看看Sophos的HIPS如何保护零日威胁

bukkake

SophosLabs™ develops the pioneering technology built into our products.
Our HIPS technology uses 4 layers of integrated detection to stop zero-day threats
- without the need for complex configuration.
Overview
Layers of detection
 
 HIPS detection in 4 layers

Our threat detection engine analyzes the behavior of code before it executes and prevents it from running if it is considered to be suspicious or malicious. It also uses runtime detection to intercept threats.
Pre-execution detection
1. Behavioral Genotype® Protection: Tuned to detect variants, families (like the Storm worm) and large categories of malware (like encrypted malware), Genotype Protection guards against unknown malware by analyzing behavior before code executes. It uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, all without allowing the code to run. Our threat detection engine detects zero-day threats without the need for signature updates or separate HIPS software.
View malicious behavior descriptions
2. Suspicious file detection: Where Behavioral Genotype Protection is tuned to detect only malicious files, suspicious file detection will identify files that are highly likely to be malicious, again doing this by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place. 
View suspicious file definitions
Runtime detection
3. Suspicious behavior detection: This layer of detection watches all system processes for signs of active malware, such as suspicous writes to the registry, or file copy actions. It can be set to warn the administrator and/or block the process. Unlike other behavior-based detection systems, there is no need for the administrator to train or fine tune analysis, as SophosLabs experts do the fine tuning.
View suspicious behavior definitions
4. Buffer overflow detection: A buffer overflow attack is reported when an attempt is made to exploit a running process using buffer overflow techniques. This detection system will catch attacks targeting security vulnerabilities in both operating system software and applications.
Read more about buffer overflow detection
索福斯计算机™开发的先进技术建成我们的产品。 
我们的HIPS技术采用4层的综合检测 ， 以阻止零日威胁 
-无需复杂的配置。 
概览
层的检测 
HIPS的检测在4层 

我们的威胁检测引擎分析代码的行为面前有执行和阻止其运行，如果它被认为是可疑或恶意的。 它还使用运行检测拦截威胁。 
预执行检测 
1 。 行为基因型®保护：调谐检测变种，家庭（如风暴蠕虫 ）和大类的恶意软件（如加密的恶意软件） ，基因型保护防范未知的恶意软件的行为进行分析之前，代码执行。 它采用前执行扫描，以确定的功能代码，它的行为很可能会表现出，所有未经允许代码运行。 我们的威胁检测发动机检测零日威胁，而无需签名更新或单独的HIPS软件。 
查看恶意行为描述 
2 。 可疑文件检测：凡基因型保护行为是调整检测只有恶意文件，可疑文件检测将确定文件，这些文件很可能是恶意的，这样做的再次确定哪些行为的文件将是如果该文件被运行。 这种检测提供的好处，一个传统的运行时行为为基础的系统，而不会影响系统的性能，或固有的安全问题，使文件运行前进行检测。 
查看可疑文件定义 
运行检测 
3 。 可疑行为检测：这层探测系统进程手表所有的迹象积极恶意软件，如suspicous写入注册表或文件副本行动。 它可以设定警告管理员和/或阻止这一进程。 与其它基于行为的检测系统，因此没有必要署长火车或微调分析，索福斯计算机专家做微调。 
查看可疑行为的定义 
4 。 缓冲区溢出检测：缓冲区溢出攻击的报告时，企图利用一个运行过程使用缓冲区溢出技术。 这种探测系统将赶上攻击的安全漏洞在操作系统软件和应用。 
阅读更多关于缓冲区溢出检测
感谢伟大的Google自动翻译

jingyanglf

楼主能否给一个小S的下载连接？我不知道该用哪个版本。前几天下了一个版本的，安装完以后自己给我创建了一个新账户，还设了密码，结果进不去系统了
很想试试这个杀软，楼主给了链接吧，谢谢了

Atlantis祭司

MS早就已经出补丁了……

bukkake

username:em091351   
password:do19so
https://secure.sophos.com/support/updates/dp/full/escw76sasfx.exe
用迅雷直接下。
安装过程中可选择是否安装防火墙。

axishero

小s不适合个人使用

jochelliu

为什么不适合个人使用

caolizhen

我更想看测试，人家自己说的嘛。。。。

白羊座

我说谷歌翻译的东西是给人看的吗……
比看原文还吃力，建议以后只上原文，不要翻译

einnawy

有没有hips评测呢，看扫描区成绩不错。

白羊座

不抱希望，从原文来看，基本上就和江民之类的差不多吧