Micropoint Forum
» Guest:  Register | Login


Subject: The difference between the heuristics and proactive defense

Credit 86
Totalpost 83
Registered 2007-12-24
#1  The difference between the heuristics and proactive defense

[draft translation by sidineyqiao]
The heuristics technique and the proactive defense technique both were developed and researched to the limitation of the characteristic scan for its more and more applications. the Russian corps were ahead of the former field and they paid more focus on this(by the way, proactive defense  integrated into the Kaspersky product, but I think it was a show but a reality, after all, Kaspersky is the leader of the heuristics, so I insist that the proactive defense technique is the assistance role in its product.)The proactive defense is the hot concepts lately. Many corps sell the product based upon it .the two technologies are both the developing direction of the antivirus technique in future. as to their developing history, heuristics technique has already developed for a long time,but the proactive defense technique was at the initial stage. so we can't judge them without knowing all the details of the products .it is unfair to compare this two products at this stage. I also don't know more about them but just know a little related information. I only can talk about my own feelings integrated with the understandings of them.

There have the details of the products and their accomplishments on tsinghua BBS and the official net of the micropoint. I just talk about my feelings to these two products.

1st we talk about the heuristics. Just like the final user is the president, the heuristics system is the security manager. President puts the security duty on the security manager. The security manager wants to know who will do the bad actions to the corp.so he learns from the hacker empire and assumes to make every employee lose the consciousness in the virtual society in computer. He coils the coffee and watches the employee to work like in the movie. When the "movie" is over, he understands the all deeds of these employees. he makes the decision that which one is good. if who steals and loses the secretes, to be pleased with himself for the bad deeds. security guard smiled:” he is not the good comrade, I will get you ass on the ground when your show is over, kids." so he will complete the duty that the president gives.

2nd is the proactive defense. When the manager accepted the duty, he installed the camera monitor to every corner (I guess he dared not to install it in the president office, it would bring the bad result when the doctor and the shinning girl in the president office ....) to monitor the situations of every security guard with this excellent monitor system. All the situations will be controlled after he observed for a long time. Why does it need a long time? it is a common thing that everyone is smart and the criminal of the high technology will be done secretly. Everything is normal when you separate these things into several parts; it is the conclusion that contacts them together. So he catches the bad employee and ready to teach him something. But he said:” buddy, just be yourself, I have done everything already, you can do anything to Me.” you know, the bad one is rude and don't care for anything. so the security manager told this to the president, and the president condemn him” you are garbage in my corp., our important information were deleted and the information was under control of the competitor, you’d better make a self-examination." and the security manager thought:" yes, I should improve the rules. I should get the doubted employee first; better to get all the employees. So there had someone report to the president some times. After a short time, president gets the security manager and damned him very rudely:" shit, is my corp. full of spies. So I think I can't depend on you, otherwise you fired me ".

The example above is too exaggerated, but it can prove something of my opinion. the heuristics has self-defects, we can know that is too expensive or need import by other country by the example above. When you faced to the formidable spy such as Keanu Reeves)and he is known in a virtual environment for a short time. You fool him in your eyes, or he jokes you too childish.

you also can say that the heuristics is just like the virtual machine, like acting the stool pigeon in the police of the Infernal Affairs Trilogy, he can improve the guys' right through the record files and the specified actions .finally, the right goes beyond the maximum right and that police is suspicious. But he can't get the full evidence that the police is the stool pigeon, so he died by the stool pigeon at last.

Proactive defense is the professional security manager and he has a lot of experiences. Not only the picture by the monitor system, also can he judge the people by himself. He will prevent the bad people's action before the bad one wants to steal but arrest the bad one till he finishes the actions. The manager takes him which had do a little to the president and the most critical to the police station directly.

The two technologies have each advantage. The final anti-virus technology is not a simple one, and it should be a integrating one with several techniques. Just like a team, forward and backward are both needed, attack and defense, both are strong is the best team.

For the words above, I just wanna say that both two need to modify and improve. It will become the mainstream of the anti-virus technology which does the self-things best. I hope we can discuss more and more. as an old saying, it will understand after discussing. I hope you can insist one principal: I don't agree with your opinion, but I insist that the right that you talk about your opinion.
          --------copied from the micropoint BBS

[ Last edited by sidineyqiao on 2008-9-4 at 11:12 ]

2008-9-3 12:01
Profile  Email  Pm   Edit

Forum Jump ...:

[ Contact Us :: Micropoint Forum ]