Virus false report and false alarm

As we all know, for the traditional anti-virus software which relies mainly on the virus signature library, the omission is an important drawback which cannot be overcome. For the past, the number of viruses is relatively small, the network is not widely used, the disadvantage is not so obvious. However, with the wide use of the network, the number of viruses produced more and more, the spread of the virus is impossible to guard against the situation, the traditional anti-virus software increasingly powerless. The growing number of virus-signature libraries, which look as if they can kill more and more viruses, but in fact many types of viruses are identical, many signatures are just the same virus variants, so that this anti-virus way more and more people a sense of humor.

In order to alleviate this problem of traditional anti-virus software, some people begin to come up with some new ideas, in which heuristic search is a common extension function of traditional software increase. This function is monitored according to some behavioral characteristics of the virus, but this kind of behavior is often single, so it creates a new problem, that is, the false alarm rate is very high, may be annoying, and especially the ordinary computer users easily confused. Because some of the same techniques are sometimes used for normal programs and virus programs, this leads to a frequent flurry of heuristic scans that take a single feature monitor.

Monitoring the behavior characteristics of viruses is a new way of thinking, because this kind of monitoring method can make the most possible advance alarm to the new virus and its variants, and to the greatest extent to avoid many losses for computer users. But there is also a drawback to this anti-virus approach, which is that it is difficult to completely avoid false positives. To reduce this way to produce false positives, the key is to be able to more accurately analyze and summarize the main key behavioral characteristics of various types of viruses, and can automatically carry out a variety of behavioral features integrated monitoring analysis, that is, can imitate anti-virus experts to logical thinking, so that greatly improve the accuracy of judgment, and reduces the likelihood of miscalculation. Of course, it should be impossible to avoid false positives completely and absolutely. Anything that has its advantages will have its disadvantages, and absolutely pure things do not exist.

Because of the proliferation of viruses, coupled with the widespread use of the network to bring the spread of convenience, this reality has been the traditional anti-virus software cornered, in the current people put forward the virus defense thought, through comprehensive monitoring of various types of virus behavior characteristics of anti-virus undoubtedly has great advantages and development prospects, Should represent the development trend of virus defense technology for a long time in the future.

The future development direction of antivirus technology is already basically OK, the future question is, who can more accurately grasp the characteristics of the virus, and the most likely to reduce false positives to almost acceptable to the average person, then the active defense software can be said to be basically successful.