-
Heuristic viruses are viruses that have not yet been recorded in the virucidal database, and there is a possibility of misjudgment. Heuristic scanning is the most effective way to detect viruses by analyzing the order in which commands appear, or combinations, to determine whether a file is infected, and each object is examined, but it is also the most likely to have false positives. Moreover, there is no record of this virus in its virus database at the time of the killing, mainly for a variant of a certain virus.
In fact, it is to compare the object file with the virus source code in the virus signature database, and when the matching rate between the two is greater than a certain value (usually this value is small, so it is easy to give false positives), the antivirus software will list it as a suspicious file for further removal. This is known as heuristic antivirus.
-
Heuristic antivirus.
The difference between a virus and a normal program can be reflected in many aspects, such as: usually an application in the initial instruction, is to check the command line input for parameter items, clear the screen and save the original screen display, etc., while the virus program will not do this, usually its initial instruction is to directly write disk operation, decode instructions, or search for executable programs under a certain path and other related operation instruction sequences. These significant differences can be seen at a glance by a skilled programmer in the debugging state.
Heuristic scanning technology is actually a concrete program that transplants this experience and knowledge into a virus detection software.
Heuristics refer to "the ability for self-discovery" or "the knowledge and skill to use a certain way or method to determine things." "A virus detection software that uses heuristic scanning technology is actually a dynamic allotter or decompiler implemented in a specific way, and through the decompilation of the relevant instruction sequence, the real motive is gradually understood and determined. For example, if a program starts in a sequence like this:
mov ah,5 int,13h,that is, to call the BIOS instruction function of the format disk operation, then this program is highly suspicious and worthy of alarm, especially if this instruction does not have the command line to obtain the parameter options for execution, and does not require the user to interactively input the operation instructions to continue, you can safely assume that this is a virus or malicious destruction program.
Heuristic anti-virus represents the inevitable trend of the development of anti-virus technology in the future, and anti-virus technology with certain artificial intelligence characteristics shows us the possibility of a general-purpose virus detection technology and product that does not need to be upgraded (less expensive or does not depend on upgrading). Due to the powerful advantages that many traditional technologies cannot achieve, they will be widely used and develop rapidly. The application of pure heuristic analysis technology (without any prior research and understanding of the target virus sample) has been able to achieve a virus detection rate of more than 80%, and its false positive rate is easily controlled, which is unimaginable and a qualitative leap for the virus detection software that only uses the traditional feature scanning technology based on the study of known viruses and extracts the "characteristic string".
In today's world where new viruses and variants emerge one after another, and the number of viruses continues to surge, the generation and application of this new technology are of special significance.
Kaspersky's Proactive Defense and Heuristic Antivirus are ahead of other antiviruses in terms of antivirus software.
A common phenomenon in the team: if the task of a certain person in the team in a project is not completed on time, the entire project progress will be pushed back, and only when everyone in the team has done a good job can it be possible to achieve a certain goal. >>>More
The internal test is relative to the public beta, in fact, the internal test is a comprehensive test of the technical stage of the game manufacturer, game ** business and related planners on the running performance of the game, the cultural background of the game, and the problems of the game system, The steps are very detailed, specific to the costumes, actions, and language of the characters in the game, for example, the language of the scholars in the game should be polite and polite, and it must not be mixed with the language components of the rivers and lakes, etc. >>>More
Network real-name is the simplest, most widely used, and most widely used network access method in China, which represents the inevitable trend of Chinese Internet access. In the address bar of the browser, you can use the Chinese and English names of **, enterprises and institutions, trademarks, products, etc., to go directly to the corresponding ** or web page, and there is no need to enter complex and difficult to remember domain names, **. Enterprises will register their names and brands as online real names, and customers can identify enterprises through these well-known names, and the original influence of the brand under the network can be smoothly extended to the Internet, and quickly become the online signboard of the enterprise. >>>More
Meaning of foresight: to have a big vision; Brilliant insight. >>>More
Expressions in English have the following meanings. >>>More