This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(5)
查找病毒有三种基本方法。您可以扫描文件以查看其中是否包含已知病毒的病毒代码。您可以扫描文件以查看代码是否会执行类似病毒的操作。您可以等到程序执行不应该执行的操作,然后将该程序标记为受感染。
您可以在文件首次创建时扫描文件,之后也可以按计划进行扫描。您必须安装内核驱动程序才能观察程序的行为并阻止它们执行恶意操作。
许多反间谍软件程序的工作方式完全相同。例如,Spybot S&D 可以监视可能是间谍软件安装的注册表更改。
There are three basic ways to find viruses. You can scan files to see if they have virus code in them from known viruses. You can scan files to see if the code will do virus-like things. You can wait until a program does something it should not do, and flag the program as infected.
You would scan files when they are first created, and you would also do it on a schedule after that. You would have to install a kernel driver in order to watch what programs do and stop them from doing malicious things.
Many anti-spyware programs work exactly the same way. For example, Spybot S&D can watch for Registry changes that could be spyware installations.
病毒检测有不同类型。他们使用的一些不同技术是
1) 查看文件的二进制组成,以在已知病毒和木马的数据库中进行匹配或部分匹配(最常见的技术)
2) 观察程序的行为,看看它是否做过与病毒类似的事情/木马
3) 分析程序代码(有时反汇编程序代码)并查找恶意内容。这通常非常困难,并且通常只有高级检测程序才能做到这一点。
There are different types of virus detection. Some of the different techniques they use are
1) Look at binary makeup of file for match or partial match in database of known viruses and trojans (most common technique)
2) Watch what program does and see if it ever does anything similar to viruses/trojans
3) Analyze program code (sometimes disassemble program code) and look for malicious things. This is often very difficult and usually only advanced detection programs do this.
基于签名的检测 - 通过将病毒签名(已知病毒的二进制模式)与正在扫描的文件进行比较来进行检测。
启发式检测 - 检测表明可能存在病毒的代码行为和模式。可疑代码在运行时虚拟环境中运行,以进一步测试病毒行为。这可以发现病毒定义中没有的新病毒。
基于行为的检测 - 根据病毒表现出的行为来检测病毒运行时
沙盒检测 - 与基于行为类似,此方法在运行时环境中执行潜在病毒并监视行为
这里有更多
Signature-based detection - detects by comparing a virus signature ( a binary pattern of known viruses) against files being scanned.
Heuristic-based detection - detects behavior in and patterns of code that indicates a virus may be present. Suspicious Code is ran in a runtime virtual environment to further test for virus behavior. This can find new viruses not in the virus definitions.
Behavioural-based detection - Detects viruses when they are run based on the behavior the virus exhibits
Sandbox detection - similar to behavior based, this method Executes a potential virus in a runtime environment and monitors behavior
Here's a more complete reading
他们使用病毒的特征或定义,并将它们与扫描的文件进行比较。
请参阅 SciAm 的这篇文章,了解更多信息解释。
They use signatures, or definitions of what a virus looks like, and compares them to files it scans.
See this article from SciAm for a good explanation.
防病毒软件通过查看注册表、查看程序代码、查看常见病毒列表,甚至在互联网上查看其他人/软件是否将其归类为病毒来查找病毒。
Antiviruses find viruses by watching the registry, looking at a program's code, looking at it's list of common viruses, or even looking on the internet to see if other people/software have classified it as a virus.