红伞9普及很快啊

asinasina

As you may have heard, we released version 9 of Avira AntiVir last week. From our update servers we can tell that up to yesterday more than three quarters of Avira AntiVir Premium users have upgraded to the new version. Looking at the support statistics, the new version runs very well and smoothly.

But questions arose due to a new feature which many people seem to activate (which is good, by the way.). It scans the system files and checks their integrity by verifiying their digital signature. If someone or something like malware tampered with those system files, it will invalidate the digital signature and cause Avira to warn about this.

A digital signature is a checksum of the file which is stored together with a digital certificate of the producer of the software. If the file gets changed, the checksum changes as well and the digital signature isn’t valid anymore. By checking the certificate it can be validated that the producer is the “real” one.

This leads to some confusion whether the systems of affected users are in fact infected or not. This is hard to tell on end-user-systems. There are patches available which lift the connection limit of half open TCP/IP connections in Windows XP and newer versions by directly modifying the responsible DLL. Other programs tamper with the system files for adding themes to windows (NB: you don’t need to change executable system files for applying themes to windows, better stay away from such software).

So the computer isn’t necessarily infected when Avira warns about invalid signatures in system files. In companies you may want to take such systems offline and analyse them anyways. Computer users should be aware that they can’t really trust their system anymore once these signatures are invalidated, as malware may modify those binaries as well - and now the user can’t see that this happened as the signature was invalid already before.

Dirk Knop
Technical Editor
Tags: Avira AntiVir 9, Digital Signature

你也许听说了，我们上周发行了红伞9.从我们的升级服务器来看，截至到昨天，超过3/4的红伞P

版用户已经升级到最新版了。从支持的数据来看，新版本运行得很好，进展顺利。
但是由于许多人激活了一项新的功能导致问题。这个功能是扫描系统的档案和通过验证其数字签

名，检查其完整性。如果有人或有像间谍软件篡改这些系统文件，这会使数字签名无效并使红伞

发出警告。
数字签名是一类校验的文件，该文件存储软件的生产商的数字证书。如果这些文件改变了，校验

也就改变并且数字签名也就无效了。通过检查证书可以验证的生产者是真的。
这导致了一些混乱，受影响的系统的用户实际上是否感染病毒了。在用户终端系统上很难分别。

有为了解除WINXP连接限制的半开放的TCP / IP连接补丁和新版本对对DLL的直接修改。其他一

些程序篡改系统文件为了使用更多WINDOWS主题（注意：你不需改变可执行系统文件去应用于

Windows的主题，最好地远离此类软件）『那就是说修改uxtheme.dll可行了？这不是应用程序

额..路过』
所以在红伞警告无效签名的系统文件时系统不一定真的感染病毒了。在公司里你应该使系统离线

并对其进行分析。
电脑用户应该注意当这些数字签名改变时不能再相信自己的系统了，因为恶意软件也可能更改这

些二进制数据——现在用户无法看到这些事情因为数字签名已经在之前就无效了。

[ 本帖最后由 asinasina 于 2009-3-24 09:44 编辑 ]

Beloved

[:26:]
V9发布的当晚，连夜装上的

zyphio

我原来是毛豆3+EAV的忠实用户！
但看在红伞9的F版那更加简洁的设置界面上（外加中了两次马，升级EAV4和麻烦上）和最关键的红伞个人免费协议上，最终选择了红伞9！！！！！！
至少红伞9装后，第一感觉就是不会像EAV在解压EXE时那样卡，第二是比EAV灵敏多了（晓月的红伞卸载工具，虽算是误报，但说明防马的敏感度高了），第三是启动速度还比EAV快点！
第四是没有想像中那样难上手，感觉红伞9的界面更合理，设置更加简洁易懂！

asinasina

1。解压卡是因为你没去掉高启发
2.误报不能说灵敏高...
EVA也是好软件，各有各 的好

dadaist

是的，用了几年的NOD32,感觉一直都不错

bojue5

貌似没提到假死问题啊?
希望尽快解决。

其实偶是被V8弹出来的更新框框给弄烦了才换的。
结果有一台电脑右键假死，十分郁闷。。。。

jyharies

呵呵 多少人从3月8号开始等v9 ~~能不快么？。

fengliuyedao

右键假死的问题没人反应？？？

xianlin_qin

偶用Free版的  一切正常！！！！