关于uglee的抛弃费尔转用OSS的帖子的几点个人看法

猪头无双

就算是我多事吧，就算是找喷吧，说几点我个人的看法

http://bbs.kafan.cn/thread-1711227-1-1.html

这帖子一上来就说选用OSS的理由是因为http://www.matousec.com/projects ... enge-64/results.php

的测试结果，那么相信有人会问，这个测试测得是什么？解释一下，这个测试，准确的来说算是反泄露的测试的一种，考察的是套装的防泄漏能力，那么，费尔的防泄漏能力真的就不如OSS吗？

. We have received a lot of reactions from people who are not familiar with that information and simply do not understand the results and misinterpret them. All the tested products have one common feature – the application-based security model. In combination with their packet filtering capabilities, the tested products attempt to block attacks from other machines on the network as well as attacks performed by malicious codes that might run inside the protected machine. This is definitely not an unusual situation. People who use email clients, instant messengers, or web browsers face attacks that exploit the vulnerabilities in this kind of software very often. It happens that a malicious code gets inside the machine. And then it may try to install itself silently to the system, to steal users' data or sniff their passwords, or to join the target machine to a botnet. This is what the products we test want to prevent. This is why they are used. The problem is that although the goal is common, not all the products implement a sufficient protection.

We require the products tested in Proactive Security Challenge 64 to prevent data and identity theft. They should also implement a packet filter functionality to prevent direct online attacks – i.e. not to let the malware get in. The products should control the software installed on the computer to prevent the malware to integrate itself into the operating system. Then the malware should not be able to get the user's private data, thus anti-sniffing, anti-keylogging and personal data protection features should be implemented too. And even if the malware succeeded to collect the information it should not be allowed to send it outside the protected system and this means an implementation of the outbound network traffic control. To achieve all these is much harder task than it seems. The protection system also has to prevent attacking trusted processes and other components in the system. Otherwise, the malware would be able to use trusted parts of the system to integrate into the operating system, to collect or steal sensitive data and/or to send the data outside the system without being noticed. So the next feature that is required here is a control of untrusted processes' activities and that is the hardest task for the tested products. It also includes an implementation of self-protection mechanisms because the malware should not be able to terminate the protection, which implies some other features to be implemented and so on.

以上是官方说法，简单来说，这个测试主要测试的是软件能不能1.直接防御来自网络的攻击，2.能不能将含有恶意代码的软件在执行阶段控制住，保证不危害系统，前者费尔的防火墙可能已经能做到了，即便现阶段做不到，还有系统墙呢；而第二项测试就更好说了，费尔的动态防御目前还没发现能与之匹敌的杀软，个人使用经验来看比Norton的sonnar还要好些；那么，放弃费尔使用OSS的理由之一，不成立


第二，uglee认为免费一年激活码可以随时领取，呵呵，只能说这是他自己的想法了，其实是这个活动有时间限制，而且激活也是有时间限制的，这种统一的优惠活动一般都是从某一个固定日期开始计算激活时限的，超过激活时限，比如3个月，则代码自动失效，我手里OPF终身版和OSS的两年版key，都是正版的，尚且有激活时间的限制，何况是做活动呢。所以第二条理由，不成立。


第三条就更好笑了，确实，墨家小子在疯狂的测试OSS，或者说OPF，官方也给他反馈通道了，但是他自己压根没用过几回，这在防火墙区是有目共睹的，而他测试的结果都是通过OP区的L大转到官方的，所以，L大有时间，问题能被反馈，L大没时间，OP的问题也只能放在那儿了，所以，OP到底对uglee有多大用处呢？未知。

第四，uglee本人除了测试扫描样本以外，很少见到他双击样本测动态，可能也是我没注意到。但是OSS的VB引擎真心不算一流，只能说是大众化的一个引擎，曾经在欧洲是烂大街的玩意了，我的几个朋友手里还有VB的漏洞代码呢，写几个命令就能废了VB，所以我个人觉得OSS对于uglee来说没什么大用。




呵呵，说了这么多，想对uglee说的就是，希望你看问题全面一点，做事之前先仔细思考比较一下，再说其他的；同时也想批评下费尔的官人，有时候真心找你们反馈问题很难啊，有的时候态度好一点，用户能和你们的互动多一点。嘛，就是这样，结束。

蓝色天气

比较客观，哈哈，顶一下，尤其最后一段-------同时也想批评下费尔的官人，有时候真心找你们反馈问题很难啊，有的时候态度好一点，用户能和你们的互动多一点。嘛，就是这样，结束

jumppa

我感觉楼主反对某人的想法时不应黑oss。作为一个oss用户看了这种无端比较有点不爽。

雪洗铁龙

oss用户飘过，我的电脑在安装ubuntu之前，费尔一直好好的。。但是自从划了部分空间来安装ubuntu+w7双系统，每次重启费尔都会授权码失效。。。各种烦躁

七宝

费尔官方态度其实很好了，真的