Saturday, September 25, 2010

In addition to resource saving, NOD32 On what basis can beef?



Recently found a strange phenomenon - the various websites and forums, as long as the mention of NOD32, the inseparable "accounted for less resources" before. Although this is a fact, and many are indeed because of this reason is put NOD32, Dan Shi extremes meet, Zhe Gan Jue is the NOD32 people's resources in addition to Zhan Shao Zhi Wai will have no other You Dian, and even in some places still repeated the baseless assertion De Chuxianleisi " ; NOD32 Trojan horse does not kill, "the fallacy of the class.

NOD32 faithful as fans, naturally want to see this, so the text a little essays, I hope all the attention and love NOD32 friends to help.

First, inspired (Heuristic)

Why should first say that enlightenment? Because personally think that this is the biggest outside of NOD32 in addition to the advantages of resource usage.

The so-called inspiration, is that antivirus software can not in the virus library judgments and intercept malicious files. Statement in accordance with ESET, NOD32 virus database can be without any context, to identify the last 90 days, 54% of new viruses. In fact, if you are using NOD32, then, that prompted "variant of ..." (XX virus variants), and "probably a variant of ..." (XX virus variants may be) is heuristic judgments reported Although it can not accurately reported the virus name, but it can not be guaranteed outside the block in the system against.






Figure 1

Heuristic antivirus NOD32 has not the only one, but based on the actual test run, many anti-virus software, "inspired" are reported shell, that is, the processes of the shell as long as the police, regardless of the procedure itself is harmful. Inspired NOD32 false positive rate is very low, if you are interested, I can share more detailed testing process.

2, scanning speed

Meisha good explanation of this stuff, take a look at two recent Virus Bulletin test report now! Look at the Vista platform:






Figure 2

Let's look at XP platform, or Virus Bulletin's data:






Figure 3

If your hard drive is only 40GB, 60GB or 80GB, this difference may feel obvious, but if your hard disk is 160GB, 250GB or even more so, making the overall feel that NOD32 can scan speed advantage.

Third, self-protection

"A virus can get rid of certain anti-virus software," the things that are common, and even appeared to modify the system date antivirus software can fail to do so. Therefore, anti-virus anti-virus software, while also strengthening the ability to protect themselves, so as not to block the virus but was not anti-virus software "kill", or even if it's of ability is also furnished.

In this regard, NOD32's performance is very good: it has two core processes, namely NOD32KUI and NOD32KRN, the former is the user interface has been shut down after only a graphical interface, but the real-time monitoring or running; the latter is the core program, use the Task Manager, Bing Ren tools like its the end, it will automatically re-created.






Figure 4

Interested friends can own test, you use antivirus software process can not be easily concluded. Of course, if you select Bing Ren in the "prohibition of the process to create" option, then NOD32 also can not regeneration, but it's self-protection stronger than most other soft-kill, it is an indisputable fact.

4, on the Trojan

This is the most angry questions to the author. An article entitled "Kaspersky and other anti-virus software, in contrast of what I see" widely reprinted online, the paper said "NOD32 can not kill the Trojan defense! Because NOD32 is not the designers think that Trojan viruses," and so on, and really let people laugh and gas.

Why funny? Because the person writing this article, apparently never used NOD32, to a far the most simple of evidence to look at my NOD32 quarantine it:






Figure 5

Figure, NOD32 Trojan not only killing, and it's inspired equally effective against Trojans, tips from the graph can be seen out.

Or you can also easily look up NOD32's virus database update records (the official web site inquiries http://www.eset.com/support/updates.php), such as April 17 this day a total of 4 times the virus database upgrade , of which there are dozens of Trojan Records, I really do not know "NOD32 can not kill the horse," saying come from.

Again quote a passage, we take a look at that section was taken out of context, then what is:

"Computer Virus (Computer Virus) long term, compared to the subsequent emergence of computer worms (Worms), plate between the software (Spyware), adware (Adware), Trojan Horse (Trojan) and so much earlier However, collectively known as malware Jieke (Malicious Code). Although all of these are different degrees of computer injuries, including damage to data, invasion of privacy, steal important information, etc. But the trade''virus''Jisuan Ji's definition of the assertion''and''self-replicating ''transmitted'', in which worms have more similar characteristics, including the ability to own a number of cloned copy files, and crawling through the network to other computers infected. Therefore, spyware, adware and Trojan horses can not be classified as (narrow sense) computer viruses. "

In fact, this is also author would like to express the key issues - the views are all should come from practice, Qi Shi Kan you in these words of Shi Hou Ye Ke Yi suspect me, Danshizhiyou you Zhenzheng tried it and Cai know in the end who said it is correct.

5, issue size

Norton 360 just came out recently downloaded a wish to experience the results when prompted to install 370MB or so (forget the exact figures) hard disk space, can not help whom E and natural, then cancel the installation.

In contrast, NOD32 installation files and take up hard disk space after installation situation and, like its small footprint, the installation file is only 10MB succeed in that space after installation, but also more than 30 MB, which also includes the installation files around 10MB (quarantine viruses not included), it is easy on the U disk.

Come talk about the "footprint" problem, and some friends to it and the "memory footprint" confused the probability that total resource is accounted for memory, the memory is in fact a part of system resources, impact on the system speed is more obvious is the CPU resources. Why we have a memory card will rise to the situation after 2G. Therefore, NOD32 is the best anti-virus software does not drag the system, but that does not mean that it takes up memory is the smallest, we take up the memory if they are smaller than some of situations NOD32 also not surprised.

Finally, a circumstantial evidence cited: Europe and the United States and Hong Kong, the user's computer configuration in general is better than the mainland, but NOD32 is still in Europe and the United States and Hong Kong have a very huge market.







Recommended links:



Firefox 3.7 Will Update The Interface Denies Plagiarism Chrome



H.264 To AVI



OSPF Posts: Frame Relay OSPF-radio Host



MTS to MP4



Longhorn Beta1 only compatible with two kinds of graphics chips



Simple Music Composers



Catalogs Security And PRIVACY:



Hot stocks head invasion: with input for the stock market frenzy



After the wedding, the trouble Unicom iPhone



FLV to iPod



Premiere does not pass on the secret angel dreams



Two Errors in the Exchange of links



Xi Guohua, vice minister of MII: China's 3G LICENSES around four factors



Hopson Zhu Meng v. United States, according to the country INVOLVED?



Taobao shielding Baidu Sohu Baidu PPC trouble



Posted by at No comments:

Tuesday, September 14, 2010

Delphi beginners reference (b)


Windows API
API (Application Programming Interface) application programming interface, all the computer language to be used in it. What is API? API is the program uses the services provided by the operating system as a means of programming most of us are not operating directly on hardware, but rather call these API, the direct operation by the operating system, hardware, it is we do not have programming and hardware test filter compatibility issues, more importantly, from the operating system level to achieve a code-sharing. Therefore, if the programming API can be used to achieve the function, we try to use it.

Delphi How to use the Windows API

Development in their daily work, we often have to use the Windows API function, then the API function exists where? We can interpret it this way, API function that is encapsulated in the Windows system's DLL system files. As we often use the Beep procedure (Bell), is called Windwos system directory user32.dll in MessageBeep realized; SendMessage (message) is a direct call to user32.dll's SendMessageA. Delphi Dll most frequently used are: advapi32.dll, kernel32.dll, mpr.dll, version.dll, comctl32.dll, gdi32.dll, opengl32.dll, user32.dll, wintrust.dll, msimg32.dll.

So Delphi is how to use this API function for? Since the API function exists in the system DLL, then we can call their own, as written in the same DLL API function call friends. Call the DLL function in two ways, one is a static method, a dynamic way. Call the Windows API are based on the static approach, and why? This is because the DLL is the most basic services provided by the operating system, the operating system at boot time on already loaded into memory, and large and the operating system also use them.


API and daily programming

Delphi encapsulates the Windows API function, the majority of (mainly in the Windows.pas unit), it should be said to complete most of our work, we generally do not directly call the API function. But sometimes there are special requirements, we may have to call off a number of Delphi did not package API, sometimes even calling Windows API functions not released. So how to call these API functions? As mentioned before, using the static method call just fine. See more details call the relevant information.

Delphi did not call these API functions encapsulated key is to know the parameters. Can check to see the latest MSDN or related information.


API and VCL

Microsoft's MFC a lot of packages in Windows API, VCL is no exception. VCL features can not be separated to achieve most of the Windows API, either directly call, either through a simple package and then call. Repaint if TControl's implementation (Control unit):
procedure TControl.Repaint;

var

DC: HDC;

begin

if (Visible or (csDesigning in ComponentState) and not (

csNoDesignVisible in ControlStyle)) and (Parent <> nil) and

Parent.HandleAllocated then

if csOpaque in ControlStyle then

begin

/ / Direct call to the GetDC user32.Dll

DC: = GetDC (Parent.Handle);

Try

/ / Direct call gdi32.Dll of IntersectClipRect

IntersectClipRect (DC, Left, Top, Left + Width, Top +

Height);

/ / Parent.PaintControls a large number of API calls

Parent.PaintControls (DC, Self);

Finally

/ / Directly call the ReleaseDC user32.Dll

ReleaseDC (Parent.Handle, DC);

end;

end else

begin

/ / The following two calls through the package

Invalidate;

Update;

end;

end;

Can be seen in everywhere VCL API, we understood from the other side is VCL: VCL is a large number of package API function libraries, such a result is to make it easier to use the API, do not care about those annoying API parameter.


Delphi and Windwos COM Service
What is COM? COM (Component Object Model), Component Object Model, which is based on the Windows platform for the different independent objects can communicate with each other without any constraint of software computing language component model, which defines a standard API, and a binary. The definition of abstract, first of all it is a component model defines a component object specification model to achieve this COM object is the COM object. COM object is through the interface (Interface) to achieve access to a COM object can contain one or more interfaces form the COM objects function, you can visit the VCL objects like the same way as the interface method to access COM objects. COM objects in order to achieve resource sharing, it is a binary code level to achieve a shared, so it can be implemented in different programming languages can also be by a different programming language to call, similar to DLL (COM fact, the ideological sources DLL).


VCL and COM

COM is highly recommended by Microsoft before something so ubiquitous Windows operating system, Delphi's VCL has also called Windows COM service, the most obvious example is the field component of all ADO ADO page components, such as TADOQuery, it is inherited from the TCustomADODataSet while TCustomADODataSet defined as follows:
TCustomADODataSet = class (TDataSet, IUnknown,

RecordsetEventsVt)

private

FRecordsetObject: _Recordset;

FFindCursor: _Recordset;

FLookupCursor: _Recordset;

FLockCursor: _Recordset;

FRowset: IRowset;

FAccessor: IAccessor;

FRowsetFind: IRowsetFind;

FHAccessor: HACCESSOR;

FOleRecBufSize: Integer;

...

end;


ADO (Microsoft ActiveX Data Objects), it is a set by Microsoft OLE DB Provider to access the database a collection of COM objects. If we look at the First TADOQuery realization methods:
TADOQuery.First-> TDataSet.First-> TdataSet.InternalFirst-> TCustomADODataSet. InternalFirst -> Recordset15. MoveFirst

TADOQuery inherited from TCustomADODataSet, but TCustomADODataSet inherited from TdataSet, TdataSet.InternalFirst virtual method is defined, while the sub-class TCustomADODataSet. InternalFirst covers it. TCustomADODataSet. InternalFirs Recordset15 the MoveFirst method call interface.

Not difficult to find, TADOQuery.First eventually calling COM object through the interface implemented.


Delphi and the Windows shell

What is the Windows shell does? Windows Shell is the Windows interface operating environment, it also provides a powerful our programming scalability. We use Windows shell functions to achieve some of the programming, known as shell extension. For example, if your machine has been installed WinRAR, right-click menu in the folder will see the WinRAR compression menu. These features is through the Windows shell extensions to achieve.

Windows shell is based on COM, so all the shell extensions is through the interface. Delphi also defines a number of shell extension interface, the installation directory Delphi7 SourcertlWinShlObj.pas unit.

In Delphi's Demo directory there is a Virtual Listview example is achieved by Windows shell extension disk browsing, interested readers can look.

Embedded assembly language
Assembly language code to embed in Delphi is one of the characteristics, such as the VCL implementation of the root class Tobjce compilation of statements on a range of embedded.

Assembly language is a relatively low-level computer languages, and the closer relationship between hardware. So we usually try not to use it programming, but in some special occasions (such as high performance requirements, the need for direct manipulation of hardware), the use of it can still play a significant role.






Recommended links:



Shop Dictionaries Education



Yum 2007 "Ten key words"



Unlimited access to the LATEST trick for Gmail account



Official air strike 2 Cheats



Expert Anti-Virus Tools



Youtube Video Formats



Huang Guangyu of "money POWER" and the weak power



Rmvb On Ps3



Meiling: Select Game Gu Gu and back



Kaspersky Lab Set Up Regional Offices In Canada



3 ACCOUNTING in a drama, colorful festival Foshan accounting



Wmv To Flv Converter Free



My Favorite Firewall And Proxy Servers



Windows media player m4v



Ubuntu will build a full team in China



Zha Yufeng: build "long flight" Back pillar



Posted by at 21 comments:
Subscribe to: Posts (Atom)