本帖最后由 Karna 于 2019-3-29 14:35 编辑
nss-labs-aep-comparative-report-security.pdf
”The security effectiveness of a product is determined primarily by its block rate, but calculations also take into consideration the severity of each attack used in the test.“
”Block Rate is defined as the percentage of exploits and malware blocked within 15 minutes of attemptedexecution. Block Rate measures a product’s ability to block malware and exploits during download, on access, and during execution. “
● Malware Delivered over HTTP: In these web-based attacks, users click on malicious links to download andexecute malware.
● Malware Delivered over Email: In these inbound, email-based attacks, users are deceived into downloadingmalicious attachments in emails to execute malware.
● Malware Delivered by Docs and Scripts: In these attacks, malware is delivered via documents and scripts.Such attacks could be as simple as delivering malware using macros.
● Offline Threats: These attacks are performed on victim machines that are disconnected from the Internet.Attacks are delivered and executed with no cloud or backend connectivity or support. Victim machines arelater reconnected to the network.
● Unknown Threats: These threats have not previously been seen in the wild. They are either samples createdby NSS, or they are pre-existing samples that have been modified.
● Exploits: These are defined as malicious software that is designed to take advantage of existing deficiencies inhardware or software systems, such as vulnerabilities or bugs. In some cases, a user merely needs to visit aweb page hosting malicious code in order to be infected via exploits.
● Blended Threats: These threats possess the characteristics of both exploits and socially engineered malware.They attempt to make it difficult to distinguish between what is malicious and what is legitimate activity.
● Evasions: These techniques include packers, crypters, and other types of evasive techniques used to bypasstraditional antivirus signature detection.
感觉基本还是绕着弯子讲检出率,给了一定的时效性限制+攻击严重性考量。
|
发表于 2019-3-29 10:47:30
