increase in system requirements is not needed. Updates remain traditionally small, while the quality of detection and curing remains at the same traditionally high level.
Dr.Web preventive protection is available under the Dr.Web Security Space and Dr.Web Anti-virus licenses
谷歌翻译
许多恶意软件程序,根据类似的算法操作,利用相同的操作系统漏洞,并且具有相同的一组恶意功能。
如果一个可疑程序的行为类似于已知恶意软件的行为模式,Dr.Web反病毒保护系统可以检测并阻止该程序即使进入它尚未被列入大蜘蛛病毒库。
这可能要归功于一整套不同的技术提供保护,充当遥遥领先。这里只是其中的一些:
FLY-CODE是一个独特的,通用的解压缩技术,它允许将检测到的病毒挤满了加壳未知甚至蜘蛛。
尖端,非签名扫描技术起源跟踪™确保病毒未知蜘蛛非常可能被检测到。
大蜘蛛启发式分析器,它基于其对标准的典型不同群体恶意程序的分析,可靠的检测大多数已知的威胁。
Dr.Web进程启发式防止新的,多产的恶意程序,能够避免检测由传统的基于签名的分析和启发式程序,因为他们还没有在反病毒实验室分析,因此,是未知的系统蜘蛛在入侵的时刻。蜘蛛进程启发式分析可疑程序以确定它是否是恶性的行为,并采取必要的步骤,如果存在的话,以中和威胁。新技术可以防止腐败的数据,这使得它可以最小化所引起的未知病毒的动作的损失。
包装威胁的综合分析显著改善了已知的蜘蛛病毒库,他们被新加壳被掩盖之前所谓的“新”的恶意程序的检测。另外,随着这样的分析,就没有必要添加新的威胁冗余定义成病毒库。与大蜘蛛病毒库保持较小,不需要在系统需求的不断增加。更新保持传统小,同时检测和固化的质量保持在相同的传统高的水平。
Dr.Web的预防性保护是下大蜘蛛安全空间和Dr.Web反病毒软件的许可证可 |
发表于 2015-3-25 12:29:01
楼主
果然我还是很有眼光的,我现在就在用大蜘蛛
