为什么我的防病毒程序无法检测到这种恶意行为?

发布于 2024-08-05 23:18:29 字数 182 浏览 6 评论 0原文

我编写了这个 C 程序并在我的 Windows 系统上运行。我的系统挂起,甚至任务管理器都没有打开。最后,我不得不重新启动。这显然是一个恶意程序,但我的防病毒软件没有检测到它。为什么?

#include<unistd.h>
main() {
while(1)
    fork();
}

I wrote this C program and ran on my Windows system. My system hanged and not even Task manager was opening. Finally, I had to reboot. This is clearly a malicious program, but my antivirus does not detect this. Why?

#include<unistd.h>
main() {
while(1)
    fork();
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

别忘他 2024-08-12 23:18:29

防病毒程序无法识别恶意行为 - 它们识别已知病毒的模式(文件名、进程名称、二进制签名等)。已经存在

这就是为什么它们经常被颠覆,因为它们是对不断发展的问题的反应性解决方案。

Antivirus programs don't recognize malicious behavior - they recognize patterns of know viruses that are already in the wild (file names, process names, binary signatures, etc.).

This is why they can often be subverted since they are a reactive solution to an evolving problem.

合久必婚 2024-08-12 23:18:29

由于巨大的速度损失,开发人员通常不会使用反病毒软件,或者至少他们在他们工作的文件系统子树上禁用它。

但即便如此,这也不是反病毒软件试图检测的模式。反病毒软件会查找您正在读取和写入的文件以及系统状态的更改,或特定已识别的病毒或其先前已识别的签名。

无论如何,它会如何决定?从程序的角度来看,过载的网络服务器和分叉炸弹之间只有一线之隔。

最后,这种行为是一种自我纠正。如果我们真的遇到了比叉子炸弹更具破坏性的病毒,我们可能会宣布胜利并说“不要运行它”。

顺便说一句,你是否以管理员身份运行了 fork 炸弹?

Developers don't typically use AV software due to the huge speed penalty, or at least they disable it on the filesystem subtree they work in.

But even so, that isn't the sort of pattern AV software tries to detect. The AV software looks for files you are reading and writing and changes to system state, or specific identified viruses or their prior identified signatures.

And how would it decide, anyway? From the point of view of a program there would be a fine line between an overloaded web server and a fork bomb.

Finally, this sort of behavior is kind of self-correcting. If we really had viruses arriving with nothing more damaging than a fork bomb we might just declare victory and say "don't run that".

BTW, did you run the fork bomb as administrator?

一杆小烟枪 2024-08-12 23:18:29

你的程序不是病毒,因为它不能自行传播,也就是说,它不能感染其他文件/计算机

Your program is not a virus, because it cannot spread itself, that is, it can't infect other files/computers

大姐,你呐 2024-08-12 23:18:29

嗯,这不是恶意行为,看起来更像是代码中的逻辑错误。我希望有一天能有一款防病毒软件能够检测导致 BSOD 的应用程序、驱动程序、微软更新、微软产品 =)

Well, it is not malicious behavior, looks more like a logic error in your code. I wish there will be an antivirus one day that could detect applications, drivers, ms updates, ms products that cause BSOD's =)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文