【原创翻译+小白普及向】杀毒软件是怎样工作的

猪头无双

转自：https://antivirus.comodo.com/how-antivirus-software-works.php

没翻comodo中文官网，自己随手翻译的，也不好意思挂原创标签，改为分享，因为内容比较基础，也很简单，所以就直接把comodo官网上的一篇普及文发过来了。

这种东西各大杀软官网都有，就看你愿不愿意找了。相比较之下，comodo这篇科普文还算比较简单，适合小白理解，大神请无视。

转载请注明：卡饭论坛 猪头无双

+++++++++++++++++++++++++++++++++++++++++++++++

How Antivirus Works ?

Antivirus refers to the traditional means of fighting computer malware. While hackers have become very much skilled and prolific in their spread of malware, conventional antivirus are being augmented with more advanced techniques and features. Antivirus software has become one component of security suites that offers multi-layered protection for computers.

杀软是怎样工作的？

反病毒的传统定义就是与电脑中恶意软件对抗。随着黑客变得越来越技术熟练，传播的恶意软件种类越来越丰富，传统反病毒（手段）利用了很多高级技术和元素使自身得以增强。杀毒软件也成为了提供给电脑的多层安全防护中的一环。

Features of Antivirus Software

Background Scanning

Full System Scans

Virus Definitions

杀毒软件的特色

背景扫描

全系统扫描/全盘扫描

病毒特征码

+++++++++++++++++++++++++++++++++++++++++++++++

Background Scanning

Antivirus software scans all the files that you open from the back-end; this is also termed as on access scanning. It gives a real time protection safeguarding the computer from threats and other malicious attacks.

背景扫描

杀毒软件会扫描你从后台打开的任何文件，这也通常被叫做“按需扫描/实时监控”。这项技术给予了电脑在面对威胁及其它种类恶意攻击时的实时防护。

Full System Scans

Full system scans are generally not essential when you already have an on access scanning facility. Full system scans are essential when you install antivirus software for the first time or you have updated your antivirus software recently. This is done to make sure that there are no viruses present hidden on your system. Full system scans are also useful when you repair your infected computer.

全系统扫描/全盘扫描

全盘扫描在您已经拥有了实时监控的情况下并不是必须之物。全盘扫描只在您初次安装杀软或最近升级了杀软之后才是必须的。它能保证你的系统在扫描后没有病毒潜伏。当您修复已经被感染的电脑之后，全盘扫描也是必须的。

Virus Definitions

Antivirus software depends on the virus definitions to identify malware. That is the reason it updates on the new viruses definitions. Malware definitions contain signatures for any new viruses and other malware that has been classified as wild*. If the antivirus software scans any application or file and if it finds the file infected by a malware that is similar to the malware in the malware definition. Then antivirus software terminates the file from executing pushing it to the quarantine. The malware is processed accordingly corresponding to the type of antivirus software.
It is really essential for all the antivirus companies to update the definitions with the latest malware to ensure PC protection combating even the most latest form of malicious threat.

病毒特征码

杀软需要依靠特征码来识别恶意软件。所以我们需要经常更新特征码。恶意软件特征码包含任意新病毒的特征，以及一些已经确认产生变种*的恶意软件特征。如果杀软检测到某程序/文件已经被某个恶意软件感染，而该恶意软件又与某条特征码中规定的恶意软件很相似，那么杀软将中止该文件的执行，并将其送进隔离区。恶意软件将被根据杀软反馈回来的结果进行分类处理。所以，所有杀软公司都应该及时更新特征码来保证电脑能够对抗最新出现的恶意威胁。

_________________________________________________

* 原文中“wild”为野生、野蛮生长之意，根据汉语习惯及本文罗辑，改为“产生变种”——译者注


+++++++++++++++++++++++++++++++++++++++++++++++

Ways to get rid of viruses

Signature-based detection

Heuristic-based detection

Behavioural-based detection

Sandbox detection

Data mining techniques

远离病毒的方法

基于特征检测

基于启发检测

基于行为检测

沙箱检测

数据挖掘技术

+++++++++++++++++++++++++++++++++++++++++++++++

Signature-based detection - This is most common in Traditional antivirus software that checks all the .EXE files and validates it with the known list of viruses and other types of malware. or it checks if the unknown executable files shows any misbehaviour as a sign of unknown viruses.

基于特征检测：这项技术其实和传统杀软在检查所有的exe文件时的方法一样，都是比对已知的病毒/其他类恶意软件名单，进而确认（该文件是黑是白）。或者它将会检测是否有未知的可执行文件表现出任何不当行为，就像一种未知病毒（该有的）迹象一样。

Files, programs and applications are basically scanned when they in use. Once an executable file is downloaded. It is scanned for any malware instantly. Antivirus software can also be used without the background on access scanning, but it is always advisable to use on access scanning because it is complex to remove malware once it infects your system

文件、程序与应用在投入使用时都是监测对象。一旦一个可执行文件被下载，杀软会检测是否该程序内部含有任何恶意软件。杀软也可以不用实时监控，但是通常我们都建议启用实时监控，这是因为一旦病毒感染你的系统，它将立刻采用综合技术对病毒进行处理。

Heuristic-based detection - This type of detection is most commonly used in combination with signature-based detection. Heuristic technology is deployed in most of the antivirus programs. This helps the antivirus software to detect new or a variant or an altered version of malware, even in the absence of the latest virus definitions.

基于启发检测：这类检测技术通常被用来与基于特征检测结合使用。启发技术大多数杀软都会提供。该技术帮助杀软检测新病毒或已知恶意软件的变种或变体。该技术即使在特征码未能及时升级的情况下（依旧发挥作用）。

Antivirus programs use heuristics, by running susceptible programs or applications with suspicious code on it, within a runtime virtual environment. This keeps the vulnerable code from infecting the real world environment.

杀软在一个虚拟环境中利用启发技术执行带有可疑代码的可疑程序。这将保证被利用的代码不会感染真实系统环境。

Behavioural-based detection - This type of detection is used in Intrusion Detection mechanism. This concentrates more in detecting the characteristics of the malware during execution. This mechanism detects malware only while the malware performs malware actions.

基于行为检测：这类检测技术被用在“入侵防护机制”中。该技术更多专注于检测恶意软件执行时的特征。这项技术只有恶意软件表现出恶意行为时才会检测报毒。

Sandbox detection - It functions most likely to that of behavioral based detection method. It executes any applications in the virtual environment to track what kind of actions it performs. Verifying the actions of the program that are logged in, the antivirus software can identify if the program is malicious or not.

基于沙箱检测：它的功能很类似于基于行为检测技术。该技术将任何程序都放在虚拟环境中运行，来跟踪程序表现出的行为。通过对（沙箱内）运行的程序的行为进行分类，杀软能判断出哪些程序是恶意软件。

Data mining techniques - This is of the latest trends in detecting a malware. With a set of program features, Data mining helps to find if the program is malicious or not.

数据挖掘技术：这项技术是检测恶意软件的最新趋势。通过一系列的程序特点，数据挖掘技术可以帮助检测某程序是否是恶意软件。


+++++++++++++++++++++++++++++++++++++++++++++++

数据挖掘是个新名词，求科普。

写完收工。

贞观

顶一个！