有谁知道防病毒程序如何实现对文件的访问控制？ [英] Anybody know how antivirus programs implement access control to files?

问题描述

Comodo Internet Security等防病毒程序根据程序访问对文件进行了非常酷的访问控制。

我特别感兴趣的是它们如何中断对文件的访问，提供弹出窗口询问用户确认，然后根据他的回复允许/拒绝访问文件。



任何想法如何做到这一点？

解决方案

AV软件使用许多不同的系统，一些系统挂钩，一些rootkits（即kaspersky）和AV API形成办公用品的MS。

如果你想仔细看看检查< a href =http://www.clamwin.com/content/view/197/106/> clamwin 是GNU许可下的开源AV。

关于在那里挂钩这里有一些很好的文章，如 EasyHook 。

Antivirus programs such as Comodo Internet Security have extremely cool access control to files based on program access.
I'm particularly interested in how they interrupt access to files, provide a pop-up asking the user to confirm and then allow/deny access to files based on his reply.

Any ideas how this is done?

解决方案

AV software make use many different systems, some of system hooks, rootkits (i.e. kaspersky) and AV API's form MS for office products.
If you want take a closer look check clamwin that is an open source AV under GNU license.
About hooking there are some excellent articles here like EasyHook.

这篇关于有谁知道防病毒程序如何实现对文件的访问控制？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！