360 Cloud Security Decryption

Cloud Computing in the global context more and more attention, cloud security, cloud antivirus concept also wind, and gradually in the safe anti-virus market foothold. In fact, when the concept of cloud security has been raised, there has been widespread controversy, and many people have expressed that it is a pseudo proposition. But the facts speak louder than words, the development of cloud security like a gust of wind, at present Qihoo 360, rising, Trends, Kaspersky, McAfee, Symantec, Jiangmin Technology, Panda safety, Jinshan and so on have launched their own cloud security solutions.

At present, in the cloud security technology, Qihoo 360 is walking in the domestic anti-virus software market First echelon of the company. Reporter hereby interviewed the Qihoo 360 Vice President Tanxiaosheng, to help users understand the cloud antivirus compared to the traditional anti-virus technology brings benefits, but also know that Qihoo 360 in the cloud anti-virus field of technology to make innovation and development.

Cloud Antivirus origin

Industry insiders said: "The cloud security" concept created by Chinese companies, which is actually unique in the field of international cloud computing. Cloud security through the network of a large number of clients on the Internet Software behavior anomaly monitoring, access to the Internet Trojan, malicious program of the latest information, pushed to the server for automatic analysis and processing, and then the virus and Trojan solution distributed to each client.

The entire internet, turned into a super large anti-virus software, this is the grand goal of cloud security program.

Can say, "cloud security" plan is the latest embodiment of information security in the network age, it combines the new technologies and concepts such as parallel processing, grid computing, unknown virus behavior judgment, and obtains the latest information of Trojan and malicious programs in Internet through a large network of clients ' abnormal monitoring of software behavior in the net. Transfer to the server for automated analysis and processing, and then distribute virus and Trojan solutions to each client.

Tanxiaosheng said: "In the past it is widely believed that antivirus software is only a client software." In fact, in the past few years, anti-virus software has gradually moved to the cloud. In fact, the killing of the soft industry into the cloud, behind the forced composition. From a figure is not difficult to see, killing the soft industry into the cloud is urgent. The number of malware found in 2010 was 10 times over 2009 years, while the number of malware found in 2009 was more than 10 times times more than 2008 years. Basically, the number of malware per year will increase by many times the number of the previous year. There is a phenomenon behind this, that is, the prevalence of viruses is decreasing year by day, the number of Trojans is increasing. So far, the number of Trojans to intercept every day millions of, and Trojan deformation speed is very fast. ”

Indeed, with the development of the Internet, malicious software has gradually complied with Moore's law. Qihoo 360 continues to count three years of malicious software growth of 10 times times a year, such a large number of malicious software to the traditional anti-virus software has brought a very big challenge, the traditional anti-virus software is to rely on virus characteristics to antivirus, virus feature library inside is the virus signature, the extraction of virus signatures need to get the virus samples first, The feature code is extracted by semi artificial semi-automatic method.

If you add 5 million new Trojans every day, no matter what semi-automatic extraction of signature tools can not handle, which makes the traditional security software or anti-virus software facing great security challenges.

Tanxiaosheng further explained: "We put the inspection of a software feature on the cloud." The client simply sampled it, sampled it, and sent it to the server-side cloud-scanned cloud, where thousands of servers were able to return to the software's authentication results after dozens of milliseconds to hundreds of milliseconds. ”

In addition, talk about why the cloud killing in the clouds. Tanxiaosheng also said: "In addition to processing power, there is another reason: the Web page changes very quickly, all the Web page hanging horse is not necessarily the owner of the site malicious horse." At this time, we get the confirmation information through the back sweep, go straight up to the common loophole to fill, and no longer affect the user's continued access. Similar to this, a summary in the cloud, hanging horse warning speed can be very fast, basically benefit from the data updates throughout the country. ”

Decryption Cloud Antivirus

Earlier, Zhou, speaking of cloud security, said security vendors must have a large number of users, enough server groups and a large amount of data processing capabilities, at least 1000 or more servers, upload hundreds of millions of samples a day to achieve real cloud security, and then the Qihoo 360 has been in the cloud security has been a lot of groping. Now, according to Eric's statistics, Qihoo 360 has now covered more than 70% of netizens, with a considerable user base, Qihoo 360 in the cloud security and cloud antivirus has been done handy.

So far, 360 have deployed thousands of servers nationwide to do cloud-safe services. Now every day to check the number of scans reached 50 billion times a day, the number of malicious Web site inspection in 50 million such a magnitude.

Tanxiaosheng gave the reporter an example: "To 360 mesh shield For example, we have a variety of web page inspection, the use of search engine technology." We have a cluster, on the one hand, to find and crawl the page, that is, grab the current user access to the Web page what. After the capture action is completed, put the horse to another Web site to detect the cluster, through a series of automated processing process, the initiative to determine whether the Web page has dangerous code, whether there are attempts to attack the client behavior, the use of a series of virtual machine technology. We have a webpage to hang a horse database, which has a very powerful engine. For example, users in the browser to visit a Web site, behind will send a request to go up, but this site is not safe, the engine will tell him, such as prompting users this site is safe, or dangerous. Especially for the page with the horse, we can respond between 7 and 8 milliseconds, and then give the user a hint-this page is a phishing page, please be careful. It is for the user to decide whether to continue or otherwise, and we have the responsibility to inform the user of the danger and to give the user the right to choose. ”

The 360 cloud security system has two major innovations. The first scanning technique that cancels the local signature, in other words, there is no signature in 360 of the security software, this is an original killing technology, in 360 of the cloud using cloud computing technology, collect nearly 1 billion of black programs, white programs and some unknown programs, when 360 of the product scanning your computer , it will connect to the cloud and then be better than the files scanned on your computer or bad files.

360 What is the technique for using the white list? When scanning out a good file or white file release, if it is a black file to prevent it from releasing, use this method to prevent Trojan in your computer to do bad things. After canceling this local virus library, it brings a lot of changes.

First of all, the speed of the computer increased, if the local put a virus library generally to hundreds of megabytes, will seriously affect the speed of your computer.

Indeed, for users, the 360 security Guardian cloud killing engine benefits is that on the user's local machine only scanning and killing engines, and not including any virus and Trojan Horse library, Trojan Horse library files are all placed on the central server. The biggest benefit is to avoid the traditional anti-virus software needs to constantly upgrade the characteristics of the library, occupy the system memory and resources, the end of the user's computer to drag down the drawbacks.

Cloud security not only can maximize the storage space and memory resources of users ' computers, but more important significance is to subvert the traditional virus prevention mode. Mature cloud security can be used to intercept trojans or viruses before they reach the user's computer.

The

Qihoo 360 gives its own mission to allow users, netizens secure Internet access, currently its efforts in the cloud security and cloud anti-virus technology, intensive cultivation, from a more comprehensive perspective, with more advanced technology to ensure the all-round benefit of netizens, and strive to do a cloud era under the Internet security company respected by netizens.