真的震撼了

solcroft

原帖由 EQ2 于 2007-3-27 20:50 发表
NOD32的里面写着病毒标签,同样是ITW,金山都能通过西海岸,但是通过不了VB100.偶也不说什么了,现在在学校,很多字都打不出来

嗯，West Coast Labs和ICSA的确糟
只要继续给测试费，就可以一直测试，直到通过为此
要看ItW病毒查杀能力，还是得看VB100%的，问题是如今单看ItW查杀力已经没什么意思了

坐在墙头

原帖由 EQ2 于 2007-3-27 20:50 发表
NOD32的里面写着病毒标签,同样是ITW,金山都能通过西海岸,但是通过不了VB100.偶也不说什么了,现在在学校,很多字都打不出来

天啊，不会说的这个吧
NOD32 antivirus system information
Virus signature database version: 2147 (20070327)
Dated: 2007年3月27日
Virus signature database build: 9419
Information on other scanner support parts
Advanced heuristics module version: 1.056 (20070317)
Advanced heuristics module build: 1149
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.052 (20070115)
Archive support module build version: 1179
Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.32
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.32
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.32
Operating system information
Platform: Microsoft Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 512 MB
Processor: AMD Sempron(tm) Processor 2500+ (1406 MHz)

风野胤

原帖由 坐在墙头 于 2007-3-27 21:13 发表

天啊，不会说的这个吧
NOD32 antivirus system information
Virus signature database version: 2147 (20070327)
Dated: 2007年3月27日
Virus signature database build: 9419
Information on other sca ...

应该不是这个吧
这个每次开机都看见
病毒库签名?
快了 快1万了
记得我刚装的时候才8千啊

solcroft

原帖由 坐在墙头 于 2007-3-27 21:13 发表
天啊，不会说的这个吧
NOD32 antivirus system information
Virus signature database version: 2147 (20070327)
Dated: 2007年3月27日
Virus signature database build: 9419
Information on other sca ...

... 无语...
如果是的话，这种英文能力程度也多多少少让人明白为什么会把HEUR/Crypted读成是报壳了...

ballakay

嗨!那是哄小孩的!有些病毒根本就无法在NT核心的系统上运行!

The EQs

Why not？？？？

solcroft

原帖由 EQ2 于 2007-3-27 21:45 发表
Why not？？？？

Because HEUR/Crypted is simply a heuristics algorithm designed to catch files that is deemed to be suspicious on the basis of being encrypted by multiple packers with the aim of obfuscating the code. It does nothing to determine if the contents of the file are malicious (that job is achieved by the HEUR/Malware algorithm), it simply reports that a file is suspected of trying to conceal its own code from inspection.

Now I know that the only part you understand of that is "Crypted", so that's the conclusion you jump to. You perform tests using methodology that create samples containing characteristics that the HEUR/Crypted algorithm is specifically designed to target, and you don't even bother to double-check your conclusions. The fact remains that unless you have access to the underlying codes and detection algorithms that AntiVir uses, there simply isn't any verifiable, scientific method to accurately claim one or the other - the exact reason why the so-called "tests" published earlier on this forum claiming to examine the ability of various antivirus software to unpack files were a complete load of rubbish. What else can I say?

The EQs

Have you tried？？？If you can't try it，you can't say

The EQs

I think you can have a try，not a theory

The EQs

You can add some packs to normal file，then it can run，you can test it.