原帖由 风野胤 于 2007-6-9 20:19 发表
还是不明白threatsence的原理
是把特征码发过去还是什么的
不知道这样有用没
ThreatSense® Technology
The zero-day attack, viruses, worms, and spyware are constantly evolving as malware writers attempt to circumvent security software. Traditional signature-based antivirus is reactive. Instead of trying to keep up with them, ThreatSense® stays a few steps ahead. The ThreatSense® engine is a sophisticated, well-balanced system of advanced heuristics and malware signatures, providing the best detection without compromising speed.
For many existing viruses, ThreatSense® includes a traditional form of malware signatures. ThreatSense® also utilizes next generation generic signatures to quickly detect known malware families and their future variants. This more adaptive form of signature specification enhances the ability of ThreatSense® to detect future variants.
Certain methods of heuristics can detect some basic macro and script viruses. ThreatSense’s® Advanced Heuristics engine enables detection of malware not specified in the signature database. It proactively decodes and analyzes executable code in a protected virtual environment in order to identify increasingly sophisticated malicious behavior, characteristic of today’s evolving threats. For example, WIN32 worms, backdoor programs, and trojans. This finely tuned engine catches more than 90% of so-called zero-day attack worms and viruses, which most other vendors miss without a signature update.
Archiving & Packing are techniques used by malware writers to circumvent signature-based detection. ThreatSense® includes a generic unpacking and emulation technology to decode virtually any hidden malware, in wrappers or modified by runtime packers. This sophisticated algorithm thwarts virus writers' efforts to go undetected.
This blended approach to detection leverages the benefits of each technology and makes NOD32 the fastest, most accurate, and lowest impact solution in the industry.
An Early Warning System
ThreatSense.Net extends the power of ThreatSense’s® powerful analytics on a global scale and acts as an early warning system. By automatically (or manually) submitting samples of new suspected malware to threat lab researchers for analysis, ThreatSense.Net helps close the window of vulnerability to new threats, including the zero-day attack.
ESET clients receive notification of new malware outbreaks and tips on how to protect themselves via this feedback loop as well. Globally collected information and statistics are made available online at www.virusradar.com. |