查看: 13415|回复: 70

[分享] 简译Avira Protection Cloud官方白皮书

发表于 2014-10-3 17:46:58 | 显示全部楼层 |阅读模式
本帖最后由 欧阳宣 于 2014-10-3 17:49 编辑




        1.1.Why the Protection Cloud?
        1.2.What is the Avira Protection Cloud?
        1.3.How Does the Avira Protection Cloud work?

2. Key Advantages of the Avira Protection Cloud
        2.1. Community Intelligence
        2.2. Real-time Updates
        2.3. Detection Protection
        2.4. Lightweight Profile

3. Benefits at-a-glance

4. FAQ

1. Introduction-简介

While the concept of cloud computing is familiar to many, the Avira Protection Cloud represents a different approach to internet security. Therefore, Avira has
developed this document to help familiarize you with the next generation of internet security – the Avira Protection Cloud (APC).

We will start with a brief introduction of the Avira Protection Cloud and then move on to its fundamental segments. Afterwards, we will highlight the advantages of this new platform and finally we will end by answering some frequently asked questions.

1.1 Brief Introduction-简要介绍

The Avira Protection Cloud began with a question; how can users protect themselves from malware when hackers and malware authors are evolving at a frightening rate? Each day, hundreds of thousands of new bits of malware are developed and released into the wild. Trojans lay waiting in email attachments. Rootkits sabotage the tools designed to defeat them. Adware leads to annoying and potentially unsafe popups and keyloggers record passwords.

In the past, PC security was a straightforward affair. Antivirus software developed reactive measures that provided enough time to react to new viruses. However,hackers and malware authors improved their skills as well, and soon a competition between hackers and antivirus programs emerged. Like an arms race, it was a vicious cycle, each side trying to outperform theother.

Hackers attacked with viruses and security experts built massive virtual walls to keep them out. In response, hackers simply kept attacking the program until they found a way through the wall. When they did, security experts responded by making the virtual wall thicker and taller. In response, malware authors simply probed these new antivirus defenses again until they found another weak spot. Then security experts were forced to build yet another wall, which of course the hackers would eventually defeat. Day in and day out, hackers and security experts were locked in a struggle to stay one step ahead of each other.

For many years, this model of reactive defense was the cornerstone of successful internet security. However, this approach was not sustainable. Ever-increasing security measures simply weighed a PC down, consuming valuable resources that were better spent on computing tasks. Users needed smarter protection. More recently, a new challenge has emerged outright cyber warfare waged by experienced professionals. Today, hacking is no longer the work of lone individuals writing malware for their own mischievous entertainment. There are organizations that specialize in consumer and private espionage, data theft, identity theft, money laundering and all manners of internet fraud and blackmail-and they are good at what they do.

The major difference is that this new generation of hackers now has access to the same antivirus programs as the users. Once they posses the actual antivirus product for themselves, writing a new malicious code becomes easier.They simply use an automated process to test their codes until they find a particular permutation that gets through the wall.  Therefore, thicker walls are no longer the answer. Simply placing PCs behind massive Firewalls and filling them full of cutting-edge malware detection only defends users against known threats. A new way of thinking about antivirus was needed and it is precisely in this environment that the Avira Protection Cloud was born.

1.2 What is the Avira Protection Cloud?-APC是什么

The Avira Protection Cloud is a global, online cloud-based system that provides lightweight and state of the art file-classification in realtime. It is a round-the-clock, intelligent internet security system distributed across multiple data centers. In more simple terms, the APC is a global network of PCs all feeding into an online file definition database. These files are classified using state of the art algorithms and systems and then made available to users in real time. The result is a fast, lightweight, highly responsive and very reliable antivirus platform.

1.3 How Does the Avira Protection Cloud Work?-APC如何工作?

The Avira Protection Cloud process begins when a single APC-protected PC, located anywhere in the world, accesses an unrecognized file. When this occurs, the user receives an alert and the Avira Protection Cloud process automatically swings into action.

In mere split seconds after the unknown (not suspicious, simply unrecognized) file is accessed, a “fingerprint” of this unidentified file is instantly uploaded to the Avira Protection Cloud. Once received, the file’s fingerprint is compared to the millions and millions of safe and unsafe file definitions already stored in the Avira Protection Cloud. If the file corresponds to a previously recognized file that is known to be safe, the process is approved, the user accesses the file and life goes on as normal.

However, if the file cannot be identified, the APC will request the user to upload the complete file for a full analysis. After scanning, if this full file is found to include malware, the APC will instantly quarantine it and define it as “malicious”. The APC completes this process in a matter of seconds (of course, if the file is infected, the user will also receive an alert). On the other hand, if the new file is determined to be malware free, the APC will label this file as “safe” and make that information available to all requesting APC users- preventing them from having to complete the same process.

2. Key Advantages of the APC-APC的关键优点

2.1 Community Intelligence-集群智慧

A main advantage of the APC platform is that it leverages Avira’s global network of over 100,000,000 users towards detecting new viruses. Each day, untold numbers of files are accessed as users surf, scan, shop, browse, stream, download and chat. This represents an astounding number of files to examine, but at the same time, it represents a golden opportunity to greatly expand Avira’s malware detection footprint.

To capitalize on this, the APC connects the scanning potential of millions of independent machines into a single, central malware definition platform. The APC then acts as a distribution hub, dispersing new virus definitions to APC users across the globe in real-time.

To put it plainly, instead of one computer working independently to locate and identify new malware, the APC empowers every APCequipped PC across the globe with the ability to contribute to global internet security by submitting unrecognized files for analysis.

2.2 Real-Time Updates-实时更新

The second advantage of the APC is that, in contrast to a scheduled-update antivirus system, the APC employs a real-time update system. In a traditional antivirus system, a PC user had to manually update their antivirus in order to be protected from newly defined threats. Between these updates, a PC’s virus definition is actually not  current. This leaves the PC vulnerable until the next update arrives. However, within the APC, detailed information about tens of millions of files is updated and communicated continuously, every second, 24 hours a day, seven days a week. This means that every APC user benefits from immediate, on-demand access to the most current virus definitions – literally seconds after they are discovered.

2.3 Detection Protection-对检测本身的保护

As mentioned, aside from simply accessing personal PCs, malware authors are clever enough to hack directly into a local antivirus program and view its detection processes from the inside. Hackers then use the antivirus program itself as a sort of laboratory to develop new viruses or adapt their malware to remain undetected. Yet, since the APC stores these processes on the Cloud, these processes are invisible and inaccessible to hackers. Avira calls this third APC advantage “Detection Protection”. Since the APC is not a local product, hackers are not able to view the entire antivirus platform and therefore are not able to investigate the variousmodules and engines performing tasks within. It is far more difficult to hack software that you cannot see. Second, once a virus is developed, a hacker must test their virus codes by uploading them and their different permutations en masse. Without a local product to use as a testing platform, hackers cannot complete this critical step.

2.4 Lightweight Profile-轻量架构

The fourth advantage of the APC is its incredibly lightweight profile. By offering Avira’s awardwinning detection engine on the cloud, users are benefitting from a product that accomplishes much more using far less local resources. Furthermore, APC-based scanning requires significantly less network traffic since initially, only the small file fingerprint is uploaded. This way, the APC can process 1000 virus definition requests using only12 Kilobytes.

At the same time, Avira Protection Engineers have reduced latency by designing the APC with high-performance caches that scale according to the number of requests. The result is a leaner, slimmer antivirus platform that consumes significantly less PC and network resources when compared to traditional onboard antivirus platforms. This is especially important since there is simply no way a consumer PC could have the resources to run the Advanced Generic Detection processes included in the APC as the Artificial Intelligence platform features some of the world’s most advanced file analysis module.
与此同时,Avira的安全专家还通过根据收到请求的数量来建立高速缓存的方式来减少延迟。最终的成果就是一个快速灵巧的反病毒平台,所占用的PC和网络资源都比以前的在端反病毒系统少得多。尤其要考虑到想运行APC中许多尖端的通用检测, 普通的消费者PC的配置根本无法达到要求。这是一个由人工智能平台部署的世界一流的文件分析模块。

For example, Avira has automated malware analysis processes using advanced algorithms that interpret newly discovered files and classify them without any human intervention. This Artificial Intelligence uses convex optimization, a technique designed to minimize convex functions and convex sets to reduce instructions and use specifics to create generalities regarding unknown file types. These generalities are then used to classify files into “good” or “bad” using thousands of characteristics as inputs.


Quite simply, the APC’s proven scanning technologies operate on such a massive scale, that they are far too large and complex to run on a consumer PC.

3. Benefits at a glance-亮点总结

  • Community Intelligence greatly expands the scope of detection-集群智慧大大拓宽检测范围

  • Cloud storage allows users to take advantage of the Avira scanning engine, which is consistently ranked No.1 in proactive and reactive AV testing-云存储让用户得以采用avira业界一流的扫描引擎

  • Augmented Avira self-learning technology classifies files without relying on human intervention-精心调节的自学习技术无须人工干涉即可分析文件

  • Low resource consumption for local machines-本地机器上的低资源占用

  • Avira Protection Cloud database holds several hundred gigabytes and terabytes of uploaded files, but does not require these files to be stored locally-APC数据库保有大量上传文件,但不需放在本地

  • Automated database requires no previous knowledge and minimal user effort-自动化数据库学习成本低,减少人工操作

  • Avira Protection Cloud grows and expands as users go through their day-to-day computing activities-APC会随着用户的日常活动而完善扩展

  • Dynamic file classification for advanced persistent threats-针对高级顽固威胁的动态文件分析

  • Enhanced protection against rapidly evolving malware families-针对快速迭代的病毒家族的增强保护

  • Seamless integration with existing Avira product line and cross-platform support without eroding service-在不侵扰本地服务的情况下与Avira本地产品的无缝整合

  • The APC is a closed loop system that does not store any personal information. The APC relies on file “fingerprints” and is entirely anonymous-APC是一个不储存用户信息的闭环系统。APC操作的是匿名的文件指纹。

4. FAQ-你问我答

  • What kind of data does my PC exchange with the APC?-我的计算机会与APC交换哪些数据?

Initially, only a small identifying portion of a file, called a “fingerprint” is uploaded. However, if that fingerprint is unrecognized, the APC will request the user to upload the entire file for a full analysis. Furthermore, only information about executable files is uploaded to the Protection Cloud (executable files end with .exe or .dll). Files such as PDFs, text files (.txt and .rtf), pictures (.jpeg, etc.), Word documents and other private files are not uploaded to the Cloud.

  • Can anyone get access to my uploaded data?-有人能获取我上传的数据?

No. Uploaded data is only used for malware analysis and is saved in our cloud data center. Sharing this data with third parties is prohibited. The process is entirely automated and no human checks the files individually. Most importantly, when uploading fingerprints or files, the user’s identity is automatically deleted to ensure complete anonymity.

  • Is the uploaded data encrypted?-上传的数据是否被加密?

Yes. Every communication step between the user’s system and the Protection Cloud is always encrypted using Transport Layer Security, or TLS.



参与人数 5人气 +5 收起 理由
驭龙 + 1 版区有你更精彩: )
心跳回忆 + 1 赞一个!
尘梦幽然 + 1 版区有你更精彩: )
huihui458 + 1 我只想知道怎么免费用?或变相免费用?
fuzhk + 1 国庆快乐



发表于 2014-10-6 07:30:26 | 显示全部楼层
本帖最后由 aaa839 于 2014-10-6 07:38 编辑
欧阳宣 发表于 2014-10-4 23:04

其实我还是断不了对主防的期盼,但愿APC能将对行为分析的学习成果 ...

APC 內部Avira代號名為NightVission 當時計劃是2011年已開始

但此等不會加入至本地,但留意APC本地會有一份Local Decider,Local Decider是一份類似是否需要上傳的名單

如果遇上APC已知但本地病毒庫是還未增加的,就是不用雙撃都可以顯示為HEUR/APC (Cloud)

而且就算Avira 2012派人來=/=雙隻在APC有合作,雖然看似相近




但未來會增加Kernel Sensor,不需要再必須雙撃才有機會觸發APC


URL Cloud發現你下載未知檔案時都會自動交由APC要求你上傳

发表于 2014-10-3 18:08:15 | 显示全部楼层
发表于 2014-10-3 18:10:09 | 显示全部楼层
发表于 2014-10-3 18:23:58 | 显示全部楼层
发表于 2014-10-3 18:59:32 | 显示全部楼层
发表于 2014-10-3 19:06:34 | 显示全部楼层
 楼主| 发表于 2014-10-3 22:18:49 | 显示全部楼层
@huihui458  APC在免费版里就有部署。
发表于 2014-10-3 23:39:12 | 显示全部楼层
欧阳宣 发表于 2014-10-3 22:18
@huihui458  APC在免费版里就有部署。


 楼主| 发表于 2014-10-3 23:44:22 来自手机 | 显示全部楼层
huihui458 发表于 2014-10-3 23:39


发表于 2014-10-4 10:21:43 | 显示全部楼层
您需要登录后才可以回帖 登录 | 快速注册


手机版|杀毒软件|软件论坛|卡饭乐购| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-7-17 10:59 , Processed in 0.056818 second(s), 10 queries , MemCache On.

快速回复 返回顶部 返回列表