Is defense ahead of virus and Trojan Horse?

The Flash 0-day vulnerability broke out in February 1890453. According to statistics from related security companies, users suffered from Hack only from February 30 to February 30. exploit. swf. the attack of virus A is due to the difficulty of upgrading Adobe vulnerabilities. It is difficult for common users to find this "desperate" security solution. It has already been repeated for 20 years, looking at the fatigue of the anti-virus industry, some insiders have vividly compared traditional anti-virus software to "shield", which is always passive. Obviously, A strong "shield" also has the day when it was cracked. Instead of using the scarred "shield", it is better to build a sharp "sword ". Passive Anti-Virus is not the only method. The product that develops the concept of "immune defense" is an effective way to defend against the first wave of anti-virus attacks and prevent unknown new viruses, at present, security vendors have already mentioned this and have developed some immune products. Let's take a look at the four popular immunization technologies applied to the software:

I. HIPS

HIPS is a software that monitors the running of files on your computer and uses other files and files to modify the registry, and reports the requested software to you. If you stop it, it cannot be run or changed. For example, if the HIPS software jumps out a report and you stop it when a trojan that is not scanned and killed uses the vulnerability to download the execution program, the virus still does not run. "Virus variants are new every day, which may keep pace with the virus, and HIPS can solve these problems ." However, the critical defect of HIPS is that it is difficult for basic users to distinguish the currently running programs from viruses or normal programs. The endless pop-up prompts make users very disgusted. HIPS are also known as a master toy.

Ii. Active Defense

Active Defense is evolved from HIPS. It can be said that smart HIPS refers to a type of HIPS that can be protected by systems without or without manual protection rules. Usually, the active defense has built-in judgment methods and processing rules customized to the blacklist, so it can automatically judge and process according to the degree of danger of program behavior, A small amount of difficult-to-Judge program behavior will prompt the user and be judged and handled by the user. It shows a certain degree of intelligence. It is also the intelligence of active defense that gives hackers the opportunity to use blacklists, change rules, bypass alarms, and pose a threat to user system security, however, it is much easier to take the initiative to defend against HIPS.

Iii. Permission Control

Compared with the previous two technologies, permission control is more secure. First, this technology is launched for the UAC that comes with the Microsoft operating system Vista. However, Windows Vista's UAC is one of the most controversial features of Vista. Microsoft officially announced that with UAC, users can ensure system security without installing anti-virus software. Originally, UAC was a powerful weapon to protect against viruses and Trojans, reducing users' daily security problems. However, users do not think that almost all processes and running programs can be intercepted, especially for programs that attempt to automatically install or run with administrator privileges, as a result, the user is suffering from UAC's madness, and the skills and methods of disabling UAC are everywhere on the Internet. Microsoft's original intention has also been completely changed. The failure of UAC has taught the security vendors a lesson. The hacker security experts, who also use permission control technology, offer a revolutionary technique that focuses more on the user experience. To be successful, we still need to observe. In terms of technology competition with Microsoft, I always feel a little pressure.

Iv. Sandbox Technology

Sandbox English name as its name implies, it can be regarded as a container, and everything in it can be retried. In the military, sandboxes are often used to simulate the terrain of war areas. Have you ever seen this? If you don't need it, you can flatten the sand.
The Sandbox we mentioned is a security software that can put a program into the sandbox and run it. In this way, all the files and registries created, modified, and deleted by it will be virtualized and redirected, that is to say, all operations are virtual, and real files and registries are not modified. This ensures that the virus cannot change key parts of the system to damage the system. However, when users want to change system settings and save files, the virtual system cannot implement real operations, so there are still few layers of sandbox technology that can be applied.

Whether it's permission control or HIPS, we can see that security vendors are transforming from anti-DDoS to anti-DDoS, relying on traditional pattern scanning to soft removal, today, virus and Trojan horses are still struggling. For personal users, Internet cafes, and other entertainment occasions, it is even more common for robots and bots to steal accounts. With the rapid spread of viruses and Trojans, it is more difficult to ensure security. Users' demands for security companies have evolved from simple demands to gradual reliance. In particular, the security problem of computers in Internet cafes has also become the biggest heart disease for Internet cafe owners, we will wait and see whether security vendors can hold on.