Expert interview: Old viruses frequently change their faces. Traditional antivirus is in a hurry.

  New anti-virus technology for active defense

  The opening and closing ceremonies of the Beijing Olympic Games and Paralympics are the focus of the world’s attention. Assuming that the computer information of the general director Zhang Yimou is stolen and attacked by hackers, not only will the Olympic plan be leaked, but even the opening and closing ceremonies will not be able to proceed normally …

  In the US presidential election, Obama was most worried about the theft of his core computer and the attack on the network. He summed up his victory and the victory of the network.

  Network security has a bearing on the people’s livelihood. Faced with more than 1,000 new viruses appearing every hour in the world, traditional anti-virus software is increasingly lagging behind, and active anti-virus technology emerges as the times require.

  According to the 2008 National Survey Report on Information Network Security and Computer Virus Epidemic released by the Ministry of Public Security recently, among the types of network security incidents, computer viruses, worms and Trojan horses are still very prominent, accounting for 72%. Another new security risk "passive leak" is eroding the computer network.

  Liu Xu, a famous anti-virus expert and leader of the research group of "Real-time protection technology based on independent analysis and judgment of program behavior" of the National 863 Program.

  What causes the increase of "passive disclosure", and how can users avoid being victims of Trojan virus or targets of "spy" programs? The reporter interviewed Liu Xu, a famous anti-virus expert and the leader of the research group of "Real-time protection technology based on autonomous analysis and judgment of program behavior" of the National 863 Program.

  Hackers wholesale a "broiler" in 0.1 yuan.

  Zombies attack other people’s computers in groups

  Users unconsciously passively leak secrets.

  Liu Xu said that in the industry, computers controlled by hackers are called "broilers", and any computer may become a "broiler". For hackers, "broiler" has no secrets, and all information files can be easily adjusted. Such a "broiler" is now sold online only in 0.1 yuan. Because of its low price, "broiler" is generally sold in tens of thousands of wholesale units. Recently, the use of "Microsoft black screen genuine verification" to spread the new virus of mutant gray pigeon is to make the user’s computer a "broiler" that is controlled remotely.

  There are even more terrible "zombies", that is, computers controlled by "zombie" viruses. These computers are aggressive, and the "zombie" computers controlled by hackers form a network, which will attack other people’s computers and important websites. "Zombies" are mostly overseas hacker networks, mainly stealing trade secrets and threatening the security of national information networks.

  Liu Xu said that the purpose of writing and making viruses has changed from "harming others without benefiting themselves" to profit-seeking attacks, such as stealing information; The computer poisoning rate also rose from 73% in 2001 to 91.47% last year. At present, viruses have the latest features such as instrumentalization and automatic generation, and at the same time, they have the characteristics of concealment, anti-killing and pertinence. Unknown viruses and new viruses make users hard to prevent. In the past two years, "online thieves", "panda burning incense", "dove", "QQ Trojan" and "zombie Trojan" have invaded users’ computers and stolen password accounts, personal privacy, business secrets, network property and even state secrets, which are typical examples. If we don’t take precautions against these Trojans and spy viruses, it will easily cause users to passively disclose information unconsciously.

  Traditional antivirus only looks for a piece of program code.

  There is nothing I can do about makeup makeovers.

  Almost all computers are equipped with anti-virus software, but why are users repeatedly attacked and even passively leaked information? Liu Xu said that the traditional anti-virus software was an effective tool in the past when the number of viruses was small and the spread speed was not fast. However, today, with the wide application of the Internet and the subversive changes in the global virus characteristics, it is obviously inadequate.

  Liu Xu analyzed the principle of traditional antivirus software. For example, traditional anti-virus software kills viruses, just like low-level security guards catch thieves, relying entirely on local characteristics. If you catch a thief in red today, you think that everyone in red is a thief, and if you catch a thief in yellow tomorrow, you think that the thief in yellow is also a thief. When a virus is found, one or several program codes are found, which is the virus feature code. Once similar or identical codes are found, it is considered as a virus. Traditional anti-virus software adopts the eigenvalue scanning technology: the idea of "virus appearance ―― user submission ―― manual analysis by manufacturers ―― software upgrade". The prevention of virus always lags behind the emergence of virus, and generally it can only kill the virus found by manufacturers, but it is helpless for new viruses or those that have undergone "cosmetic" transformation.

  At present, viruses have been automated and industrialized, and anti-virus manufacturers are still adopting backward ideas of manual analysis, which is bound to fail to prevent unknown viruses and new viruses. Realizing the transformation of anti-virus technology from passive anti-virus after the event to active defense is not only the common topic and new competition focus of the global anti-virus industry, but also the urgent demand of computer users.

  Micro-point active defense software of 863 project

  Ensure the network security of the opening and closing ceremonies of the Olympic Games

  Liu Xu said that at present, most anti-virus software claims to have active defense function, but active defense is a real-time protection technology based on independent analysis and judgment of program behavior, which must have three basic characteristics: independent identification of unknown viruses and new viruses, clear reporting and automatic removal. This is the touchstone to distinguish between true and false active defense, especially "clear reporting" of unknown viruses and new viruses, which most anti-virus software can’t do.

  In addition, some traditional anti-virus software does not explicitly report whether there is a virus, but uses some languages that ordinary users can’t read, such as: "A program is setting a global hook for your computer, is it allowed?" and "A program is loading a driver, please choose", so that users can judge for themselves, and it is difficult for non-computer professionals to choose.

  The national 863 project-micro-point active defense software is the first active defense software in the world. By using the simulated anti-virus expert and its virus determination mechanism, it has achieved the breakthrough of five core technologies, such as "dynamic simulation of anti-virus expert system, automatic and accurate determination of new viruses, simultaneous monitoring of program behavior, automatic extraction of feature values to achieve multiple protections, and visual display of monitoring information". After nearly a million kinds of viruses have been tested, the effective rate of preventing and killing unknown viruses and new viruses is over 99%.

  Since the opening and closing ceremonies of the Beijing Olympic Games, the operation center adopted the national 863 project-micro-point active defense software, which successfully prevented the attacks and intrusions of hackers and various new and old viruses, and the network information system of the operation center never leaked information, which indicates that China’s anti-virus technology has successfully withstood the major test of the Beijing Olympic Games and Paralympic Games.

  Don’t go to unhealthy websites to avoid being poisoned.

  Rejecting unknown mail is best for special plane.

  Copying files between computers without USB flash drive

  Liu Xu pointed out that users should have a conscious awareness of information security. First of all, we should develop good online habits. Some unhealthy websites are often an important reason for users’ virus infection.

  Secondly, it is not only a way to infect and spread the virus, but also an important reason for the passive disclosure of information caused by virus attacks and hacker intrusions. In practical work, especially for users with high requirements for information security, we should try our best to put an end to copying files back and forth between different users with USB flash drives, and we should also strengthen the protection of users’ own mail security and refuse unknown mail. At the same time, the conditions should be dedicated to the special plane.

  Third, adopt safe and reliable anti-virus tools. More and more examples have proved that anti-virus software itself is vulnerable to attack. Therefore, we should not only use non-genuine software with caution, but also carefully choose anti-virus tools. It is a reliable choice to adopt anti-virus tools with real active defense technology. (Reporter Li Dongmei)

Editor: Wang Jiaolong