Micropoint Forum
 
» Guest:  Register | Login

 

Author:
Subject: the advanced technique of micropoint,and some understands of the mcafee
sidineyqiao
Moderator





Credit 86
Totalpost 83
Registered 2007-12-24
#1  the advanced technique of micropoint,and some understands of the mcafee

[draft translation by sidineyqiao]

In addition, it is my private opinion which is limited to myself that the words below. Thank you for pointing out the MISTAKES
I am not ashamed that not familiar with micropoint, even nearly don’t understand McAfee .we can see the advantage of micropoint through the comparing to point and McAfee. This post is not to quarrel, if some guys want to scrap, better to other place

1st specialist (official technical words below)

1) Create a Dynamic Simulation Anti-virus Expert System:

THE SOFTWARE can analyze, conclude and summarize the rules of virus behavior; furthermore, integrated with the experiences of defining the virus by the anti-virus experts, it can even extract virus recognition formula knowledge based on those rules. Emulating the principles of experts' finding new virus, and with the integrated usages of virus recognition formula knowledge, THE SOFTWARE can realize the goal of determining new virus automatically, then make the active defense come true by the way of automatic monitoring on various kinds of application behaviors and automatic analyzing on the logical relationships between those behaviors.

According to my opinion, this means that it judge the file whether it is the virus by the virus recognition formula knowledge base, and it based upon the experiences by OF the anti-virus experts (analyze, conclude and summarize the rules of virus behavior).

  
That is to say   when one of the programs has the actions that fit in with the kind of the virus library. And the micropoint corp. will stop it .right?
 
it doesn't seem to have much advantages comparing to the McAfee, if I don’t get far away from it. the so called virus regular behavior is modify the file(including the registry editor,PE file and all the file formats),read the file(including the code (which is secret) and so on),new file, delete the file(the format is a way to delete,) and so on.

For example, antivirus may think illegal action modify the registry editor is one kind of the virus actions. it will influence the virus recognition formula knowledge if do the illegal modify. Then, micropoint judge the virus whether is illegal (not at least this one).and McAfee add the rule that forbidden the action to registry directly except that you assign to modify.
Also, all judge rules in the virus recognition formula knowledge of the micropoint can achieve by a extreme way in McAfee. McAfee will forbidden the actions except you assigned, if you think it’s the virus actions which modify the files upon the system files. which is more extreme?


2) Automatically Determine New Viruses Precisely

Huge amounts of probes are distributed among the Operating System; they can dynamically monitor the behaviors of invoking different kinds of Application Programming Interface (API) by the running programs, then automatically analyze the logical relationships between those behaviors and determine the validity of the behaviors, thus achieve the aim of diagnosing new virus and reporting the conclusions definitely; and effectively overcome the drawbacks of current security techniques, most of which are running under such principle of drawing conclusion by a single behavior, keeping on asking whether or not allowing the modifications to the registry or visiting to the networks, which brings obfuscations to the users and even makes dangers happening or crashing to the normal running process of applications due to the users' misjudgments.


1st, more software start use the virus technique. In this case, if new software does the new interface action like the past virus actions .how can DOES micropoint judge whether it is the virus. Specially, how does it judge the software which refers to the bottom of the system? Has possibility which judges by mistake?
 
  
2nd, the common used software can count from one to zero. to the professional user, even the new software appears, the function and the needed support can easily judge .for example, one new internet web browser can according the explanation to make the mainly judging: need to land the internet through the 80 port, need the r/w to the Cache District, need to support the http and ftp download, and so on. But you can fixed by excluding the customize rule in McAfee. Excluding the process in this IE from several limited rules can be ok.
That is to say IN OTHER WORD: micropoint can finished, McAfee also can achieve it according to the technology lever of the user.

3) Monitor and Control the Program Behavior at the Same Time:

THE SOFTWARE can analyze the program behaviors by itself while monitoring the running of the program completely. Upon finding new virus, it will automatically hold back virus behavior and terminate the running process of virus programs, and automatically clean the virus, then automatically fix the registry.
It is necessary to any antivirus software when it detects the new virus and stops it. The question is the process of the antivirus. It’s impossible to kill the virus if the virus is high prior than the anti-virus. How can micropoint do it without the code of the bottom system? as you WE know, some famous international antivirus corp. get the part  of the base  code from ms.

4) Automatically Extract Eigen Values to Realize Multiple Defenses

With the implementation of dynamic simulation technique, THE SOFTWARE also effectively overcomes the drawbacks of the Eigen values scanning technique's lagging behind the appearance of virus, automatically extract the Eigen values of the virus upon finding the new type of virus, then update the local unknown characteristic library, achieve the automation process of "Trap, Analyze, Update" so as to facilitate the fast detection of the intrusions to the same kind of virus thereafter and build a safe and high efficient multiple defense shield for the user systems.


 
Scanning the Eigen Values is fall behind the updating of the virus. I understand this thing, it should be: judge the virus by the action, and extract the Eigen Values then add into the local unknown characteristic library to avoid the variety new damage and the trouble that updating the official virus characteristic.
   
This thing is excellent. McAfee is: even know this is virus, if you don’t want to kill it, and cannot run the pc when run the virus manually. I still remember one McAfee rule from the sword union--pc is unconquerable after start the pc and you can do nothing operations except that you manually assign which is safe program (including the important system process, as the SVCHOST).which is better? Judged by you!

5) Visualized Display of Monitoring Information

THE SOFTWARE will display the information of the monitored program behavior visually, the user can get to know which programs are running on the computer at any time, among those which are the system program, which are the application program, furthermore, the user can find out when the program is installed, when it is running, whether or not it modifies the startup items of the registry, whether or not it produces new program files, whether or not it is autorun, by whom it is executed, which modules it invokes, and the current usage statistics of the network, etc. The user can explicitly in control of the running status of the system, and analyze the system security based upon it. THE SOFTWARE was not only used as the system analyzing tool, but also the studying tool for the user to get familiar with the computer system.

Visualized Display of Monitoring Information can be the tool to understand more about pc system, I couldn’t agree any more. Because of much software can check the process by visualized display. But it is unnecessary to occupy the system resource all the time. you can have a look when you need to. this is good to fresh user.
In one word, it is good that micropoint establish a new way to kill and avoid the virus. Domestic software can happy about the micropoint.
But, please don’t declare micropoint cans everything. Cause this isn’t the truth. Maybe some users think micropoint is directly visualized and smart, but it can’t represent that other software don’t have the functions of the Micropoint. From other lever, if you familiar with McAfee and can configure the rule by yourself, except dispensable visualized display of monitoring information, everything is ok.

you can say it like this,
Micropoint is: detect who do the evil deed, stop and throw into the jail or kill, resolve everything perfectly.
McAfee is: the detailed system promise no chance to let anyone who want to break the law .
I suddenly found something is like the Chinese and American law enforcement agency--this is out my words, don’t think too much about it, hoho.
Finally, wish micropoint better in the future, no matter how bad rising is and it can't stop the good future of the micropoint to make progress.
Suggestion: advanced user can try to use the McAfee enterprise. if you aren’t familiar with parameter, process name and rule, the micropoint--best choice!

[ Last edited by sidineyqiao on 2008-9-4 at 11:12 ]

2008-9-2 11:09
Profile  Email  Pm   Edit



Forum Jump ...:

[ Contact Us :: Micropoint Forum ]