(转贴)AVC对F-Secure主动防御技术DeepGuard的评价

third

One of today's most challenging IT security problems are so called zero-day attacks (new unknown malware for which no signature detection exists). Recently AV-comparatives  http://www.av-comparatives.org/weblog/ tested F-Secure's behavior-based detection technology F-Secure DeepGuard for its ability to stop malware that is not found with traditional signature based virus scanning. F-Secure DeepGuard passed the test winning the 「Proactive Protection Award」 and was able to block all malware used for the test, proving that DeepGuard is able to do an excellent job of identifying and stopping previously unknown 「zero-day」 threats. The F-Secure DeepGuard technology is based on pervasive monitoring of program behavior during execution, a method which significantly improves the overall level of protection compared to traditional signature based file analysis. This approach enables the security solution to see beneath the surface of the system to detect and stop threats that were designed to pass all traditional defenses unnoticed.

「Our test consisted of new virus samples for which no signatures yet exist. The fact that F-Secure could stop them all with its DeepGuard technology proves that such a behavior-based analysis of malware during run-time can be quite effective in stopping zero-day threats」, says Andreas Clementi, project manager at the AV-Comparatives test laboratory.
http://www.f-secure.com/f-secure ... 0070620_01-eng.html  （转AVP Club）

大意是：F-Secure的主动防御技术DeepGuard通过了AVC针对零日威胁举行的一项测试，荣获主动防御奖并且阻止了测试中的所有威胁。这证明DeepGuard能够很好地发现并阻止最近出现的未知攻击行为。
以下是我个人的理解，F-Secure的主动防御技术DeepGuard应该结合了一般HIPS中都有的程序控制技术以及NORMON
的沙盘技术，在程序运行时对程序的行为进行监控，保护系统的关键区域（包括注册表、重要文件）不遭受非法改变，是一种很全面的智能化的HIPS。

[ 本帖最后由 third 于 2007-7-29 19:43 编辑 ]

globe

fs很全面啊,防毒,墙,HIPS,装一个fs就足够了

lzlzh

原帖由 globe 于 2007-7-29 21:13 发表
fs很全面啊,防毒,墙,HIPS,装一个fs就足够了

我觉得也是

kns8028

虽不知道FS主动防御的真正实力为何(因为不能关防护独立测试),不过至少比前阵子诺顿出的NAB还好....被过的相对较少.

NAB第一天刚用时可能测的东西少,觉得他又聪明又轻巧,且清除生成物的能力比FS好,结过后来继续使用结果就有点惨,
鸽子不报就算了,连黑炸弹炸光硬盘也不报,不过看在他还继续小改版,仍对他有些期望

[ 本帖最后由 kns8028 于 2007-7-29 22:39 编辑 ]

tracydk

对它还真是不了解啊