Typical anti-virus technologies include: 1. Signature technology, anti-virus technology based on the analysis and detection of known viruses; 2. Virtual machine technology, anti-virus technology that heuristically detects unknown viruses; 3. , virtual reality, future anti-virus technology, hierarchical detection and use of anti-virus programs.
Typical anti-virus technologies are:
1. Signature code technology: based on known Anti-virus technology for virus analysis and detoxification
Most of the current anti-virus software mainly uses signature checking solutions and manual detoxification in parallel, that is, signature checking is used when checking for viruses. When killing viruses, manually compiled detoxification codes are used.
Character Code Virus Checking
The scheme is actually a simple expression of manual virus checking experience. It reproduces the general method of manual virus identification and adopts "a certain part of the code of the same virus or similar viruses." "Identical" principle, that is to say, if the virus and its variants and deformed viruses have the same identity, this identity can be described and compared with the program body and the description result (that is, the "signature code"). Find viruses. Not all viruses can describe their signatures. Many viruses are difficult to describe or even cannot be described with signatures. The use of signature technology requires the implementation of some supplementary functions, such as the recent automatic scanning and killing technology for compressed packages and compressed executable files.
However, the signature virus detection scheme also has great limitations. The description of the signature depends on human subjective factors. Extracting a virus signature of more than ten bytes from a virus body that is several thousand bytes requires tracking, disassembly and other analysis of the virus. If the virus itself has anti-virus Tracking technology and deformation and decoding technology, then tracking and disassembly to obtain signatures will become extremely complicated. In addition, to capture the signature of a virus, it is necessary to obtain a sample of the virus. Furthermore, due to the different descriptions of the signature, it is difficult for the signature method to gain wide-area support internationally. The main technical flaw of signature virus detection is the large number of false checks and false positives, and the anti-virus technology has led to the technical lag of anti-virus software.
2. Virtual machine technology: anti-virus technology that heuristically detects unknown viruses
The main function of virtual machine technology
is to be able to run certain rules description language. Since the final criterion for determining a virus is its replicative infectivity, and this criterion is not easy to use and implement, if the virus is already infected before it is determined to be a virus, it will definitely bring trouble to the removal of the virus.
So what method is used to check for viruses? Objectively speaking, among various virus checking methods, the eigenvalue method is the method with the widest scope of application, the fastest speed, the simplest and the most effective method. However, due to its own flaws, it only applies to known viruses. For unknown viruses, if the virus can be run under control for a period of time and allowed to restore itself, then the problem will be relatively clear. Arguably, a virtual machine is the best choice in this situation.
Virtual machines are widely used in anti-virus software and have become a trend in anti-virus software. A relatively complete virtual machine can not only identify new unknown viruses, but also eliminate unknown viruses. We will find that this anti-virus tool is no longer a program, but an IBM Deep Blue supercomputer that can compete with Kasparov. First, the virtual machine must provide enough virtualization to complete or nearly complete the "virtual infection" of the virus; secondly, although the "infection" standard established based on the definition of a virus is clear, if this standard can be implemented, it will not be used in determining There will still be problems with the standard of viruses; thirdly, if the previous step can be passed, then we must detect and confirm that the so-called "infected" files are indeed infected with this virus or its deformation.
At present, virtual machines mainly deal with file-type viruses. Boot viruses, word/excel macro viruses, and Trojan programs can theoretically be processed through virtual machines, but the current implementation level is still far behind. Just as virus encoding deformations render traditional eigenvalue methods ineffective, new viruses targeting virtual machines can easily render them useless. Although virtual machines will continue to develop in practice. However, the computing power of PCs is limited, and the manufacturing cost of anti-virus software is also limited, but the development of viruses can be said to be unlimited. It is quite difficult to make virtual technology more practical, and even to use it as a basis to eliminate unknown viruses.
Restricted by the fundamental premise that viruses are theoretically undecidable, in fact, whether it is a heuristic or a virtual machine, it can only be an engineering effort, and its success The probability can never reach 100%. This is the only but helpless shortcoming.
3. Future anti-virus technology: Virtual reality
The prospect of future technology may be just an almost ethereal fantasy, but just like the initial description of computer viruses appearing in science fiction novels, although there are still many technologies that we are still realizing but have not yet realized, even There are many factors that we simply haven’t considered. As long as the technology is mature enough, it is entirely possible that anti-virus technology similar to artificial intelligence will appear in the online world.
One of the problems with anti-virus in the future is that we will never be able to write a reasonable program to identify and kill viruses. The virus has mastered everything that humans have. It can also identify and analyze anti-virus programs and reprogram itself. The anti-virus program must also be able to detect viruses and then program itself. The competition between viruses and anti-virus programs has become the realization of self-programming capabilities, and such a result can only lead to network space tension or even collapse!
We can also consider using another method: manually entering the computing network world to detect and kill viruses. Humans have enough intelligence and experience to identify and eliminate viruses, and this only leaves the problem of establishing a "bridge" between humans and computers.
The current Virtual Reality Technology
focuses on the realization of computer description of the natural communication method between people - "senses". It is like all people's perceptions. Sensing to the brain, the brain makes an experiential description of this sensing, thereby forming perceptual consciousness. If the computer expresses the binary code stream as brain wave stream information and transmits it to the brain through nerve sensing, it can completely describe, guide and control all human thoughts. Simply put, there is such a universal interface between human thinking and computer language!
If this theory can be realized, virtual reality technology will enter a new development field. Although it is theoretically impossible to make an accurate judgment and prevent the virus when the virus is unknown, in practical applications, after anti-virus experts have accumulated experience in statistics, analysis, and research for many years, it is entirely possible to use probability to predict the virus. This method conducts a hierarchical assessment of virus risks and uses anti-virus programs to achieve a relatively accurate defense against the intrusion of unknown viruses.
The above is the detailed content of What are typical anti-virus technologies?. For more information, please follow other related articles on the PHP Chinese website!