惡意軟體與網路APT攻擊事件大幅提升,嚴重危害到企業以及個人電腦的安全,因此資安廠商致力於提供更多元、多觸角的防範惡意軟體服務,期望達到阻止全球化惡意攻擊的目的。縱然單一資安廠商積極提供高服務品質以進行電腦安全防護,而防毒軟體為目前主要之防範惡意軟體機制,此類資安防護軟體仍會面臨到的偵測空窗期、防毒軟體自身的安全強度與掃描時間過度冗長的問題。然而事實上,多數使用者最在意的還是實質上的惡意軟體檢測率以及防毒軟體執行掃描任務的作業速度。 因應終端系統之資安問題日趨重要,我們提出一套終端系統安全之即時預警技術,並以Windows 7作業系統作為實證平台,作法是在系統軟體執行前,將其經由網路傳送至VirusTotal做多重防毒引擎檢測。若檢測通過,再允許檔案被作業系統執行。使用VirusTotal即時掃描,除了能夠藉由多個防毒引擎的偵測提供高檢測率的偵測惡意軟體服務,也能提供使用者二十四小時即時防護。而只掃描預備執行的檔案,也將會較傳統防毒軟體一次掃描所有電腦中檔案的時間更為迅速且有效率。 ;The rising of malicious software and network APT attacks severely brings the risk of security exploitation to all the enterprises and personal computers. Therefore, security vendors are dedicated to provide the service with more diversity in order to protect their customers from global malicious attacks. Antivirus actively provides a high quality service to protect computer security. However single security vendor may still be confronted with several problems, such as significant detection windows, antivirus self vulnerability, and tedious time consuming tasks on scanning whole system files. Actually, most users may pay closely attention to both the detection rate and the speed of scanning tasks of antivirus software. In this thesis, we propose a defense mechanism named CatPaw to resist the intrusion of malware and malicious contents. Windows operating system will be selected as the platform to verify our design. System software or others user applications will be scanned by sending them to VirusTotal on the Internet before executing by operating systems. If the test passes without hesitation, the file can be executed continuously. Real time scanning on VirusTotal can not only provide security service with more reliability and more accurately by using multiple antivirus engines, but also provide 24 hours real time protection for users. Furthermore, scanning the files only triggered by users instead of scanning all the files in the disk by traditional single antivirus software will make it as efficient as possible.
