了解恶意软件防护措施

2014/05/27

Traditional antivirus software to scan how to handle new malware emerging every day?

The answer is “not.” AV- Test Lab recently estimated that every day there are up to 55,000 new malware appears. While other security companies claim that their day can be detected up to 200,000 new threats. This means that the conventional scanner is almost impossible to completely updated. To make matters worse, more and more hackers use the “advanced persistent threat (APT)” strategy. APT is similar to conventional attack, but are generally more difficult to be detected or prevention. This is because they are using an unknown zero-day vulnerabilities, not yet identified for inclusion in the virus scanning or security patches.

Clear fundamental error strategy

The first antivirus software created in 1987, the aim is to clean the virus. Obviously it was not until today still have most of the scanners use this method! You only delete the infected files. This is similar to our only focus on removing dirt, but ignored to avoid soiling.

If we go by the logic of the study, the standard approach is fundamental errors. The scanner will each file for comparison with known virus file (which we called “black list”). This is only three possibilities:

“The document is good: If the file is not infected. Your computer course, no problem

“The file is bad: If the file is known viral infection, then was cleared antivirus software, your computer is still no problem.

“The file is unknown: If the file is an unknown virus, and you can not clear the virus, your computer is likely to be infected.

 

Obviously, this huge gap hackers to invade users’ computers. Security experts have been aware of this threat, and has advocated “layered network security solutions.” This means that the kind of “black list” of policy is only one layer of protection. For example, if a malicious file via blacklist interception, but the use of “heuristic behavior analysis” (Heuristic behavior analysis), then it is still identified as a threat.

Not just the detection, further comprising a protective

Unfortunately, there is no sound detection methods. Manufacturing operations at home but the virus botnet, sending malicious spam old can control the victim’s computer can have a lot of money, you do not need to go to the bank robbery. They always come up with many ways to not be detected. Using their own illegal way, they are very professional. They will release malicious software before using mainstream antivirus software tests to ensure the malware is not detected by antivirus.

Ask yourself, your server now, how many files have been unknown virus infection?

You do not know it, that is, of course, ah, you can not know the unknown.

That is why the defense of the last layer must be “controlled” and can not be “test.” This means that if a file has not been proven to be safe, then it does not allow access to the computer’s operating system and files. This is the “sandbox” concept. Sandbox is a virtualized operating environment, a program can run in isolation from the computer system in the sandbox. If the program is malicious, then it can not harm the computer system.

Komodo: computer desktop control

This is not surprising in recent years, more and more users use the sandbox technology. Independent sandbox is nowadays one of the most popular high-tech gurus. You can select a protected environment to run your program. Some of the major Internet Security Systems provides a sandbox environment, but they also require testing and user interaction.

Comodo On the other hand, in the enterprise and consumer protection system, using a single tesha box approach. This method is called “default deny”, with automatic sandbox. This is the only way to provide better protection, because it is the only feasible way to deal with unknown threats.

Comodo’s multi-layered defense system to check the use of white list known procedures, using a blacklist to identify file comparison file, and use heuristics to identify threats. However, using default deny that the file has not been identified as a threat is not enough. In the file there is still likely to unknown threats. Default Deny requested file is verified as “safe” to run on the operating system.

This may sound too strict, but that’s automatically sandbox technology. Unverified and suspicious files will run in a sandbox, if it is determined to be malicious, then the computer operating system will not have any damage. This solves the problem appeared in unknown threats before vulnerabilities.

Our confidence in their system and protection policies derived from experience. You may have heard of CryptLocker virus, which extortion software, using encrypted files for computer hostage, then you want the user pays only open solution to their files. Security experts say CryptLocker is a perfect and unique malware.

But in terms of Komodo, not a problem. There are more than 700,000 of the total installed capacity of Comodo antivirus software would not have received any reported problems encountered CryptLocker. In fact, in the past six years, we have never had to pay $ 500 to our warranty virus Comodo Endpoint Security users. That is why we call our protection technology as “seamless”.

Tags:

Write a comment

Name
Comment