希望瑞星采用新技术

微软现在又把它的杀毒软件改称呼了,现在叫Anti-Malware Platform,简称AMP

前几天的VB 2015上Microsoft发布了新的AMP白皮书,其中提到Windows 10上的WD 4.8包含三大重要改进,其中有一个真的是有一点耍无赖的感觉,这就是标题上说的AM-PPL技术,全称为Anti-Malware Protected Process Light=反恶意软件受保护轻进程

AM-PPL: Antimalware Protected Process Light的玩赖在于它的作用是这样的
• AM processes can run critical user-mode service components as AM-PPL which is at a higher level than an Admin thus can help shield itself from admin level malware
机器翻译:
•AM进程可以运行关键用户模式服务组件为AM-PPL 这是比管理员更高等级,从而可以帮助自己防护管理员等级的恶意软件


这是不是耍无赖?WD的权限比Admin权限更高,这个能够抵御管理员权限运行的威胁攻击WD进程,这权限不一般啊。

除了这玩赖的技术,还有之前说过的Secure ETW技术和高级清除Rootkits技术
• Secure Event Channel
• Extensible channel that provides critical insight into process activities
• AMs can listen to selected TCB/kernel/win32 level events without kernel level hooks
• TCB/kernel events are trusted, they cannot be tampered with by malware
• Whitepaper published via Connect in Feb 2015.

• Inbox support for Offline Cleaning
• WSC provides API to AM apps to make use of inbox WinRE (Windows Recovery Environment) to provide seamless frictionless offline cleaning experience.
• AM applications can remove rootkits and kernel malware difficult to clean online using this feature, without a need to carry their own offline environment.
We will be encouraging you to use these as undocumented



更多的官方原文,可以参阅AMP白皮书
https://www.virusbtn.com/pdf/con ... tchelder-VB2015.pdf

最后说一下,瑞星应该尽快采用这些新技术

用户系统信息:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 UBrowser/5.5.5701.114 Safari/537.36
君素雅达,必不致令我徒劳往返也