NOD32到底对启发有多么依赖？(欢迎大家进来讨论！）

显示全部楼层 · 发表于 2007-4-18 02:33:27

大家都知道NOD32是个非常依赖启发的杀软，那么NOD32对于启发究竟有多么依赖，我做了两个测试，欢迎大家讨论！（也是看到EQ2的这篇文章
http://bbs.kafan.cn/viewthread.php?tid=73303&extra=page%3D1受到启发而作的测试）
我使用了2个病毒包，都是自己在网上收集的，第一个毒包有8个样本，我关闭NOD32的所有启发右键扫描，结果如图1，只杀到2个，然后打开普通启发，右键扫描，结果如图2，还是只杀到2个，最后将NOD32的杀手锏高级启发式（普通启发也开）打开右键扫描，结果如图3全杀！
对第二个毒包依次进行相同的测试，结果启发全关如图4杀到2个，开普通启发如图5也是杀2个，最后开高级启发式（普通启发也开）如图6杀12个！
通过这个测试，我感觉对NOD32来说，高级启发可谓是至关重要，一旦关闭高级启发，NOD32就是纸老虎，可能连金山瑞星都不如！同时通过测试也发现NOD32的普通启发几乎形同虚设（起码在这2个样本包测试是如此），不过也可以理解，既然NOD32高级启发如此强悍，普通启发也就可有可无了！
以上结果和结论只是通过2个样本包得出（样本包一并传上，请大家验证！），欢迎大家讨论并做更多的测试来得出更准确的结论！此外说明一下，本人测试所用的是NOD32 2.70.32大S封装版，具体信息见图7！

[ 本帖最后由欠你幸福于 2007-4-18 02:56 编辑 ]

显示全部楼层 · 发表于 2007-4-18 03:11:33

搂住好样的

显示全部楼层 · 发表于 2007-4-18 03:34:00

普通启发几乎形同虚设

NOD32就是纸老虎

不会吧!!!!!

显示全部楼层 · 发表于 2007-4-18 07:01:46

关掉了全部启发的antivir。。
居然还有delphi.gen??
delphi.gen是病毒库的东西？
Macro heuristic..................: off
File heuristic...................: off
Skipped files....................: C:\Program Files\Kingsoft\Powerword 2007\xdict.exe,
Different risk categories........: +GAME,+JOKE,+PCK,+SPR,
Expanded search settings.........: 0x00000032

Start of the scan: 2007年4月17日  16:01

Start scanning boot sectors:
Boot sector 'C:\'
   [NOTE]    No virus was found!

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\13个样本.rar'
C:\Documents and Settings\morgan\My Documents\
  13个样本.rar
[0] Archive type: RAR
--> c0nime.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.14336
      [WARNING] Infected files in archives cannot be repaired!
--> update3.exe
      [DETECTION] Is the Trojan horse TR/Drop.OnLineGa.GS
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWL.EXE
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 8FFFEB65.EXE
      [DETECTION] Is the Trojan horse TR/Dldr.Small.ejw.1
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWM.EXE
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> winform.exe
      [DETECTION] Is the Trojan horse TR/Drop.OnLineGames
      [WARNING] Infected files in archives cannot be repaired!
--> mppds.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ARO.8
      [WARNING] Infected files in archives cannot be repaired!
--> rising619.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.27568
      [WARNING] Infected files in archives cannot be repaired!
--> msccrt.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ARI.104
      [WARNING] Infected files in archives cannot be repaired!
--> wsdttrs.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.MS.1
      [WARNING] Infected files in archives cannot be repaired!
--> dcoh.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1430
      [WARNING] Infected files in archives cannot be repaired!
--> bar.exe
      [DETECTION] Is the Trojan horse TR/Drop.SuperUtilBa
      [WARNING] Infected files in archives cannot be repaired!
--> cmdbc.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1429
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\8个样本.rar'
C:\Documents and Settings\morgan\My Documents\
  8个样本.rar
[0] Archive type: RAR
--> 007[1].exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
      [WARNING] Infected files in archives cannot be repaired!
--> IECONFIG[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1552
      [WARNING] Infected files in archives cannot be repaired!
--> ldasd[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.70
      [WARNING] Infected files in archives cannot be repaired!
--> SC0NFIG[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.70
      [WARNING] Infected files in archives cannot be repaired!
--> SPy[1].exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> SVCH0ST[1].exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
      [WARNING] Infected files in archives cannot be repaired!
--> TIMPLATF0RM[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.DQ.2
      [WARNING] Infected files in archives cannot be repaired!
--> wanmeishijie[1].EXE
      [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年4月17日  16:01
Used time: 00:12 min

The scan has been done completely.

   0 Scanning directories
   23 Files were scanned
   21 viruses and/or unwanted programs were found
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   2 Archives were scanned
   23 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-4-18 07:17:49

费尔报看图

[ 本帖最后由七少于 2007-4-18 07:24 编辑 ]

显示全部楼层 · 发表于 2007-4-18 07:41:41

这里是在讨论杀毒软件得启发

显示全部楼层 · 发表于 2007-4-18 07:54:08

测试一下啊　

显示全部楼层 · 发表于 2007-4-18 08:30:04

在nod32的启发式白皮书里面。。。基因属于特殊的启发式。。

显示全部楼层 · 发表于 2007-4-18 08:30:27

原帖由 mofunzone 于 2007-4-18 07:01 发表
关掉了全部启发的antivir。。
居然还有delphi.gen??
delphi.gen是病毒库的东西？
Macro heuristic..................: off
File heuristic...................: off
Skipped files....................: C ...

红伞高启发竟然和启发全关一样???

Starting the file scan:

Begin scan in 'C:\Documents and Settings\FEAR\My Documents\Downloads\Compressed\8个样本.rar'
C:\Documents and Settings\FEAR\My Documents\Downloads\Compressed\8个样本.rar
  [0] Archive type: RAR
  --> 007[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
  --> IECONFIG[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1552
  --> ldasd[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.70
  --> SC0NFIG[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.70
  --> SPy[1].exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> SVCH0ST[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
  --> TIMPLATF0RM[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.DQ.2
  --> wanmeishijie[1].EXE
   [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
   [INFO]    The file was moved to 'ae5cb45f.qua'!
Begin scan in 'C:\Documents and Settings\FEAR\My Documents\Downloads\Compressed\13个样本.rar'
C:\Documents and Settings\FEAR\My Documents\Downloads\Compressed\13个样本.rar
  [0] Archive type: RAR
  --> c0nime.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.14336
  --> update3.exe
   [DETECTION] Is the Trojan horse TR/Drop.OnLineGa.GS
  --> RAVWL.EXE
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 8FFFEB65.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.Small.ejw.1
  --> RAVWM.EXE
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> winform.exe
   [DETECTION] Is the Trojan horse TR/Drop.OnLineGames
  --> mppds.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ARO.8
  --> rising619.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.27568
  --> msccrt.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ARI.104
  --> wsdttrs.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.MS.1
  --> dcoh.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1430
  --> bar.exe
   [DETECTION] Is the Trojan horse TR/Drop.SuperUtilBa
  --> cmdbc.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1429
   [INFO]    The file was moved to '944f666c.qua'!

End of the scan: 2007年4月18日  12:28
Used time: 00:07 min

The scan has been done completely.

   0 Scanning directories
   23 Files were scanned
   21 viruses and/or unwanted programs were found
   0 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-4-18 11:08:07

原帖由基少于 2007-4-18 03:34 发表
普通启发几乎形同虚设 NOD32就是纸老虎

不会吧!!!!!

起码从这个测试来看，nod32的普通启发的确形同虚设，至于说NOD32就是纸老虎，看清楚前提，是关掉高级启发

[原创] NOD32到底对启发有多么依赖？(欢迎大家进来讨论！）

本帖子中包含更多资源

评分

本帖子中包含更多资源

回复 #5 七少的帖子

[原创] NOD32到底对启发有多么依赖？(欢迎大家进来讨论！）

本帖子中包含更多资源

评分

本帖子中包含更多资源

回复 #5 七少 的帖子

回复 #5 七少的帖子