Metropolis: King of Hackers!

Chapter 186 : Control the supercomputer Yan!

When a suspicious file is found, the structure of the unknown file is first analyzed, including a series of unpacking techniques, to obtain the signature of the unknown file, and compare it with the signature of the virus database to confirm whether it is a virus file.

In this way, there is a very popular cloud security in later generations. In fact, it is the signature code of the unknown file uploaded by the anti-virus software, and the virus signature database on the server side is compared with whether it is a virus. It is still just the most basic and most common feature code comparison. The hype has become what cloud security, and brag about some fools!

The second method is gene code, which is an upgrade system of signature codes. In fact, it is also a feature code. Each feature code can only correspond to one virus, but one gene code can correspond to a gene series virus.

Although the same as the characteristic code, the gene code effectively reduces the amount of data in the virus signature database.

The third method is heuristic. The principle of this method is somewhat related to endless defense. It judges whether a file is a virus program by comparing the difference between an unknown file and a normal program.

There are two ways of enlightenment, one is dynamic enlightenment and the other is static enlightenment. The static heuristic is to understand the real motivation of an unknown program by decompiling the static code instruction sequence to determine whether it is a virus.

Dynamic inspiration is sandbox technology, which builds a sandbox environment through anti-virus software. Let the unknown file run in the sandbox and check what behavior the unknown program will do to determine whether it is a virus.

Dynamic enlightenment has a big disadvantage. The establishment of a sandbox environment will consume a lot of system resources and cause a shortage of computer system resources. Causes the normal operation to lag and freeze.

Kaspersky has done a good job in this field, and it has the best antivirus effect. But as its name is. Don’t~ call it a’crack crash’!

The above three methods show that no matter which method it is, a lot of work is needed to determine whether an unknown file is a virus program.

Doing a lot of work will take up a lot of system resources, whether it is CPU computing resources. Memory storage resources are other system-resources.

Occupies a lot of system resources, resulting in poor load capacity of computer equipment, which is slightly more serious. It will make the computer equipment freeze or even crash!

…For flowers…

And endless defense determines whether an unknown file is a virus, there is only one step!

Just make sure it is a protected file!

If it is not, delete it directly, no more operations are required, and the pressure on the system is reduced a lot.

Therefore, facing the thirty-nine group, the security experts of the International Intelligence Bureau of the Ministry of Foreign Affairs, the endless defense came down!

After checking the official website of the International Intelligence Bureau of the Ministry of Foreign Affairs, Chu Hao, based on the No. 1 server, combined the supercomputer Yan and the No. 3 server to form a cluster server to jointly attack the official website web server.

Since the official website of the International Intelligence Agency of the Ministry of Foreign Affairs adopted Microsoft’s IS server and built it with asp.net technology, Chu Hao has a fairly deep understanding of Microsoft’s system!

Controlling the supercomputer Yan, without triggering any alarm, Chu Hao obtained low-level permissions on the web server. Then on the basis of low-level permissions, the permissions are slowly elevated.

Obtaining low-level permissions first, and then raising the permissions to upgrade, is safer in some cases than directly obtaining super permissions in one step. At,