单开一贴咨询：各家OEM的BD 引擎的具体情况

橡果公爵

很多杀软OEM了BD的引擎，貌似都比BD原本来得流畅，哈哈。


想问一下了解的高人，比如360，FS，bullguard这些OEM BD的杀软，对引擎做了哪些优化或者删改，还保持原版引擎的几成功力？

如果一个杀软OEM了BD的2009/2010/2011引擎的话，和原版的相应年份的引擎相比，OEM功力有下降吗？

PS:主要讨论引擎哦，OEM杀软自己新加入的功能，比如云，暂不讨论。

猪头大队

帮顶吧，

不过可以说360的主打是云，用云来弥补BD阉割后的不足；FS有deepguard，也是云；bullguard没用过，不做评价

橡果公爵

帮顶吧，

不过可以说360的主打是云，用云来弥补BD阉割后的不足；FS有deepguard，也是云；bullguard没用过 ...
猪头大队 发表于 2010.8.25 14:46

谢谢。360是否阉割了人家的behave？

猪头大队

谢谢。360是否阉割了人家的behave？
橡果公爵 发表于 2010.8.25 14:48

这个不清楚，不过在我试用的那段时间里，没见到启发技术发挥作用

andylau

你是說整個rebrand的OEM，還是Engine SDK的OEM?
如果是SDK Engine的話就不是分2009/2010/2011，而已引擎版本，現在V11的引擎都好像能升級到最新了
後者的話，只是SDK引擎而已，沒有包含其他功能，比如AVC

所以引擎的功力應該是沒差的吧，你可以對比一下OEM的bdcore.dll和原廠的HASH是不是一樣，當然也可以對比一下庫文件是不是一樣呢

橡果公爵

回复 5楼 andylau  的帖子
好专业，谢谢指点。
我觉得BD的BEHAVE技术才是值钱货啊，不知道BD是否毫无保留地给人家OEM去了。是的话就好了。

   

chabosh

核心技术是不会给别人的
否则自己死定了

橡果公爵

bullguard确实是BD的V11引擎。。。。

andylau

回复
好专业，谢谢指点。
我觉得BD的BEHAVE技术才是值钱货啊，不知道BD是否毫无保留地给人家OEM去了。是 ...
橡果公爵 发表于 2010.8.25 14:53

B-Have

B-HAVE is BitDefender’s behavior-based heuristic detection technology. The technology is designed to detect and block new and unknown threats, without the need for new virus signatures. B-HAVE monitors files in a virtual computer environment and watches for malware-like behaviour.

B-HAVE simulates a relatively simple computer, by means of a system emulator that emulates a processor and memory and a virtual hardware emulator that emulates other bits of hardware such as a hard-disk or a display.

When an untrusted program reaches the start point of a known code sequence, or is packed with a known packer, or generates a known system call a (VM-) native routine (called an acceleration routine) is executed which functionally emulates the code sequence, unpacking routine or system call in question.

The end results are then analyzed by means of a virtual machine inspection engine, a file inspection engine (which inspects any files that get created as a result of untrusted code being executed) and a memory inspection engine.

A file may be deemed malicious if at the end of the emulation run one of the watched files on the hard disk has been modified (e.g., the hosts file) or if some other conditions are satisfied (e.g. a file has been created that matches the signature of a known virus, or the suspect program tried to change/read a sensitive memory location).

This entire process takes place in just fractions of a second. If the owner of the BitDefender software has set it up so, a malicious file which matches no known signature is then sent to the BitDefender lab for further analysis - eventually, a new signature is generated and distributed so the process needs not be repeated when another machine has to deal with the same file.

The B-HAVE technology has enabled BitDefender to consistently score high marks in pro-active detection effectiveness in independent tests






            AVC            BitDefender ® Active Virus Control is an innovative proactive detection technology which uses advanced heuristic methods to detect new potential threats in real time. It monitors each program running on your PC, as it executes, and notes malware-like actions. If enough such actions are detected, the program which performed them is declared harmful.
        Unlike any other heuristic technology that only checks files when they are accessed or first started, Active Virus Control monitors everything applications do as long as they are active.
        Monitoring is achieved through DLL injection at process startup - that is, each process is assigned a "watcher" which stays with it througout the entire time the process is active, reporting certain activities to a server which in turn decides (based on how many potentially harmful activities and of what kinds a process has performed) which processes should be classified as malicious and stopped.
        Active Virus Control is included in all consumer versions of BitDefender products.
   

.

士兵许三多

俺的天啊，根本看不懂，菜鸟飞过，我来学习一下好了……