Looking back on the 26, how the antivirus engine has undergone a course of evolution

BEIJING, March 26, 1989, the world's first anti-virus software McAfee was born, the antivirus software has more than 26 years of history, the technical field has been a number of innovations, especially anti-virus products, the core technology-antivirus engine, but also from simple data matching, recognition to today's intelligent judgment and analysis. Looking back on the 26, the antivirus engine experienced how the evolution of the process, but also for our lives brought about?

What is the "antivirus engine"?

Technically, "antivirus engine" is a set of technical mechanisms that determine whether a particular program's behavior is a viral or suspicious program. Antivirus engine is the main part of antivirus software, is to detect and find the virus program. Figuratively speaking, it is an anti-virus product of the engine, without this engine, anti-virus product is just an empty shell, not normal operation.

All along, antivirus engine core technology in Germany, Russia, the United States and other countries, the more well-known antivirus engine including the Russian dr.web (large spider), Kaspersky (Kaspersky), the United States McAfee (McAfee), Germany's AntiVir (small red umbrella), And the Romanian Bitdefender (Peter van). At home, because technology accumulation and investment is not enough, antivirus engine few successful. Most manufacturers adopt BD, Kabbah and small red umbrella and other foreign engine shell of their own simple OEM way.

With the "Go to IoE" and "Prism Gate" events, the state of the importance of information security mentioned unprecedented height. As an important part of information security, anti-virus software needs to be independent and controllable, so the domestic security vendors to antivirus software core technology-antivirus engine began to turn to the overall autonomy.

The evolution of "antivirus engine" abroad

First from the foreign anti-virus engine, in the global computer virus history, there have been two more famous people.

One is the Russian Eugene Kaspersky. 1989, Eugene Kaspersky began to study the phenomenon of computer viruses. From 1991 to 1997, he led a group of assistants to develop the AVP anti-virus program in the Information Technology center of "KAMI", a Russian large computer company. Kaspersky Lab was established in 1997 and Eugene Kaspersky is one of the founders. In November 2000, AVP changed its name to Kaspersky Anti. Eugene Kaspersky is a member of the Association of Computer Anti-virus researchers (CARO), a member of the international top anti-virus expert. AVP's anti-virus engine and virus library, has been its rigorous structure, complete killing ability for the industry to praise.

The other is been soloman. The been Soloman, which he created, was once Europe's biggest anti-virus enterprise and was merged by McAfee as part of the largest security trust, Nai. In the early days, McAfee and some of Europe's anti-virus software companies often raised a battle, but their own anti-virus engine is not good, so McAfee deactivate its antivirus engine, instead of using acquisitions to been soloman products of the engine.

The evolution of domestic "antivirus engine"

In China, since the beginning of the 90 's antivirus software market, kill eminence end of the end, rising, Jiangmin, Jinshan and other domestic anti-virus software manufacturers gradually control the majority of the market. Subsequently, the antivirus engine experienced several generations of change, from the original "signature antivirus engine" developed to the mainstream of today's "heuristic antivirus Engine", China's network security core technology reached unprecedented heights.

The first stage: The 1989-90 's medium-term simple signature antivirus engine

The development of the virus produced the first generation of anti-virus engine-test method. This method can only judge whether the system is infected with virus and does not have virus scavenging ability. But the test method breeds the real anti-virus technology king-signature technology. It belongs to the second-generation anti-virus engine, the most dazzling star in the history of anti-virus, it not only opened the virus can remove the precedent, but also for the future development of anti-virus technology laid a solid foundation, when today, the technology is still the main anti-virus software technology, Baidu and Tencent said the autonomous anti-virus engine, its core is the same.

Phase II: 90 's mid-1998 broad spectrum Signature Technique

The broad spectrum characteristic code technology is the Jiangmin company first, Jiangmin also relies on this technology to create the former glorious. In essence, the broad spectrum signature is a common character string in a class of virus programs. For example, there are 10 kinds of viruses have used a piece of the same damage to the hard drive program, then the code extracted from the program as a signature, you can use a signature to check the efficacy of 10 viruses. This technology for some time, to deal with some of the deformation of the virus provides a method, but also makes the false positive rate greatly increased, so the use of Broad-spectrum signature technology has been unable to effectively kill the new virus, and may also be normal procedures as a virus mistakenly reported to the user.

Phase III: 1998-2007 heuristic Antivirus engine

Signature antivirus engine on the basis of signature, to kill the virus, real-time interception of the technology is still the basic principle of antivirus engine work. But there is also a flaw in this technique, which is that all signatures must be read into the computer's memory and that only known viruses can be removed. This is the rapid development of the Internet, a variety of new virus layer out of the era is not enough to maintain network security. Thus, a new technique-"heuristic antivirus engine", which is capable of killing unknown Trojan virus by means of behavior judgment, file structure analysis, and so on, is less dependent on the characteristic library.

Phase IV: 2008-2010 cloud killing engine

With the development of the Internet explosion, virus also began to a network of crazy development, to gray pigeons, panda incense as the representative of the network virus began to flood, officially opened the virus network development prologue, cloud security concept has been widely used in this period, and the early smell of its value is the trend of science and technology, The world's first launch of the cloud security system, followed by rising, became the first cloud security system founder.

Although rising, Jinshan have a cloud security system, but the rich have customers 360 soon prevailed, sat on the world's largest cloud security system, and at this time, Jiangmin has completely lost the ability to Jianyun security system, Tencent has just started through the security Butler shop its sample collection channels, and Baidu has not entered the security field.

Fifth phase: 2010-present artificial intelligence engine QVM

November 2010, 360 to the industry announced the seventh generation of anti-virus engine-AI engine qvm,qvm is Qihoo Support vector machine abbreviation, Chinese meaning is Qihoo support vector machine, it is in the Vapnik works of the machine learning classic " Based on the theory of statistical Learning germ, the theory of machine learning is applied to unknown virus identification for the first time.

Its technical principle is first through the analysis and classification of virus samples to form a sample vector and vector machine, and then set up a machine learning decision machine model, using decision tree and vector machine to study a large number of samples, so as to identify malicious programs or non-malicious programs. With the increase in the number of learning samples, and then with the white list, you can identify the unknown malicious program at the same time, reduce false positives, so that unknown virus identification technology for real business.

The future: The artificial intelligence engine leads the future

360 in the antivirus engine core technology achievements, to Tencent, Baidu and other domestic internet companies to enlighten. After years of research and development, Tencent and Baidu have launched an independent anti-virus engine tav and Snow Wolf, but are under the banner of intelligence, using the rising and jiangmin era of the first generation of engine technology, that is, "signature antivirus engine", in the 3 generation of the engine has been mature commercialization, Tav and the Snow Wolf engine are still in the first generation to the second generation of the transition process.

Different times have different technologies, anti-virus engine changes, can be said to be a history of the virus, it is because of the virus constantly updated, continuous variety, promoting the anti-virus product innovation, and constantly upgrade. With the rapid change of network technology security, the original security technology system has been basically ineffective, need new technology to upgrade to deal with complex security changes, and 360 AI engine or lead the future security technology development direction. (Beijing, the IT channel)