本帖最后由 飞霜流华 于 2013-1-10 03:15 编辑
客户导向的优先级
微软恶意软件保护中心 (MMPC)的指导思想是保证每一位客户的安全。我们的研究团队和自动化的系统无时无刻不在努力实现这一愿景。
攻击者正在研究的威胁数量在持续增加。例如,上月我们收集和分析了 2000 万个新的潜在的恶意软件文件。这些文件中的百分之六被列为恶意软件。在这6%中,通过检测超过100000 个文件来提取出的新的特征码——这些都被用来尽可能快地保护尽可能多的客户。这些新的签名可阻止300万客户感染 400 万独特恶意软件文件,同时我们现有的签名保护另外的 1100 万客户免受 7200 万文件感染。
我们的自动化的系统处理许多提交给 MMPC的样本并自动添加为新的恶意软件签名。为防范更多的既定恶意软件家族,我们的技术人员需要深入研究和克服这类软件用来逃避我们的保护的新技术。Dorkbot 就是这类软件的一个示例。上个月我们保护 729,000个客户防止被 Dorkbot 感染 。但是,如果我们没有分析最新的传入文件和写 361 新签名速度不够快,我们的70,000客户将曾因为Dorkbot的规避检测而受感染。
为了保护尽可能多的客户,尽快优先分析2000 万新文件是每个月我们面临的巨大挑战。
我们的优先次序策略是以客户为导向的。随后,我们依靠超过 10 亿客户的计算机数据,以确定恶意软件的影响,并且数以百万计的客户计算机已登记,帮助我们收集和确定新的恶意软件。因为我们可以清楚地看到哪些恶意文件正在影响我们的客户,因此我们能够根据现实世界中恶意软件的流行率和影响程度确定我们响应进程的优先级。
反恶意软件行业有悠久的分享系统来收集恶意软件。我们分析这些文件来微调我们自己的传感器,并且我们相信这些会保护我们的客户应对他们没有看过的威胁时,我们甚至可能更新定义。整个系统中我们使用一个客户影响评价过程来查询我们的传感器寻找类似的恶意文件,以此来帮助我们做出决定。
作为主动和有效的以客户为导向的优先次序,在罕见的时候,我们不得不补救已经造成的感染,因为新的签名没有及时阻止它感染我们的客户。例如上个月,这影响我们的客户中1%的一小部分。虽然我们为我们提供的保护服务级别感到自豪,但我们也正在通过微调我们的系统和传感器不断努力争取更好的结果,继续研发自动化和基于云计算的技术,让我们向我们的客户更快部署最新的保护措施。
我们意识到我们优先考虑客户的保护方式可能不会总是与独立防病毒产品测试机构人员衡量我们能力的测试方式保持一致。但我们坚信秉承以客户为导向的优先次序将使我们保护我们的客户并确保我们客户的安全。
Dennis Batchelder
合作伙伴项目组经理
微软恶意软件保护中心
原文:http://blogs.technet.com/b/mmpc/ ... prioritization.aspx
Customer-focused prioritization
Our guiding vision at the Microsoft Malware Protection Center (MMPC) is to keep every customer safe from malware. Both our research team and automated systems work around the clock in an effort to achieve this vision.
The volume of threats that attackers are developing continues to increase. For example, last month we collected and analyzed 20 million new potential malware files. Six percent of these files were classified as malware. From that six percent, just over 100,000 files resulted in the development of new signatures to detect these files - all to protect as many customers as possible and as quickly as possible. These new signatures prevented three million customers from getting infected by four million unique malware files, while our existing signatures protected an additional eleven million customers from 72 million files.
Our automated systems process many samples submitted to the MMPC and automatically add signatures for new malware. For more established malware families, our researchers need to look deeper and overcome the new techniques the family is using to evade our protection. Dorkbot is an example of one such family. Last month we protected 729,000 customers from Dorkbot infections; however, if we didn’t analyze the latest incoming files and write 361 new signatures fast enough, 70,000 of our customers would have been infected by Dorkbot’s evasions.
Prioritizing the analysis of 20 million new files each month, in order to protect as many customers as quickly as possible, is a huge challenge for us.
Our prioritization strategy is customer-focused. Subsequently, we rely on data from over a billion customer computers to determine malware impact, and hundreds of millions of customer computers have enlisted to help us identify and gather new malware files. Because we can clearly see which malicious files are affecting our customers, we are able to prioritize our response process by using real world measurements for prevalence and impact.
The anti-malware industry has a long-established system for sharing collected malware files. We analyze these files in order to fine-tune our own sensors, and we may even write signatures when we believe they will protect our customers against threats they haven’t yet seen. We use a customer impact evaluation process that queries our sensors to look for similar malicious files across the ecosystem to help us make that determination.
As proactive and effective as this customer-focused prioritization approach has been, there have been infrequent occasions when we had to remediate an infection because a new signature didn’t reach our customers in time to block it. For example, last month this impacted a fraction of one percent of our customers. Although we are proud of the protection service level we do provide, we are constantly striving for better results by fine-tuning our systems and sensors, and continuing to invest in automation and cloud-based technologies that allow us to deploy the latest protection to our customers even faster.
We realize that the way we prioritize our protection may not always align with how the independent anti-virus product testers measure our effectiveness. We believe that adhering to a customer-focused prioritization process allows us to protect and keep our customers safe.
Dennis Batchelder
Partner Program Manager
Microsoft Malware Protection Center
本帖不讨论以下内容,请关注以上主题:
因个人原因不久之后即会离职(年后),加之本区原那时、那景版主升任国外大区版主,MSE区现招募版区管理人员一名,有意者可去申请区进行申请,国外大区版主会进行相关跟进。 | 
发表于 2013-1-9 23:22:18
mse的春天即将到来时,你们都走了
楼主
等我事情完了当然有时间再来咩~
A姐姐,我也会想你的