|
220110
荣誉版主
积分 718
发帖 313
注册 2005-9-26
状态 离线
|
『楼 主』:
想了解杀毒软件原理
使用 LLM 解释/回答一下
大家能告诉我,杀毒软件的原理吗?我突然想了解了解,呵
Can everyone tell me the principle of antivirus software? I suddenly want to learn about it, heh
|
|
 2005-10-23 19:31 |
|
|
不得不爱
超级版主
我爱DOS
积分 5310
发帖 2044
注册 2005-9-26
来自 四川南充
状态 离线
|
|
|
2005-10-24 08:07 |
|
|
220110
荣誉版主
积分 718
发帖 313
注册 2005-9-26
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
不,你抬举了我。
正因我不会,所以我才请教。
No, you flatter me.
It's because I don't know how, so I'm asking for advice.
|
|
|
2005-10-24 08:34 |
|
|
JonePeng
金牌会员
D◎$ Fαп
积分 4562
发帖 1883
注册 2004-1-19
来自 广东广州
状态 离线
|
『第 4 楼』:
使用 LLM 解释/回答一下
大概就是先读取病毒特征代码库,然后逐个文件进行扫描,遇到文件某一部分(通常是结尾部分)与某个病毒特征代码匹配的话,就将此文件的病毒特征代码清除。
Probably, it is to first read the virus signature code library, and then scan each file one by one. If a certain part (usually the end part) of a file matches a certain virus signature code, the virus signature code of this file will be cleared.
|
----====≡≡≡≡ 我的至爱,永远是MSDOS!≡≡≡≡====----
 |
|
|
2005-10-24 12:55 |
|
|
maya0su
中级用户
积分 241
发帖 131
注册 2005-9-28
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
如楼上所说,确实,不过,现在多好病毒能够加进一个文件,而不让文件异常(文件占用空间不变),所以杀毒软件就是比较整个文件所占的扇区,然后根据病毒特征码比较!
As the upstairs said, indeed, but now many viruses can be added to a file without making the file abnormal (the file occupies the same space), so the antivirus software is to compare the entire file's occupied sectors and then compare according to the virus signature!
|
房东说:这娃是个好孩子! |
|
|
2005-11-7 17:21 |
|
|
220110
荣誉版主
积分 718
发帖 313
注册 2005-9-26
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
第一代反病毒技术是采取单纯的病毒特征判断,将病毒从带毒文件中清除掉。这种方式可以准确地清除病毒,可靠性很高。后来病毒技术发展了,特别是加密和变形技术的运用,使得这种简单的静态扫描方式失去了作用。随之而来的反病毒技术也发展了一步。
第二代反病毒技术是采用静态广谱特征扫描方法检测病毒,这种方式可以更多地检测出变形病毒,但另一方面误报率也提高,尤其是用这种不严格的特征判定方式去清除病毒带来的风险性很大,容易造成文件和数据的破坏。所以说静态防病毒技术也有难以克服的缺陷。
第三代反病毒技术的主要特点是将静态扫描技术和动态仿真跟踪技术结合起来,将查找病毒和清除病毒合二为一,形成一个整体解决方案,能够全面实现防、查、消等反病毒所必备的各种手段,以驻留内存方式防止病毒的入侵,凡是检测到的病毒都能清除,不会破坏文件和数据。随着病毒数量的增加和新型病毒技术的发展,静态扫描技术将会使查毒软件速度降低,驻留内存防毒模块容易产生误报。
第四代反病毒技术则是针对计算机病毒的发展而基于病毒家族体系的命名规则、基于多 位CRC校验和扫描机理,启发式智能代码分析模块、动态数据还原模块(能查出隐蔽性极强的压缩加密文件中的病毒)、内存解毒模块、自身免疫模块等先进的解毒技术,较好的解决了以前防毒技术顾此失彼、此消彼长的状态。
转载自:"http://www.jijiao.com.cn/leafbak/Vintro/Vknow/00000013.htm"
The first generation of anti-virus technology adopted simple virus signature judgment to remove viruses from infected files. This method can accurately remove viruses and has high reliability. Later, with the development of virus technology, especially the application of encryption and polymorphism technology, this simple static scanning method became ineffective. Then the anti-virus technology also developed a step further.
The second generation of anti-virus technology adopts the static broad-spectrum signature scanning method to detect viruses. This method can detect more polymorphic viruses, but on the other hand, the false positive rate also increases. Especially, the risk of removing viruses with this loose signature judgment method is very high, which is easy to cause damage to files and data. So the static anti-virus technology also has insurmountable defects.
The main feature of the third generation of anti-virus technology is to combine static scanning technology with dynamic simulation tracking technology, integrate virus detection and virus removal into one, form an overall solution, and can fully realize various necessary means for anti-virus such as prevention, detection, and removal. It prevents virus intrusion by resident in memory, and can remove any detected virus without damaging files and data. With the increase in the number of viruses and the development of new virus technologies, the static scanning technology will slow down the virus detection software, and the resident memory anti-virus module is prone to false positives.
The fourth generation of anti-virus technology is based on the development of computer viruses, based on the naming rules of virus family systems, based on multi-bit CRC checksum scanning mechanism, heuristic intelligent code analysis module, dynamic data restoration module (can detect viruses in highly hidden compressed and encrypted files), memory detoxification module, self-immune module and other advanced detoxification technologies, which well solve the situation where previous anti-virus technologies were unable to give equal attention to different aspects.
Reprinted from: "http://www.jijiao.com.cn/leafbak/Vintro/Vknow/00000013.htm"
|
|
|
2005-12-6 19:03 |
|
|
htysm
高级用户
积分 866
发帖 415
注册 2005-12-4
状态 离线
|
『第 7 楼』:
使用 LLM 解释/回答一下
你最好去问一下杀毒公司。
You'd better ask the antivirus company.
|
|
|
2005-12-9 13:47 |
|
|
Brucelkc
新手上路
积分 18
发帖 5
注册 2005-12-14
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
好东西啊,学到了很多!谢谢!
能介绍怎么能免费用正版的杀毒软件啊?
而且还能智能升级的那种!
Great stuff! Learned a lot! Thanks!
Can you introduce how to use legitimate antivirus software for free! And the kind that can be upgraded intelligently!
|
|
|
2005-12-21 15:43 |
|
|
zxd62
新手上路
积分 2
发帖 1
注册 2005-12-18
状态 离线
|
『第 9 楼』:
使用 LLM 解释/回答一下
好像只有金山毒霸能完全破解吧
It seems that only Kingsoft Anti-Virus can be completely cracked.
|
|
|
2005-12-22 02:04 |
|
