From the 1988 virus first found in China's small ball date, China has anti-virus computer on the road has gone through 20 years. 20 pronto, computer virus and anti-virus technology has undergone enormous changes, a computer virus so far has been more than a million species, and anti-computer virus technology has also been updated from generation to generation. As the first Chinese to engage in the study of computer anti-virus security software company, Jiangmin science and technology experience to witness and participate in the writing of computer anti-virus 20 years of Chinese history. China
history of the development of computer anti-virus for sectors in 1998 into the first 10 years and 10 years after the two important stages. The first 10 years of history is the main document and killing infected with the virus to guide the district's history, after 10 years is mainly directed against worms and Trojan history. Today, more complex computer viruses, most of the new virus is a set back door, Trojan horses, worms and so on in one of the characteristics of the hybrid virus, and virus technology from the past in order to copy the documents and their infection to cause trouble for computer users and for the prank The purpose, and turned into a confrontation with hidden anti-virus software and the implementation of the final ones for the secret purpose of the burglary. Especially since 2008, to evade anti-virus software's ability to kill in the ever-increasing drive-class core, the taking of image, ROOTKIT, associated with the registry, insert the process / thread, Jiake encryption, and so on, the virus has never been like this In this way, new technologies will be applied so comprehensive and so perfect. The magic rules, the High Road, Yi Zhang, a computer anti-virus technology in computer viruses and trial of strength has been elevated, with 20 years ago has been a qualitative leap.
DOS era Anti-Virus
both the virus or anti-virus, to a certain time period must be based on a certain category of the mainstream platform, from the DOS era so far, the operation took place three major platform evolving from DOS to WINODWS progress of the times, from the single-WINDOWS Operation of the current era of the Internet, the computer has information on a single island in the world of the Internet in the development of an information node, corresponding to the development of a computer virus is also closely related.
DEBUG manual antivirus
1988 to 1989, China has emerged in the first computer virus small ball and cannabis at a time when domestic anti-virus software does not, at this time, some programmers use Microsoft's software debugger defects DEBUG Follow-up to clear the virus, which has become the most primitive of the first hand-virus technology. DEBUG track running through the process of looking for a breakthrough in the virus, and then compile DEBUG powerful features to remove. DEBUG Debugging due to the strong ability of anti-virus in the early work has played a major role, but because of the need DEGUG proficient in the use of assembly language and some of the underlying hard disk technology, therefore, be able to use DEBUG skilled people do not kill viruses, and early DEBUG frequently used to track the virus to crack programmers, long the antivirus work in the process of accumulated experience, as well as samples of the virus, later to become the majority of computer anti-virus industry, the backbone technology.
on at that time, Jiang Wang Jiangmin-per-use scientific and technological co-founder DEBUG kill a virus, the preparation of a program, called KV1, when the virus killed 100, they put together called KV100, has been swept into the country The KV300, so that ordinary computer users do not need to master DEBUG, only KV will be able to use the antivirus. Of course, the development of computer viruses to the present, only KV2006 Jiangmin Anti-Virus software will be able to remove more than 130,000 kinds of viruses, our antivirus software no longer has long been used to name a few anti-virus, instead of using a common international approach to naming era . With the virus and operating system technology, as well as DOS virus from the stage of history, the current anti-virus engineers have little use DEBUG to crack the virus, but the general application of the IDA, OllyDbg, and other anti-compiler, but manual virus DEBUG Is still the older generation of anti-virus and the staff talked about the unforgettable memories.
intelligent broad-spectrum anti-virus technology
when the number of HIV increased dramatically, reaching tens of thousands of species, people found that many of the new virus is in fact the old virus, the virus writer in the old virus on the basis of amendments to a number of bytes, add A number of new features, so let anti-virus software can not be identified. At this time, if a virus is still a method of analysis, no doubt of the heavy workload. Could there is a way to extract such a common feature of the virus, since no matter how many variants of the virus, are able to levy a special code to killing. After the technical research and testing time, we have successfully developed a broad-spectrum anti-intelligence technology, which was antivirus technology such variants of the virus on the basis of fully analyze carefully extracted from the common characteristics of the virus, as long as the antivirus software Add a broad-spectrum signature, another variant can be no changes at all.
macro virus antivirus technology
1997 in the second half of Microsoft's popular Office gradually, but when I do not know from the start, many users found that the normal peacetime WORD document can not be printed, a finished manuscript can not go after the preservation .. …. A macro virus struck the tide! Jiang's anti-virus center received more and more calls began after anti-virus engineers, lead to such a strange phenomenon because computer users WORD document an unknown number of macro. Macro is a kind of WORD automate the operation of a set of orders, the virus is the use of the WORD features, some of the harmful code to add a macro commands in order to break the WORD of normal use, or even delete files WORD . As a result of this macro highly contagious, so called macro virus.
However, as Microsoft WORD document format and the algorithm is kept secret, and macro virus is the location where the file is not certain, and antivirus software to remove the macro virus can not undermine the WORD document, which in addition to the killing of macro with To great difficulties. Microsoft China for help in the failed company, after Jiangmin Anti-Virus Research Center of the one-month research, and finally the WORD format Toutou thorough research, they immediately upgrade KV300 antivirus engine and virus database, solve the macro virus problem. At that time, a measure of antivirus software antivirus capabilities, as long as he's handling of the macro viruses could be the case, and KV300 is the first macro virus can completely remove the antivirus software, along with other anti-virus software have begun to join the clear Macro virus function, slowly, macro virus began to gradually be wiped out.
double kill viruses and deformation
In addition to broad-spectrum anti-virus technology and macro virus antivirus technology, to remove the virus and guide the deformation zone, the file type double the virus is more typical of the DOS era of anti-virus technology. Double HIV infection not only guide the disk area, and infected executable file, have a common Flip / Omicron, XqR (Newcentury), Invader / intruder, Plastique / plastic bomb, 3584 / Zhengzhou (Wolves), 3072 (the fall of the Water), ALFA/3072-2, Ghost/One_Half/3544 (ghost), Natas (Ghost King), TPVO/3783 and so on, if only to lift a paper on the virus, and no hard drive to lift the main areas to guide the virus, the system guide When the virus will be transferred to the memory, will be re-infected files. If only the lifting of the main areas to guide the virus, and the executable files on the lifting of the virus not a virus implementation of the document, it will be hard to guide the main area of infection. The cunning cryptographic deformation of the virus, like a coil chaos, almost inextricably. Using a special technology Cha Du ways in which these viruses in a static environment, it will easily be found. The so-called static environment refers to the re-power, with a clean boot floppy disk. In this way, the memory can be virus-free status, use of special scanning software to take the initiative to search for the virus. That is, we can be broad-spectrum filter, Yidugongdu law, tracking method, the logic of law and reverse the developing law, memory inversion method, the virtual machine method, heuristic analysis, fingerprint analysis, neural network system … and so sensitive, so , The deformation of the HIV problem has been resolved.

评论暂缺 »

还没有任何评论。

这篇文章上的评论 RSS feed TrackBack URL

留下评论

发表评论您必须先登录。