1 First of all, from the point of view of monitoring, Rising 2004-2005 was written with DLL injection, which is the way used by many viruses, so it takes up a lot of memory and the monitoring is poor. The biggest weakness of DLL injection monitoring is that it is difficult to monitor web viruses, which is also the biggest weakness of Rising. It seems that hook technology was used in 2006, which made great progress.
KV monitoring is much better, almost equivalent to a firewall. Download the virus with Thunder and you will know that it will be killed during the download process, while Rising can only kill it after downloading.
2. In terms of antivirus, it depends on the antivirus engine. KV's engine is very similar to Kabbah's. I don't want to hurt anyone. Only five companies in the world have their own engines, others are imitations, and so are domestic antivirus software. Rising's engine is not very good, and it can't completely remove the self-replicating virus. This is Rising's second biggest weakness. Rising can't completely remove viruses, such as love the back door and roses. Rising antivirus is not thorough. ROSE can't double-click to open it after antivirus with Rising, but it can be recovered directly with KV.
3. In terms of shell killing, Rising's current engine can't kill the shell, and the new engine doesn't know how the shelling technology is. Now it is a public beta. KV can kill popular shells, which is very good. What does antivirus software that can't kill the shell mean? Using shell protection to deal with virus variants is basically a waste. This is also the basic standard of antivirus software engine. Why do people use Kabbah? This is a powerful shell, which is the bane of Trojan horse.
4. In terms of virus database, KV is much worse in this respect. At present, the virus database of KV is very incomplete, especially the Trojan horse database. The engine is very good, but the virus database is incomplete, which is the achilles heel of KV.
5. With its own firewall, Rising's wall is much better than KV, so I don't need to say this. But I finally say that the most powerful anti-virus engine in the world is Dr. WEB, which is more powerful than Kabbah's. Basically, all shells can be killed, even Beidou's can be easily killed by using dynamic virtual machine shelling technology. DR.web is a Russian antivirus software called Okumo. It's basically the same as Kabbah, but the engine and technology are different. It is a product adopted by Russian officials and the army. Most enterprises and individuals use Kabbah, which is divided into two versions. Destroyer uses its engine, but after all, it is a fake spider, and its anti-virus effect is completely different from that of Dr. WEB. There is only one abroad, and the technology is backed by the Russian National Academy of Sciences. The goal of antivirus software companies is not to make money, but purely for technology, so there is no Chinese version now. It never lists binary viruses and trojans that can't be made into virus libraries, so in some tests, the name is not very high, and even rarely participates in evaluation, but the anti-virus strength is definitely above Kabbah, occupying very little memory, almost 4 trillion.
The world's top five antivirus engines:
1, the first one, of course, is Norton, who pioneered real-time monitoring technology and knew the code of Microsoft. Everyone says Norton is bad, but in fact Norton's engine is very powerful. Protect the computer from the bottom, so it won't run very fast. It's just that the anti-virus concept is different, which makes Norton not suitable for individual users. Mainly focus on isolation to prevent enterprise files from being deleted. Because some files infected by viruses can't be completely disinfected. Deleting files directly will destroy files, so Norton is the best choice for enterprise users.
2. Second, it should be coffee. This anti-virus software is mainly anti-virus, and it also adopts virtual shelling technology. Basically all shells can be killed. Now you know why it is so hot. I don't know if the shell of Beidou can be killed, but its virtual technology is not as good as the virus written by Dr. WEB with encrypted XTA algorithm (basically as difficult to crack as DES).
3. The third one is a panda. Haha, this Spanish product is the first automatic upgrade in the world. Its engine is also quite good, the speed is absolutely first-class, the virus database is a bit European, it is not very easy to use in China, and it takes up a lot of memory. Jinshan seems to be imitating a panda now, but the monitoring seems not. Jinshan's monitoring is very LJ, you will know after using it.
This is Kaspersky of Russia. I haven't analyzed the 6.0 engine yet. Man is really his own engine. KV used to be the Kabbah of anti-manufacturing. But now KV seems to be more optimized.
5. Dr. 5.WEB, also the engine of Russia, was jointly developed by the Russian National Academy of Sciences for the exclusive use of the military and the Kremlin. Heuristic plus virtual shelling, Beidou shell, outer shell and jumping needle can also be killed, occupying less memory. It can be said to be the strongest engine. It is best to deal with mutant viruses and trojans. You can cancel the encrypted XTA algorithm. Remove extremely complex viruses.
Destroyer uses its engine, but it is a fake spider after all, and its anti-virus effect is completely different from that of Dr. WEB.
I scanned it with the destroyer today and found nothing. But Dr. WEB scan found that so many didn't come out, although most of them were advertisements.
It seems that the core technology is still much worse than Dr. web. Don't think that you really used Dr. web. People in Russia say that the core things are not for sale.
Let me talk about NOD. I'm not sure about this antivirus software, but its engine doesn't seem to be its own. It seems that I have made great progress. Antivirus is like a panda, but it is not a panda. Monitoring is very similar to Dr. WEB, and the situation seems to be the same. There are two processes in monitoring, virtual bombardment and heuristic, but the methods are absolutely different. I don't know whose engine it is. The monitoring is very intelligent. At night, I tried to use a shell of Beidou to deal with the virus, but I didn't use jumping needles. As soon as I run Grey Pigeon, an automatically connected file is generated on my computer. Nodding didn't feel anything. I spent a long time killing people. If you add memory, you can kill it directly. There is a big problem in monitoring. You don't feel much about dealing with the virus with the big dipper shell twice. You can add the shell twice and report to it. It is estimated that you will win the prize.
Then it is very bad for domestic trojans, and many of them can't be killed. Especially at present, domestic trojans are so rampant. Have you seen Rising's upgraded virus database? Trojan horses account for almost 90%. I think it's better not to use this anti-virus software. I tried several trojans to steal QQ and found one. I feel that this anti-virus software is still good, but it is not suitable for domestic use. It's worse to deal with gray pigeons than KV. Not that it can't kill the virus. It's a virus database. The software is good. I like this antivirus software very much. The concept is very advanced and takes up less memory. Not really. Don't scold me.
Today, I joined Trend and Red Umbrella. The trend is Japanese-controlled antivirus software, so I haven't used it. However, when I was a sophomore, I cracked the trend well, so I installed it on all the computers in the school (at that time, I was doing anti-virus and maintenance work in law schools and websites). Not because it's easy to use, I just want the Japanese to upgrade their server hard disks everywhere, which will consume electricity and let them work for the people of China for free. A few years ago, the trend was very strong, especially its enterprise version, which can basically compete with coffee. Its engine is modeled after Norton, and its concept is the same as Norton's. I remember when I was in middle school, it came out of Yang Leyi, and it sold for 28 yuan at that time, and the surveillance tape was also upgraded. At that time, Rising was still three floppy disks, but the personal version was really not so good. If you want to use it, use the enterprise edition.
Red umbrella is a typical product that imitates Dr. WEB. At least the anti-virus engine should have the same effect as the destroyer, even the scanning method is the same. Memory scanning and antivirus scanning are separate. I like this guy very much. I used it a long time ago. I actually killed the back door of love that Rising couldn't kill at that time, and it was free to use. Your favorite titanium version, because there was no way to upgrade, I gave it up at that time.
Others say that Kabbah's antivirus takes up too much memory, which is true. I feel that Kabbah is not successful, at least not the best antivirus software. A good antivirus software, the most important thing is not to trust the computer. Look at the design of NOD32. If NOD has Kabbah's virus database, I guess I will always use it. Today, I opened several web pages with NOD32, and I was poisoned again. It is simply a disregard for users in China. The key is that there is no market and no profit in China. However, if you buy genuine products, I still recommend China. I have been buying genuine products, including my XP, which is really more stable than those bought on the street. So don't use those so-called cracks in the test. There is a difference between piracy and genuine antivirus in Rising 2005. However, I seldom buy genuine products from abroad, and always use genuine products from Jiang Min. I also have genuine products in Rising, and I have tested them with it. You know that the previous rise always implies, please kill it again and again. What do you mean, it can't be removed once, that is to say, in 2005, Rising's engine jumped badly, and the self-replicating virus could not be removed once. In Rising 2005, I stood in front of the server with a box lunch and watched its monitoring being killed by the back door of love. It was so sad. Jinshan, I bought Jinshan Netdart V, 90 yuan. Pay attention to friends who use Jinshan. Its middle rule does not prevent others from ping. If you switch to the advanced level, you can't watch movies online. The rules are really not good, but the average family is enough. Kaspersky's anti-hacker seems unable to stop others from attacking you in the LAN. I haven't tried the firewall of KIS6.0, but I recommend you to switch to learning mode, and the default is low. Don't buy Jinshan now If you want to buy it, buy Rising with KV and a new engine. It is estimated that the new engine Rising is better than KV, provided that KV does not upgrade, but KV and Kabbah have cooperated closely recently. It is estimated that the next version of the engine may reach the standard of Kabbah 6.0. Support domestic production, China will be strong! ! Look at Korean cars. Basically, Koreans use their own cars. Kabbah's scanning is to scan all files, so it is very stuck. It's no use turning off the surveillance. It runs inside the system. But it's absolutely anti-virus ... in your dreams.
By the way, the Chinese version of Panda 2007 was published today. Panda's latest engine has exceeded the speed of NOD32. Judging from the evaluation abroad, it takes up a lot less memory. I am testing it now, and it is very smooth. You can try. It still feels good. Do another firewall analysis in a few days. I hope everyone will support me. I enlarged the words, which is good for my eyesight. If you have any questions, just say it. I will keep updating. It must be remembered that anti-virus software must not rely on the machine, otherwise it will violate the basic principles. What's the difference between that and your perennial poisoning! !
Antivirus engine
Here is a brief introduction of antivirus engines of various manufacturers, some from public technical materials, some from anti-editors regarded as classics in virus forums, and some from manufacturers' technical personnel (both official and private).
1. Norton: This is the most familiar one. In fact, Norton's antivirus software is not very good at preventing detection. Many virus programs often learn the code that crashes Norton in the subroutine section. I hope Norton can adopt stronger self-protection technology in the new version. Norton's engine should be completely self-contained, and there is no data to prove that Norton bought or borrowed other antivirus engines. It is said that many companies have consulted Kaspersky's leaked engine design when designing, so they once asked this question when chatting online in Microsoft community. The reply agreed that Norton didn't need to learn from Kaspersky's antivirus engine, and his own engine was quite good. A guy named fenssa even replied that Norton's anti-virus engine is quite advanced, regardless of virus database factors, and its comprehensive protection performance is very good. In Microsoft, Norton's software is used in addition to McAfee's software (I believe it is rare to see Microsoft using other software). From the description of Norton's technical documents circulated on the virus forum and an article about Norton's step-by-step tracking and anti-editing in the virtual machine environment, Norton's anti-virus engine should be the perfect combination of traditional static code correspondence and real-time monitoring, and there should be some improved virtual machine technology in it (Norton's people don't admire virtual machine technology very much). Norton's slow antivirus speed should be related to Norton's traditional inspection method, which uses more static codes. Personally, I like Norton's isolation mechanism. I don't think deletion should be adopted until the correct handling method is determined. The virus written by a master should be related to the system process as much as possible. In this case, the advantages of isolation immediately appear. Norton occupies a lot of resources, but it has achieved the following design goals: the virus that can be identified and the process that is identified as a virus can be handled correctly, and there will be no misjudgment of the "virus corpse" that can not cause damage, and there will be no detection of viruses again and again after processing.
Many people think that Norton Enterprise Edition and Personal Edition use the same engine, which is incorrect. Enterprise edition actually improves the technology of personal board. An article published on Zdnet pointed out that the core rules of the enterprise version and the personal version of the engine are exactly the same, but the enterprise version is better than the personal version in importing some front-end files, and the enterprise version uses more API interfaces. According to the article, when scanning large-scale documents, the enterprise version is obviously superior to the personal version. And because of the use of load technology, the enterprise edition takes up a little more resources. In addition, it is said that Enterprise Edition supports network-based multi-load technology.
2. McAfee: I remember reading a report that McAfee acquired another anti-virus software engine design company, which was called Solomon according to the reply. It is rare to see the technical documents about Mcafee anti-virus engine analysis on the Internet, but from his own publicity materials, Mcafee has thoroughly studied virtual machine technology and real-time monitoring. For example, the technology he recently promoted to prevent application overflow (roughly this name) should be an excellent combination of virtual machine technology and real-time monitoring technology, regardless of the hardware platform, although false overflow detection often occurs (the anti-overflow technology at the software level is really unstable). When dealing with a large number of files, Mcafee has a certain speed advantage (this issue is discussed in Microsoft community). It is reported from McAfee forum that McAfee is studying more advanced intelligent code scanning technology, which is estimated to be better than Oriental Guardian. According to the team leader's reply, Mcafee has been focusing on the new security field of "proactive prevention" since the release of VSE8.0i, and Norton is also developing in this direction. "Pre-emptive strike" is divided into two parts. First, some firewall technologies and their intrusion detection technologies are used to effectively block the spread of the virus, so that the virus cannot spread in a large area at the initial stage of infection and the harm is reduced. Secondly, it relies on powerful signature detection technology (Extra.dat) to detect virus behaviors and signatures, and its strong R&D team and strategic alliance partners make it unique in this field. Norton can also add some functions that originally belonged to the firewall to new products. The email asked Norton's researchers why they didn't use signature antivirus technology, and responded that a perfect signature scanning technology should be able to add a specific file as a virus according to the user's designation, that is, when the user designates an active program as a virus, the engine of antivirus software can define a signature for the active program according to its own rules, and when controlling the active program, it can effectively cut off its connection with the normal process of the system. Before this level, Norton will not adopt signature technology on a large scale. According to McAfee's technical documentation, McAfee has only conducted limited experimental research on this technology and applied it in a more confident place. In fact, these two companies still have a long way to go in this regard.
Jinshan is still good.