57λÓû§£¬·¢²¼ÁË15039ƪÎÄÕ£¬²úÉúÁË330ÌõÆÀÂÛ£¡»¶ÓлáÔ±£ºkingweivv20w
?AVC???????8????????????????8??????????????????8????????????????????HIPS??????????Heuristic Analysis????8?????????????????Avir AV????????????8????????????????Fans ? Hooray?????????????????????
Proactive test
Kaspersky Internet Security 8.0
Date: June 2008
Last revision: 1st June 2008
Website: http://www.av-comparatives.org
1. Tested product
KasperskyLab(www.kaspersky.com)willsoon elease Kaspersky Internet Security2009(v8).This new version includes a further improved heuristic analyzer (emulator) and detection of suspicious packers, as well as the AVZ-heuristics at HIPS level.Kaspersky Internet Security v8 with signature updates of the 4th February 2008 and with highest settings was tested. The used test-set is the same as the one used for the retrospective test of May 2008 (http://www.av-comparatives.org/seiten/ergebnisse/report18.pdf). In the retrospective test of May 2008, KAVv7detected ~21%and got a “STANDARD” rating (probably because it was a product targeted by malware authors).
2. Test results
Below the proactive detection rates of KIS 8.0:
KIS v8 with maximum emulator settings: ~42%
KIS v8 with emulator settings like in HIPS: ~49%
With a total on-demanddetectionrateof~42%1 in the retrospective test and a very low rate of false alarms,Kaspersky Internet Security version 8.0 would in our retrospective test have reached the “ADVANCED” certification level.
1 this is a very similar result to the November 2007 retrospective test of Kaspersky Anti-Virus 7.0
2
Single Product Test: Kaspersky IS 8.0 June 2008)?Copyright (c) 2008 by AV-Comparatives
When the malware is executed, the currentHIPS(Application control)
included in Kaspersky Internet Security v8 wouldautomaticallyblock
(or strongly recommend to block) around68%of the samples from the retrospective test-set,??????, which is a good score.
Kaspersky v6 and v7 had the Proactive Defense Module (PDM) to stop malicious samples based on patterns of ",???;bad behaviour".
The new v8 includes a HIPS module to put some restrictions on applications execution. When a potentially dangerous program is being launched, KIS v8 will recommend to block the program execution ? it is also possible to limit the program execution, by blocking the dangerous operations.Classic HIPS- solutions usually require huge knowledge and time from the user to configure them properly(and have usually a high level of false alarms at the beginning), KasperskyLab has circumvented the false alarms problem by combining the power of the now included AVZ-engine scripts and the Emulator to the classic HIPS-approach: a heuristically determined danger rating.
Based on this rating KISv8 assigns a security group to any new running application and for all the four groups a predefined vector of privileges which cover all potentially dangerous actions exists.E.g. samples with a danger index of 100 get blocked automatically. So, about 2/3 of the samples used in the retrospective test were blocked automatically during first execution.
The rules for the security rating calculation (the AVZ-engine scripts) are updatable ? in fact they will be updated/improved during next weeks.
?????
?????
??????????????????????
1??????
??????????????????????2009???8?????????????????????????????????,????????????????AVZ??????HIPS??????????????2008?2?4???????KIS V8???????????????????????2008?5????????????2008?5????????????7??????21%?????“??”????????????????????????
2?????
???8??????????
KIS V8?????????????? ~42%
KIS V8 ?HIPS???????????? ~49%
????????????????42%??????????????????????????8??????????????“??”??????
??????????KIS8????HIPS????????????????????? ??? ??68%?????????????????????????
????V6?V7????????PDM????????????????????????????????V8????HIPS?????????????????????????????????????????????????????????HIPS??????????????????????????????????????????????????????????????????????avz????????HIPS????????????????????
?????????KIS8????????????????????????????????????????????????????
????????100???????????????2/3????????????????????????
??????????AVZ????????????????????????????
????????
Proactive test
Kaspersky Internet Security 8.0
Date: June 2008
Last revision: 1st June 2008
Website: http://www.av-comparatives.org
1. Tested product
KasperskyLab(www.kaspersky.com)willsoon elease Kaspersky Internet Security2009(v8).This new version includes a further improved heuristic analyzer (emulator) and detection of suspicious packers, as well as the AVZ-heuristics at HIPS level.Kaspersky Internet Security v8 with signature updates of the 4th February 2008 and with highest settings was tested. The used test-set is the same as the one used for the retrospective test of May 2008 (http://www.av-comparatives.org/seiten/ergebnisse/report18.pdf). In the retrospective test of May 2008, KAVv7detected ~21%and got a “STANDARD” rating (probably because it was a product targeted by malware authors).
2. Test results
Below the proactive detection rates of KIS 8.0:
KIS v8 with maximum emulator settings: ~42%
KIS v8 with emulator settings like in HIPS: ~49%
With a total on-demanddetectionrateof~42%1 in the retrospective test and a very low rate of false alarms,Kaspersky Internet Security version 8.0 would in our retrospective test have reached the “ADVANCED” certification level.
1 this is a very similar result to the November 2007 retrospective test of Kaspersky Anti-Virus 7.0
2
Single Product Test: Kaspersky IS 8.0 June 2008)?Copyright (c) 2008 by AV-Comparatives
When the malware is executed, the currentHIPS(Application control)
included in Kaspersky Internet Security v8 wouldautomaticallyblock
(or strongly recommend to block) around68%of the samples from the retrospective test-set,??????, which is a good score.
Kaspersky v6 and v7 had the Proactive Defense Module (PDM) to stop malicious samples based on patterns of ",???;bad behaviour".
The new v8 includes a HIPS module to put some restrictions on applications execution. When a potentially dangerous program is being launched, KIS v8 will recommend to block the program execution ? it is also possible to limit the program execution, by blocking the dangerous operations.Classic HIPS- solutions usually require huge knowledge and time from the user to configure them properly(and have usually a high level of false alarms at the beginning), KasperskyLab has circumvented the false alarms problem by combining the power of the now included AVZ-engine scripts and the Emulator to the classic HIPS-approach: a heuristically determined danger rating.
Based on this rating KISv8 assigns a security group to any new running application and for all the four groups a predefined vector of privileges which cover all potentially dangerous actions exists.E.g. samples with a danger index of 100 get blocked automatically. So, about 2/3 of the samples used in the retrospective test were blocked automatically during first execution.
The rules for the security rating calculation (the AVZ-engine scripts) are updatable ? in fact they will be updated/improved during next weeks.
?????
?????
??????????????????????
1??????
??????????????????????2009???8?????????????????????????????????,????????????????AVZ??????HIPS??????????????2008?2?4???????KIS V8???????????????????????2008?5????????????2008?5????????????7??????21%?????“??”????????????????????????
2?????
???8??????????
KIS V8?????????????? ~42%
KIS V8 ?HIPS???????????? ~49%
????????????????42%??????????????????????????8??????????????“??”??????
??????????KIS8????HIPS????????????????????? ??? ??68%?????????????????????????
????V6?V7????????PDM????????????????????????????????V8????HIPS?????????????????????????????????????????????????????????HIPS??????????????????????????????????????????????????????????????????????avz????????HIPS????????????????????
?????????KIS8????????????????????????????????????????????????????
????????100???????????????2/3????????????????????????
??????????AVZ????????????????????????????
????????
¹Ø×¢Óû§
- ×î½ü»¹Ã»ÓеǼÓû§¹Ø×¢¹ýÕâƪÎÄÕ¡
ÔÝÎÞÆÀÂÛ
×îÐÂÎÄÕÂ
×îÐÂÆÀÂÛ
Ïà¹ØÁ¬½Ó
ÆÀÂÛ