Microsoft is far ahead of these archaic techniques of asking the user, which have been proven by their own telemetry not to work well for the typical consumer.Instead, MSE monitors all files and behavior on the PC and if something new occurs that isn't included in its signatures it will upload this information using the Dynamic Signature Service (DSS) to SpyNet. If the file and/or activity are known to be malware by SpyNet, MSE will download the 'new' definition provided by SpyNet and deal with it. If it's unknown, the information will be sent by SpyNet to the Microsoft Anti-Malware Team analysts to determine whether the new item is malware or not and add it to the definitions if so or whitelist it if it's not.
You should also recognize from this that not all definitions need to be stored on each PC, only those for the most common threats currently 'in the wild'. So the signature database on your local PC is simply treated as a cache of the most common items that you're likely to encounter at this point in time and the combination of SpyNet and DSS acts as a much larger and more complete database of all known threats or whitelisted items that your PC can access whenever it's required.
This is exactly what you're asking for, but it doesn't spend time asking the user something that in most cases they are technically incapable of answering or understanding. It just does what it knows is best for the user and in general speeds the response time for the protection of all users while reducing the number of false positive responses by not 'guessing' based on its heuristics. It simply uses these systems to help it determine more quickly if the potential threat is known and speeds the required information to the Anti-Malware team if it's not.
发表于 2010-12-21 16:35:45
楼主
表示看不懂英文