In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/03 Report--
In this issue, the editor will bring you about the typical anti-virus technologies. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.
Typical anti-virus technologies are: (1) signature technology, based on anti-virus technology for analyzing and solving known viruses; (2) virtual machine technology, heuristic anti-virus technology for detecting unknown viruses; (3) virtual reality, future anti-virus technology, hierarchical testing and the use of anti-virus programs.
Typical antivirus technologies are:
I. signature technology: anti-virus technology based on the analysis and solution of known viruses
At present, the main methods adopted by most antivirus software are signature detection scheme and manual detoxification, that is, signature code is used to check virus and manual detoxification code is used to kill virus.
The signature detection scheme is actually a simple expression of the experience of manual virus detection, which reproduces the general method of manually identifying viruses and adopts the principle of "some part of the code of the same virus or similar virus is the same", that is, if the virus and its variants and deformable viruses have identity, the identity can be described. The virus is found by comparing the program body with the description result (that is, "signature"). Not all viruses can describe their signatures, and many viruses are difficult to describe or even unable to describe with signatures. The use of signature technology needs to achieve some supplementary functions, such as the recent compression package, compressed executable file automatic killing technology.
However, the signature detection scheme also has great limitations. The description of signature depends on human subjective factors. Extracting more than ten bytes of virus signature from a virus that is thousands of bytes long requires tracking, disassembly and other analysis of the virus. If the virus itself has anti-tracking technology and deformation, decoding technology, then tracking and disassembly to obtain the signature will become extremely complex. In addition, in order to capture the signature of a virus, it is necessary to obtain the sample of the virus, and because the description of the signature is different, the signature method is difficult to get wide support in the world. The main technical defects of feature code checking virus are large false positives and false positives, and the antivirus technology leads to the technical lag of anti-virus software.
Virtual machine technology: anti-virus technology for heuristic detection of unknown viruses
The main function of virtual machine technology is to be able to run a regular description language. As the final criterion of the virus is its replication infectivity, and this standard is not easy to be used and realized, if the virus has been infected to determine that it is a virus, it will bring trouble to the elimination of the virus.
So what is the method of checking for the virus? Objectively speaking, among all kinds of virus detection methods, the eigenvalue method is the widest, fastest, simplest and most effective method. However, due to its own defects, it is only applicable to known viruses. For unknown viruses, if you can let the virus run under control for a period of time and let it restore itself, then the problem will be relatively clear. It can be said that the virtual machine is the best choice in this case.
Virtual machine is widely used in anti-virus software, and has become a trend of anti-virus software at present. A relatively complete virtual machine can not only identify new unknown viruses, but also eliminate unknown viruses. We will find that this anti-virus tool is no longer a program, but an ibm dark blue supercomputer that can compete with Kasparov. First of all, the virtual machine must provide enough virtual to complete or nearly complete the "virtual infection" of the virus; second, although the standard of "infection" established according to the definition of the virus is clear, if this standard can be implemented, it will still have problems in judging the virus. Third, if the previous step can pass, then we must detect and confirm that the so-called "infected" file is indeed infected by the virus or its deformation.
At present, the virtual machine mainly deals with file-type viruses. In theory, bootstrap viruses, word/excel macro viruses and Trojans can all be handled by virtual machines, but the current implementation level is still far away. Just as virus coding deformations invalidate traditional eigenvalue methods, new viruses for virtual machines can easily invalidate virtual machines. Although virtual machines will continue to develop in practice. However, the computing power of pc is limited, the manufacturing cost of anti-virus software is also limited, and the development of viruses can be said to be unlimited. It is quite difficult to make virtual technology more practical, and even use it as a basis to remove unknown viruses.
Restricted by the fundamental premise that viruses are theoretically indeterminable, in fact, whether heuristics or virtual machines can only be an engineering effort, and the probability of success can never reach 100%. This is the only but helpless defect.
III. Future anti-virus technology: virtual reality
The prospect of future technology may be an almost ethereal fantasy, but just as the original description of a computer virus appears in science fiction, although there are still many technologies that we are still implementing but have not yet implemented, there are even many factors that we have not considered at all. As long as the technology is mature enough, it is entirely possible for anti-virus technologies similar to artificial intelligence to appear in the network world.
One of the difficulties of anti-virus in the future is that we will never be able to write a reasonable program to identify and kill viruses. The virus has mastered everything that humans know, and it can also identify and analyze anti-virus programs and reprogram itself, while anti-virus programs are likely to detect viruses and then program themselves. The competition between viruses and anti-virus programs becomes the realization of self-programming ability, and this result can only lead to the tension of cyberspace, or even collapse!
We can also consider another way: manually entering the world of computing networks to detect and kill viruses. People have enough intelligence and experience to identify and kill the virus, and this only leaves the problem of building a "bridge" between people and computers.
The current virtual reality technology focuses on the realization of the computer description of the way people communicate with each other in the natural world, just as all people's perception is finally sensed to the brain. the brain makes an experiential description of this kind of sensing, thus forming perceptual consciousness. If the computer expresses the binary code flow as the flow information of brain waves and senses it to the brain, it can completely describe, guide and control all human thinking. To put it simply, there is such a general interface between human thinking and computer language!
If this theory can be realized, virtual reality technology will enter a new field of development. Although it is theoretically impossible to accurately judge and prevent the virus when it is unknown, in practical application, after years of statistics, analysis and research accumulated experience by anti-virus experts, it is entirely possible to carry out a classification system to determine the danger of the virus in a probabilistic way and use an anti-virus program to achieve a more accurate defense against the invasion of unknown viruses to a considerable extent.
These are the typical anti-virus technologies that the editor has shared with you. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 238
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.