查看: 4531|回复: 4
收起左侧

(转贴)AVC对F-Secure主动防御技术DeepGuard的评价

[复制链接]
third
发表于 2007-7-29 19:36:28 | 显示全部楼层 |阅读模式
One of today's most challenging IT security problems are so called zero-day attacks (new unknown malware for which no signature detection exists). Recently AV-comparatives  http://www.av-comparatives.org/weblog/ tested F-Secure's behavior-based detection technology F-Secure DeepGuard for its ability to stop malware that is not found with traditional signature based virus scanning. F-Secure DeepGuard passed the test winning the 「Proactive Protection Award」 and was able to block all malware used for the test, proving that DeepGuard is able to do an excellent job of identifying and stopping previously unknown 「zero-day」 threats. The F-Secure DeepGuard technology is based on pervasive monitoring of program behavior during execution, a method which significantly improves the overall level of protection compared to traditional signature based file analysis. This approach enables the security solution to see beneath the surface of the system to detect and stop threats that were designed to pass all traditional defenses unnoticed.

「Our test consisted of new virus samples for which no signatures yet exist. The fact that F-Secure could stop them all with its DeepGuard technology proves that such a behavior-based analysis of malware during run-time can be quite effective in stopping zero-day threats」, says Andreas Clementi, project manager at the AV-Comparatives test laboratory.
http://www.f-secure.com/f-secure ... 0070620_01-eng.html  (转AVP Club)

大意是:F-Secure的主动防御技术DeepGuard通过了AVC针对零日威胁举行的一项测试,荣获主动防御奖并且阻止了测试中的所有威胁。这证明DeepGuard能够很好地发现并阻止最近出现的未知攻击行为。
以下是我个人的理解,F-Secure的主动防御技术DeepGuard应该结合了一般HIPS中都有的程序控制技术以及NORMON
的沙盘技术,在程序运行时对程序的行为进行监控,保护系统的关键区域(包括注册表、重要文件)不遭受非法改变,是一种很全面的智能化的HIPS。

[ 本帖最后由 third 于 2007-7-29 19:43 编辑 ]
globe
发表于 2007-7-29 21:13:10 | 显示全部楼层
fs很全面啊,防毒,墙,HIPS,装一个fs就足够了
lzlzh
发表于 2007-7-29 21:20:33 | 显示全部楼层
原帖由 globe 于 2007-7-29 21:13 发表
fs很全面啊,防毒,墙,HIPS,装一个fs就足够了


我觉得也是
kns8028
发表于 2007-7-29 22:34:22 | 显示全部楼层
虽不知道FS主动防御的真正实力为何(因为不能关防护独立测试),不过至少比前阵子诺顿出的NAB还好....被过的相对较少.

NAB第一天刚用时可能测的东西少,觉得他又聪明又轻巧,且清除生成物的能力比FS好,结过后来继续使用结果就有点惨,
鸽子不报就算了,连黑炸弹炸光硬盘也不报,不过看在他还继续小改版,仍对他有些期望

[ 本帖最后由 kns8028 于 2007-7-29 22:39 编辑 ]
tracydk
发表于 2007-7-30 08:27:09 | 显示全部楼层
对它还真是不了解啊
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 16:55 , Processed in 0.128615 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表