Analysis of development trend of safety products

Peace is bred in the calm, the 2006 information security led the city to show an "alternative" temperament, but also let us to 2007 full of reverie. Strictly speaking, 2006 is not "security no big Deal", the user group is being subjected to the security pressure is further increased, open big closed attack and defense campaign in the entire information world. Will users be able to get a breather on security issues in 2007? How will manufacturers face a wave of security into the association? While reviewing the information security of the year 2006, try to take a variety of security products as the main line, what will happen in the pre-side in 2007.

Desktop Antivirus: To the unknown threat to war

Desktop computer users may be the 2006 's most unlucky group, the 2005 outbreak of the virus not only has not been curbed, but the trend has been growing. For 2006 years, spyware has been a pervasive threat to all of the world's networked desktops, hacker groups, spammers, unscrupulous businesses and individuals using spyware for profit, while the interests of users and trust in the web have been completely trampled. That momentum will continue in 2007, at the heart of it, as the pace of malware is still rising and more people are trying to release malware. The traditional virus discovery mechanism based on feature recognition has been severely tested, can the response speed of the manufacturer keep up with the virus? At the end of 2006 launched a variety of desktop-level security products, the unknown threat of defense technology status has been significantly improved. Although it is still not ideal in effect, it has made great progress compared with previous versions of the product. These engines can indeed detect unknown threats, whether for viruses or for software, which make it impossible to identify these threats accurately, and some products can even correctly determine how to handle these malware. In the 2007 security front, the unknown threat defense occupies a more important position, especially based on the behavior of the detection principle of hope to achieve a "broad spectrum" of protective effects, for the protection of spyware will play a prominent role.

Desktop firewall: Smart scrambling

At the very beginning, the fire-retardant components that were integrated into the desktop security suite were designed to match anti-virus capabilities. However, in the face of today's complex security threats, firewall components are becoming one of the main protagonists of desktop computer security protection. As far as we can see, most of the desktop firewall products are still difficult to perfect the protection of the user's computer, only a few professional-level products show reliable protection. Although many products can be customized with detailed fire-retardant rules, can be implemented for network protocols and application fingerprint integrated protection work, but for the user community, the burden of security problems is still not mitigated. Most users will complain that their fire jams are popping up with too many prompts, and many users are not aware of how the choice of "yes" or "no" will affect their computer security. This type of firewall product is more like a rigid detection tool than a user's security assistant. In the new year, firewall products will be more enthusiastic to promote their "intelligent characteristics", which is the only way for manufacturers, but also the real needs of users. Through the integrated database, "smart" fire blocking products should be able to identify the vast majority of commonly used applications, at least the user should not be QQ or even ie such as common applications to make fire blocking rules, we should allow these applications to access the Internet. At present, some firewall programs that provide autonomous decision-making ability can be determined by the user to decide how to execute these decisions, whether they are still judged by the users themselves, or the decision will be handed over to the computer. Obviously the main obstacle to the application of smart firewalls is its reliability, which is the direction of these products in the past 2007 years. Users may allow their firewalls to omit some security threats, but false alarms are definitely not allowed. Some application's anti-Setup program will send some information back to the manufacturer when the user performs the reverse installation, does the fire blocking product prevent these behaviors? From the point of view of secret protection We support these blocking behavior, but the premise is that our firewall component should be intelligent to judge whether the sending of this information will threaten the benefit of the users, which is the important goal of the development of firewall software in the next few years.

Anti-spam: Upper and lower reaches of QI efforts

Although more and more people and resources are being put into anti-spam activities, the results seem frustrating, and spam does not diminish and seems to be growing. Users have become accustomed to 90% of spam messages received every day, and email applications are dying from the perspective of user psychology. Security products vendors are actively building spam databases to expect their products to detect spam, but it is not easy to imagine an effective information base beyond the region. Even as the world's joint anti-spam message is in full swing today, there are still many difficulties in trying to completely block spam from different countries around the world. It is a sensible decision to block spam as far upstream as possible, and it is unreliable to rely too heavily on the spam detection capabilities of desktop security products. e-mail service providers such as NetEase and Sina are already able to implement spam controls, which, most of the time, do not send spam to users ' computers. However, there is still a lack of powerful anti-spam products for corporate post offices or other autonomously managed e-mail servers. But we believe that there will soon be anti-spam products for small and medium sized applications that integrate the technical features of most high-end products and are cheaper. In the distant future, a variety of anti-spam products will also be implemented between collaboration, spam content detection, spam address and other information will be labeled reliability level, and in a compatible format in different vendors ' anti-spam products "share." This information will also become a commodity, like those that are sold as spam destination addresses, and users can purchase the data to prevent the spread of spam according to their own needs.

Integration or separation: the fittest

UTM, the once deep shadow of the security product market pattern of nouns, is it still respected by people? At least in the UTM of many safety products suppliers, the frequency of the show is dropping dramatically, perhaps just a concept used to drive market growth, discarded after a loss of freshness. But the concept of integrated security has taken root in most security products, and more in-depth detection of transmission content has become a necessary feature. This result may prove to some extent the judgment we made in the previous two years, and integration is indeed the general trend of security product design. In 2007 years, the integration of the effectiveness of security products will still be significant progress, users can get better products. However, due to the wide application of network processor in security equipment, manufacturers have gained more experience, and there are more ways to reduce the cost of products. More importantly, vendors are better able to change their products to adapt to fast-changing security threats, and users can refine their "protection nets" by getting updates. As far as desktop security products are concerned, it is not a wise decision to populate the suite too much, and whether these features are well integrated determines the application effect of the product. Simply piling up and not forming the linkage between the various functional components, both for the protection of the ability or for ease of use is a fatal injury. In addition to the integration of various functions on the user interface, manufacturers will begin to try to integrate on the protection engine, on the threat database for the sharing of modules, so that the product beyond a single block of the level of comprehensive judgment, and even the product itself to improve their own judgment ability. As security threats integrate more and more features, collaboration between modules will greatly improve security threat detection capabilities, and the security suite can block this threat if any one of the modules discovers a threat. One thing is likely to be true, and the smaller, quieter, more robust security suite will replace the Big Mac as a new favorite for users. Unless it is guaranteed to be effective, users can no longer tolerate products that are less useful, but that are incredibly resource-intensive, to occupy their computers.