sss

Next to introduceOffice 2007

 behavior monitoring technology, first we intercepted at scripts operation is call system function, and then in the function of execution, we check before function of already existing behavior sequence, executive has a behavior sequence, we put all the execution process can keep down, keep down we will form a behavior chain, this behavior chain kept in this how we check? Before The invention of Microsoft Office 2010 is a big change of the world.

operation of the first we have an expert experience database, and this is what is produced? We analyzed the source of the virus can be analyzed, know script viruses a kind of script viruses behavior is what kind of, as long as the sequence on this behavior sequence matching we can think Office 2010 –save your time and save your money.

it is a hazard program, is a malicious code, we can end the function of performance, but also terminate the arbitrary functions behind the calls, so we reached prevent Trojan download purpose. But this behavior monitoring itself has a natural defect, because normal program also exists Microsoft Office is so great!

behavior program, if more comfortable words, many malicious put in, not a defensive role. If too strict word itself exists misstatement, for example say me to set a very strict definition, script creating documents I think is hazards program will not let you form, this to do? We actually to the problem itself also made a consideration, then we in the security system will be an jiaoyan things, through the network of supporting, very strict rules of accurate quote users directly actually, make sure it is a malicious behaviour. For we are not sure of the proposed rules, we actually just itself may be a malicious behaviour.

And then to introduce a third technology, intelligent inspire scanning monitoring, why do we use it? Microsoft outlook 2010 is convenient!

It from the principle itself is a signature, everybody can use, you itself is behavior monitoring technology, how can use signature? This is a very simple question, because a lot of exploiting holes in the user's host program are not flaws, because now many security tools auxiliary users hit Outlook 2010 is powerful.

a patch, the safety of users consciousness also improves, most nets horse effect-acting is likely a, two effect-acting, why do signature? This time for example a user using QQ loophole, but this loophole in don't exist, with killing don't exist, code ran not arise, let us be malicious behavior monitoring, through the behavior monitoring that it has no abnormal behavior, they think this is normal, apparently users this machine won't poisoning.