Active Defense or active immunization?

Emergence of active defense

In recent years, people have evolved from medical treatment to regular health check and prevention. The concept of security threat defense in the information security field is also changing. "Pattern" identifies viruses as the main technical means of anti-virus software, but this method can only serve as a final solution-only after a piece of code has been compiled can we determine whether the code is virus, to detect or clear the virus. Antivirus software vendors can extract feature values from the virus body only after detecting and capturing the new virus. This makes anti-virus software always lag behind the emergence of new viruses, just as users have to go to hospital for treatment after being infected with the flu. Various phenomena force security vendors to begin to develop new defense technologies, and active defense is born!

Development of active defense technology

Active Defense has been launched for two years. In the general sense, "active defense" is to monitor the process behavior throughout the process. Once a "violation" behavior is detected, the user will be notified, or terminate the process directly. Like a private doctor, active defense technology checks whether the other party is abnormal before others infect you with the virus, for example, "the face is dark and the mind is confused ", but not all mentally unhealthy people carry the flu virus. Therefore, the false positive rate of "active defense" is very high, and the active defense vendor has to grant permissions to users so that users can decide whether or not it carries viruses, in this way, it is difficult for common users to determine whether the program harms the System Based on "behavior", and the endless pop-up window also makes users very disgusted. When active defense technology is at the bottleneck stage, active defense technology vendors that focus on microservices have to develop custom whitelist rules to avoid false positives. Active Defense is more intelligent than general soft defense techniques, but it is precisely the intelligence of active defense that allows hackers to take advantage of it. Hackers can use the blacklist to change rules and bypass alerts to pose threats to user system security. However, the evolution of active defense is indeed much more convenient.

What is proactive immunization?

Recently, a new defensive technology has begun to crash, that is, the active immune technology we will talk about below. It is a brand new defense technology against unknown viruses and Trojans. If active defense is a doctor, the security of active immunization technology is more like a universal immunization vaccine through permission settings, it can be said that the system is infected with viruses and leaves are not infected. However, the active immunization technology is still dangerous. For example, when installing some programs, you must use the Administrator permission. In this case, permission Control for each application is cumbersome. For example, if you are a security expert of the hacker who is pushing this technology, you need to right-click the attacker's privilege escalation tool to install the program without administrator privilege, the ink official repeatedly reminds users to use this function with caution.

Will defense technologies go through active immunization or active defense?

The current active defense is actually an extension of the existing security technology by security vendors. "active defense" is considered as resource access rule control (HIPS) resource Access Scanning, malicious behavior analysis engine, and other technologies.

Its functions make up for the lag of the traditional "scan and removal of signatures" Technology on new viruses. However, active defense in users' eyes should be able to automatically block and clear unknown threats, just like immune. Active Immunization is a combination of international cutting-edge anti-rootkit Technology, automatic identification White List technology, and super permission management technology. Compared with active defense, the active immunization technology has released some space for unknown programs. When unknown viruses and Trojans are not in or in contact with each other, the user's computer is "immune, even if these harmful programs come in, users cannot be attacked. The proactive immunization technology not only controls the permissions of viruses and Trojans, but also allows other unknown programs to run properly.

Whether it is active immunization or active defense, we have seen the transformation from anti-virus to defense by security vendors to cope with the current situation of virus and Trojan Horse super breeding. As security protection becomes more difficult, users want security companies to speed up their R & D and innovation, and realize the "magic!