I installed KIS7 on systems infested with my standard collection of malware threats including adware, spyware, Trojans, rootkits, and rogue antispyware programs. The worse the threats, the more effectively it removed them: It whacked all the Trojans and rootkits, missed some spyware and adware, and totally ignored the rogue antispyware samples. Kaspersky tech support verified that by default, the product doesn't remove the least virulent problems (it categorizes them as "riskware"). I enabled riskware removal, set the scanning security level to maximum, and repeated my tests. This time it did much better, scoring 8.6 out of 10, not far behind Spy Sweeper (9.0) and Spyware Doctor (9.1). It scored a less impressive 5.7 against my commercial keylogger samples. Embarrassingly, several samples that it recognized and tried to remove were almost completely unaffected; they continued blithely logging keys and other system information. As always, however, I don't give as much weight to removal of these commercial monitoring programs. 我把卡巴斯基网络安全套装7.0安装在感染了我收集的优秀的恶意软件威胁,包括广告,间谍,木马,rookit,与流氓antispyware (从字面是反间谍)样本.威胁越危险,它清理的越有效.它击败了所有的木马,rootkits,错过了一些间谍,广告,彻 底的忽略了rogue antispyware 样本.卡巴斯基技术支持确认在默认下,它不清理威胁最小的问题(它把那些归类为riskware").我打开了riskware 清理,把扫描安全度调至最高,在重复测试.这次,它干的好多了,得了8.6分(10分满,下同)并不太落后于 Spy Sweeper (9.0) and Spyware Doctor (9.1).它得了一个不太引人注意的5.7分,在对抗我的商用keylogger 样本.令人失望的是,一些它侦测出于清楚的样本,几乎不受影响,快乐地(原文如此),它们不断的记录键盘记录与其它系统信息.但,永远是,尽管如此,我并不太在乎这些商用监控程序.
I chose the option to prompt for actions on completion of the scan, thinking I'd get a list of found threats and a chance to determine their fate. That's what most scanners do. Instead, KIS7 displayed a pop-up for each threat asking what to do with it. Kaspersky technicians confirmed that's how the program is supposed to work, but I don't like it. I want to be able to deal with all the problems on one screen. And, wow, the program's default response to a serious threat includes an audible notification that sounds like a pig being tortured. Kaspersky really ought to give the user an option to choose a different sound—at the very least, it would be kind to reviewers who're testing the removal of serious threats on a dozen or so virtual machines at the same time. 我选用了选项来采用整体扫描,希望我能得到一份发现的威胁列表,与认出它们面目的机会.这是大部分扫描器所做的.然而,卡巴斯基网络安全套装7.0显示一个pop-up (广告?),来询问如何处理.卡巴丝基技术人员确认,这是这个程序所期望工作的方式.但我不喜欢.我希望能处理所有的问题在一个桌面上.并且,这个程序对于一个严重威胁的默认反应包括一个声音报告听起来像一头被折磨的猪.卡巴斯基真的应该给使用者一个选择去换一个不同的声音,最起码,它该对在差不多一打染毒机器上测试清理严重威胁的研究者友善些.(著名的杀猪叫!!!!!!!)
On several test systems, the program detected malware in memory immediately after installation and asked for permission to run a special disinfection scan. At the end of the scan, it rebooted the system. Bam! No warning, other than a note in the initial request suggesting that you close all other programs. On the other hand, after a full scan detected threats that required a reboot for full removal, it didn't even offer a reminder to reboot. Guys, get it right! Do offer to reboot when it's necessary, and do give the user a chance to shut things down cleanly first. 在一些测试系统上,这程序立即在内存中侦测到恶意软件,在安装后并询问许可去运行特殊的消毒扫描.在扫描的最后,它重起了系统.没有警告!除了最初要求关闭所有其它程序的建议.另一方面,在测底扫描后,侦测到的威胁需要重起,它甚至没有对要求重起来个警告.伙计们,把它改好吧!一定去要求重起,当必要时,并一定给使用者机会去首先把东西关好.
Next, I tried throwing the same collection of malware samples at a clean system protected by KIS7. As with the removal testing, my initial results weren't so great: It scored 7.6 against spyware and 4.3 against commercial keyloggers. I checked in with my Kaspersky contact and received a veritable laundry list of settings to change for maximum protection. I set protection to maximum under file antivirus, mail antivirus, and Web antivirus. I turned off the default exclusion of "riskware." I checked off several boxes in the Application Activity Analyzer to strengthen the active protection. There were over a dozen changes in all. 接下来,我试着把同样的收集的恶意软件样本放入在它保护下的干净的系统.随着清除测试,我首先的结果不太理想.它得了7.6在对抗间谍,与4.3对抗商业键盘记录.我联络了卡巴的支持,并收到了一份真正laundry(洗衣房?)清单来更改最大保护.我把保护修改到最大在文件保护,邮件保护与WEB保护.我关闭默认对riskware的排除.我一些在应用行为分析(Application Activity Analyzer )对一些boxes(抱歉,查不到)加上记号来加强现行保护.总共有一打修改.
When I repeated my tests after tweaking the configuration, the results were absolutely astounding. KIS7 started deleting my sample malware installers the moment I opened their folder. It trundled along slowly, popping up numerous queries and warnings and squealing like a stuck pig. But my set of samples gradually dwindled away to twenty, to ten, then to three. That's right. Out of my entire collection of spyware and keylogger samples, KIS7 deleted all but three on sight, before they even had a chance to launch. In the end it scored 9.3 out of 10 against both spyware and keyloggers. Spyware Doctor scored 9.8 at blocking spyware but only 7.1 against keyloggers. 当我重复我的测试,在修改配置后,结果完全令人震惊,卡巴斯基网络安全套装7.0开始删除我的恶意软件样本,当我打开文件夹时.它运转的很慢,出现很多问题解答资料库与警告,发出长而尖的叫声像在被刺死的猪.但我一套样本最终减少到20,到10,然后到3.没错.在我整个间谍与键盘收集样本中,卡巴斯基网络安全套装7.0只剩下视线的三个,在它们还没机会启动.最终,它得了9.3对抗间谍与键盘记录者.Spyware Doctor scored 得了9.8,在阻止间谍但只有7.1对抗键盘记录者.
This feat demonstrates that KIS7's database of malware signatures is extensive, but is it flexible? I reran the same test using modified versions of all the malware installers that it initially deleted on sight. These aren't "in-the-wild" variants; they exist only on my test system. I created them myself by renaming the files, changing non-executable bytes, and appending null bytes to change the file size. KIS7 handled every one of these deviants exactly as it had their originals, wiping them out on sight. So yes, it's flexible, too. But unless you crank up its protection levels seriously from their defaults, you won't get this powerful protection. That's a design decision that Kaspersky ought to re-examine if it intends to sell this suite to the masses, who are doing well to install a suite at all—you know, the set-it-and-forget-it folks. 这功绩证明卡巴斯基网络安全套装7.0病毒库中恶意软件代码是大量的,但它够弹性吗?(字面意思,我想是启发).我再启动同样的测试,用在最初在视线被删除的恶意软件installer被修改的版本.它们不是in-the-wild的变形,它们只存在于我的测试系统.我通过从命名文件,改变不可执行字节,附加无效字节来改变文件大小.卡巴斯基网络安全套装7.0处理了每个这些变形,好像它有原型,把它们清理出视线.所以,是的,它是它是弹性的.但除非你从默认彻底改变它保护等级,你不会得到有力的保护.这是卡巴斯基该检讨的设计决定,如果它打算把这个套装卖给大众,那些擅长装套装,你知道,那些安装即忘的家伙.
翻译的错误见谅,请指正.都是我自己一字一字翻译的,没用翻译工具.
在论坛潜水了很久,为论坛尽点力.谢谢,大家支持!!!!!! As expected, the suite's firewall successfully stealthed all ports, making the test computer effectively invisible to attack from outside. In some cases it specifically detected my Web-based tests as port scan attacks, but regardless of whether it named the attack, it successfully defended the system. 正如所期待的那样,这个套装成功的隐藏了所有端口,使测试计算机有效的消失于外界攻击,.在某种情况下,它能有效的侦测到我的作为端口攻击的 Web-based (以网络为基础的?)测试,但不管它能否命名这攻击,它成功的保卫了系统. The other half of personal firewall protection is program control, often embodied in annoying pop-ups that ask whether such-and-such a program should be allowed Internet access. I like the way Norton Internet Security avoids those pop-ups by making its own decisions. ZoneAlarm culls the flock of pop-ups by preconfiguring access for many thousands of common programs. And KIS7? By default, it doesn't display any pop-ups—because by default, program control is turned off! All programs are allowed access except those blocked by specific user-defined rules. To get the expected level of program control, you have to turn the firewall's program control level from Low to Training Mode. (There's also a High setting that blocks all programs except those explicitly allowed by user-defined rules; most users will find this mode unbearable.) I'm in favor of reducing the number of confirmation pop-ups, but not by turning off protection! 其余一半的防火墙保护是程序控制,常常体现于困扰人的pop-ups,问这个或那个程序是否应该网络通行.我喜欢诺顿网络安全特警2007的工作方式,避免了这些pop-ups,通过它自行决定. ZoneAlarm剔出成群的pop-ups,通过重新设定几千常见程序的通道.而KIS7呢?默认情况下,它不出现任何pop-ups-因为默认下,程序控制是关闭的.所有的程序都允许通过,除了那些被用户特别规则阻止的程序.为取得期望程度的程序保护,你不得不把程序管理级别从低改到学习模式.(这也是很高的设定,它阻止所有程序,除了那些被用户定义规则特别允许的;大部分用户会发现这模式不可忍受).而我喜欢减少设定pop-ups数目,而不是关闭保护. When only authorized programs can access the Internet, the sneakier malware will try to gain access by subverting an authorized program or pretending to be one of the authorized elite. In its default configuration, KIS7's firewall doesn't block these devious tactics. But after I cranked up its protection for the malware-blocking tests, it was equally effective at detecting attempted end runs around program control. Not only did it catch all the "leak tests" I tried, it identified the sneaky trick being used, such as "Process is trying to inject into another process." 但只有授权程序能通过网络时,偷偷摸摸的恶意程序会试着取得通过权利,通过破坏一个授权程序或装作一个授权的精华(原意如此,我猜是关键程序).在它默认设定下,KIS7防火墙不阻止这些欺诈的战术.但当我开始对于它阻止恶意程序的保护测试,它同样有效的侦测企图绕过它程序控制的程序.它不只抓住所有我试的leak tests,它还识别出使用的偷偷摸摸(的程序),比如一个程序试着侵入其它进程. I will say this: The firewall is as tough as an MRAP armored vehicle. Malicious software attempting to shut down its protection won't get anywhere. It doesn't expose important processes to Task Manager. I tried to shut down its essential Windows Service, but that was protected. Its Registry settings can't be changed manually. I couldn't even turn off protection using fake mouse clicks; it recognized them as fake and ignored them. 我会这么说,这防火墙与 MRAP armored vehicle一样牢固.试着关闭它保护的恶意程序不会有任何进展.它不会暴露重要进程于Task Manager(任务管理器).我试着关闭必要的Windows服务,但这是保护的.它的注册表设定不能手动改变.我甚至不能用虚拟鼠标点击关闭保护;它把它们认为是虚假的并忽略它们. 这个网站,大家有争议.但我记得诺顿包装说它得了这网站的4.5星评价.我想,它还是可以的.
这都是我自己翻译的,生词查自白度.我还没过四级,呵呵,水平有限,大家谅解.谢谢!!!!!!!
[ 本帖最后由 Redevil 于 2007-8-19 23:50 编辑 ] |
发表于 2007-8-18 18:47:40
