Computer viruses What is a computer virus? Types of computer viruses. Protection against computer viruses Various types of anti-virus programs

Chapter 3 Viruses under Windows This section covers viruses that infect files in the Windows operating system. The most detailed examination of viruses under Windows 95. The output texts of viruses with report comments are provided. The main information about the files that are launched is also provided

Viruses under Windows 3.11 The compiled Windows file contains different combinations of code, data and resources. Resources are BIN data for application programs. Because it is possible to run a file under DOS, the data format can be recognized by both DOS and Windows systems. For whom is it all

Viruses under Windows 95 The Portable Executable format is being favored by Win32, Windows NT and Windows 95, making it even more popular and may become the dominant EXE format in the future. This format is classified as NE-executable, which is introduced in Windows 3.11.

Section 4 Macro-viruses This section talks about macro-viruses. The procedure and methods for infecting files are described. The output text for the macrovirus with report comments has been provided. Basic information about the language VBA, its procedures, functions, standards has been provided

Section 15 Viruses, Trojans and worms This section discusses the following topics: Distinctions between viruses, Trojans and worms Viruses Infection of various platforms Drives for Unrestful Creation of a nasty code Protection from

Viruses and Trojans The attack involves a specially designed computer virus or worm to infect your installed PGP program. This hypothetical virus could be hacked in such a way as to steal the private key and password, or instead

Most personal computer owners have heard of horror stories about computer viruses. Among the “dummies” there is a strong thought about the possibility of expanding computer viruses without going in a crazy way. This article covers basic knowledge about viruses and ways to expand it.

We recommend that you familiarize yourself with this article as you do not have any problems with viruses and your computer has adequate security in smartnet.ua

A virus is a program that can replicate on a computer, adding its code to the body of other programs, thereby infecting them. Life before reproduction is the basis of all computer viruses.

The virus begins to make silent copies of itself and spread them through, where possible. Some viruses may spread around the world.

Such viruses are called hemorrhoids. Viruses can mask their presence in the system, and many will resist attempts to remove them.

After all, any virus is a primary computer program, just like Explorer or a browser. Basically, the virus only survives because it ends up on the computer not because it is worth it, but because it is harmful. Before speaking, not all viruses produce systems of serious harm.

There are plenty of things to do with them, so the powerful breeders have nothing to do. The only problem with such viruses is the amount of system resources they consume, which, however, also causes certain inappropriate actions.

The conclusion is clear: since a virus is a primary program, then, before it can begin its destructive work on a computer, it needs to be launched from the very beginning. If the virus is not launched, it can lie on the hard drive for many years without causing any harm to the system. The most important task for a hacker, having written a virus, is the first time it is launched on the victim’s computer.

Once launched, the virus takes control of the virus system and begins to live its own life, which can be very difficult to stop. There are a lot of ways to launch it, but the most advanced way is to detect an infected user. Therefore, koristuvacheva varto will be respected before what files can be used to click on the target. Thank you for everything, don’t mindlessly click on files to be saved. How can I verify these files from others? It’s not easy for Explorer to rely on file icons. A hacker can easily destroy them.

It is better to designate the file type for this expansion. The extension is a dot and three (sometimes greater) Latin letters after the file name. The extension designates the type of file and therefore the system means that it itself needs to work with the file when you press on it. Windows Explorer does not display it after installation, so configure it so that the extension is visible.

Koristuvach cannot run files with the extensions .com, .cmd, .exe without the need. It is up to the buyer to be aware of the extended file types that he or she operates with. If you don’t know the extension, it’s better to look for information about it on the Internet, and then just start working with files of this type.

Slides must also be placed before the Windows security system. If any program, upon launch, asks for permissions from the system, the monitor screen darkens and a message is displayed about the assignment of such rights.

It should be noted that it is important that certain programs do not retain rights at all. Most often, such rights are required only for installing programs, or for updating them. A virus simply cannot do without such rights to gain control over the system.

Therefore, if the customer does not install or update his security program, the result will be negative. In case of viruses that spread through different carriers, the system will also set a barrier in front of the user about the need to run programs from that carrier. Looking at those that almost no one runs flash drive programs, the power supply also gives a negative result.

Thus, infection of the system with a virus is not completely inevitable. You should also promptly update your operating system, install an anti-virus program on your computer, and exercise basic caution when dealing with third-party files.

For comfortable and safe work at the computer, it is necessary to at least know how to protect personal data. For this reason, you first need to know about what a computer virus is. Also remember that the best way to combat it is with an antivirus program.

The meaning of a computer virus is as follows: “A computer virus is a software program with the ability to self-copy, insert into the system code and other software products, as well as introduce incorrect code into the computer hardware and information.” Take care of your nose.

The main purpose of any virus is the spread of malware, theft of information, or taking care of your computer. Other computer viruses are also susceptible to infection. Agility before reproduction allows for maximum harm. The fact is that these viruses multiply not only within the local machine, but also become more expensive at scales, including global ones, talking about those who may end up with epidemics of computer viruses.

Phases and developments characteristic of computer viruses

• Passive operation: you have a virus of recordings on your hard drive, but do not perform daily operations until the programmer’s instructions are completed.
• Reproduction: a virus in which a virus creates an indestructible number of copies of itself and is located on the hard drive of the computer, and is transmitted to the local network via service packages.
• Active operation: in this mode, the virus begins to lose its purpose - to obtain, copy data, individually occupy disk space and waste RAM.

How computer viruses appeared

The official history of computer viruses dates back to 1981. Computational technology was in its infancy. No one even knew what a computer virus was. Richard Skrenta wrote the first innovative virus for the Apple II computer. It was completely innocent and displayed the top on the screen. This year, viruses for MS-DOS began to appear. In 1987, three virus epidemics were recorded in the population. This is due to the entry into the market of an equally inexpensive IBM computer and the growth of computerization around the globe.

The first epidemic was caused by the useless Brain program and the Pakistani virus. The Alvi brothers dismantled him in order to punish the koristuvachs who were violating the evil versions of their software. The brothers did not realize that the virus had gone beyond Pakistan, but it happened, and the Brain virus infected computers all over the world.

Another epidemic struck Lehigh University in the United States, and hundreds of floppy disks were lost from the university's library and computing center. The epidemic was small, average in scale at that time, and the virus infected more than 4 thousand computers.

The third virus - Jerusalem emerged in several countries around the world. The virus finds all the files immediately before they are launched. In the middle of the epidemic of 1987-1988, this fate was on a large scale.

1990 became the starting point for the active fight against viruses. Until now, a lot of programs had already been written that were used by computers, but until the 90s this was not a big problem.

In 1995, new viruses began to appear, and an incident occurred in which all disks running the beta version of Windows 95 were found to be infected with viruses.

Today, the “computer virus” has become a household name, and the problem-solving industry is growing rapidly. New viruses are emerging every day: computers, telephones, and now viruses for the anniversary. At the same time, various companies vibrate chemical complexes that cause computers to become infected in all areas of the world.

Computer virus "Ebola"

Today, the computer virus “Ebola” is even more relevant. Hackers attack you by email, hiding behind the names of their companies. The virus attacks the security software installed on computers, and will quickly delete everything installed on the machine. In addition, they can reproduce, including locally. Thus, “Ebola” is considered one of the most unsafe objects today.

Classification of free programs

Computer viruses are classified under different classifications. Based on their behavior, they were intelligently divided into 6 categories: by extension, by the peculiarities of the code, by the method of infecting the computer, by integrity, by capabilities, and in addition there is a category of viruses that cannot be classified.

Typically, there are the following types of computer viruses:

• Merezhevi- These viruses are spreading locally and globally, infecting a large number of computers around the world.
• Files- Vprovadzhuyutsya at the file, infecting Yogo. The problem begins as soon as the infected file is deleted.
• Zavantazhuvalny- Enter the locked sector of your hard drive and start downloading at the moment the system is locked.

The specifics of the virus code can be divided into:

Based on the method of infection, viruses are divided into two groups:

• Resident- Crazy programs that infect the RAM.
• Non-resident- Viruses that do not infect RAM.

Based on their consistency, stench can be divided into:

• Divisions- programs that are divided into a number of files, or that create a script for the succession of events.
• Tsіlіsny- A single block of programs, which is determined by a direct algorithm.

Based on the possibilities, the division of viruses into the following categories has been transferred:

• Unnecessarily- Types of computer viruses that can be used to improve your computer's performance by reproducing and eliminating free space on your hard drive.
• Safe- viruses that enhance the computer’s operation occupy significant amounts of RAM and create sound and graphic effects.
• Unsafe- Viruses that can cause serious system failures, from freezing the computer to crashing the operating system.
• Even more dangerous- Viruses that can erase system information, as well as lead to physical destruction of the computer due to additional damage to the life of the main components.

Various viruses that have not been classified under this classification:

• Merezhevi worms- viruses that collect the addresses of accessible computers at the same time and multiply. As a rule, there are no viruses.
• Trojan programs, and Trojans. These types of computer viruses took away their name in honor of the famous Trojan horse. These viruses disguise themselves as dirty programs. It is important for the theft of confidential information, as well as various types of unsafe representatives of corrupt software.

How to find a virus on your computer?

Viruses can go unnoticed, but at the same time kill unwanted activities with your computer. In one case, it is practically impossible to detect the presence of a virus, but in another case, the user is aware of a number of signs that the computer is infected.

For those who don’t know what a computer virus is, if there is any suspicion of a security problem, click on the following:

• The computer began to work harder. Moreover, increased work is of lesser importance.
• The files appeared, like the correspondent did not create. With particular respect, you should attach a trace to files that may replace an adequate name with a set of characters or an unknown extension.
• Suspicious increase in the occupied area of ​​RAM.
• Mimovilne vimikanie and rezavantazheniya computer, yo non-standard behavior, blinking screen.
• The impossibility of attracting programs.
• Reminders and information about malfunctions are reluctantly shown.

All these signs indicate that your computer is infected, and it is necessary to check it for the presence of files with malicious code. There is only one way to check your computer for viruses - an anti-virus software program.

Antivirus programs, or antiviruses,- These software complexes contain large databases of computer viruses, and require careful checking of the hard drive to identify known files and code. Anti-virus software can fork, delete or isolate the file in the special area.

Ways and methods to protect yourself from cheap programs

Protection against computer viruses is based on technical and organizational methods. Technical methods are aimed at the most effective methods of eliminating virus threats: antiviruses, firewalls, antispams and, most importantly, updating the operating system. Organizational - methods that describe the correct behavior of a computer assistant from the point of view of information security.

Technical methods cover the possibility of viruses penetrating a computer using additional software.

Antivirus- control the file system, regularly check and track down corrupt code. The firewall is used to control information passing through edge channels and block unwanted packets.
The firewall allows you to block any type of connection based on various criteria: ports, protocols, addresses and activities.

Antispam- control the receipt of unwanted mail, and when it reaches the postal client of a suspicious person, block the possibility of downloading attachments, so that the customer does not delete them. The main idea is that anti-spam is the most effective way to fight, but today they block tens of millions of pages with embedded viruses.

Operating system update- a process in which developers correct bugs and shortcomings in the robot OS, which is corrected by programs for writing viruses.

Organizational methods describe the rules of working on a personal computer, processing information, launching and running software, which are based on four basic principles:

1. Launch and open only those documents and files that were found from reliable devices, and without any reason, they are hard to remember. In this case, the user takes responsibility for himself by launching one or another program.
2. Check all the information you can find from any external source, be it the Internet, an optical disk or a flash drive.
3. Always keep the anti-virus database and software shell version up-to-date against threats. This means that antivirus software vendors are constantly improving their products in response to the emergence of new viruses;
4. Be sure to check the recommendations of anti-virus programs and check your flash drive or hard drive connections to your computer.

With the emergence of viruses, programs began to appear that allow them to be found and exterminated. Today new viruses are appearing in the world. Computer products for their use are updated several times a day to ensure they remain up-to-date. So, the constant fight against computer viruses continues unabated.

Today, the choice of antivirus programs is even greater. New proposals are constantly appearing on the market, and they are very interesting: from full-fledged software complexes to small subprograms, oriented only to the type of viruses. You can find cost-free or all-purpose products with a paid security solution license.

Antiviruses save in their signature databases the codes of a large number of objects that are unsafe for computer systems and, at the hour of verification, update the codes of documents and files that are linked to their database. Once a match is found, the antivirus will notify you about the product and select one of the security options.

Computer viruses and anti-virus programs are invisible parts of one another. The basic idea is that for the sake of commercial profit, anti-virus programs independently dismantle unsafe objects.

Anti-virus software utilities are divided into several types:

• Program detectors. Intended for searching for objects infected with one of the known computer viruses. Call the detectors only to look for infected files, and in some cases they will start cleaning.
• Program auditors - These programs save the file system state, and then check and verify the changes. If the data does not agree with each other, the program checks whether the suspicious file was edited by the client. If the test result is negative, a warning will be displayed about the possibility of contamination of the object.
• Program-healers- suitable for curing programs of all hard drives.
• Program filter- stop checking information that goes on your computer and block access to suspicious files. Zazvichay, bring out the koristuvachevi. Filter programs are now available in all modern browsers to quickly detect computer viruses. This is a very effective solution that will protect the current development of the Internet.

The largest anti-virus complexes combine all the utilities, which are combined into one great drying mechanism. The most prominent representatives of anti-virus software are: Kaspersky Anti-Virus, Eset NOD32, Dr.Web, Norton Anti-Virus, Avira Antivir and Avast.

These programs have all the basic capabilities, so that they have the right to be called wicked software complexes. Some of them are sold in the middle of cost-free versions, and some are sold for less than a penny in the city.

New types of antivirus programs

Antiviruses are available for home computers, office networks, file servers and network gateways. Viruses can be found and removed from them, but the main voice in different versions of such programs can be directly related. The most important functionality, of course, is an anti-virus software for a home that needs to remove data from the protection of all possible spills.

What should you do if you suspect your computer is infected?

If you are aware that your computer is infected with a virus, you must first not panic, but the following sequence of actions will follow:

• Close all programs and files that the user is currently working on.
• Run an anti-virus program (if the program is not installed, install it).
• Find out the new check function and run it.
• After the scan is completed, the antivirus scans a limited number of options for dealing with detected bad objects: files - delete, bad programs - delete those that are not visible - place in quarantine.
• It is important to follow the recommendations of anti-virus software.
• After completing the cleaning, restart the verification.

Since the antivirus is constantly checking unknown threats, it means that the computer’s non-standard operation is caused by problems in the PC hardware or internal defects of the operating system, which can also fail often, especially the operating system rarely lends itself to renewal.

E. KASPERSKY and D. ZENKIN

The epidemic of the “LoveLetter” computer virus that burned in the grass of this rock once again confirmed the danger that such a “computer fauna” lurks within itself. Having penetrated hundreds of thousands of computers around the world, the virus acquired a huge amount of important information, literally paralyzing the work of the largest commercial and government organizations.

This is what “love letters” look like, which are supported by the “LoveLetter” virus by email. To launch the virus, just click on the icon.

This little one is displayed by the “Tentacle” virus when you try to view any file with GIF extensions on infected computers. Write to the baby: I am a virus Tentacle.

The "Marburg" virus shows these charming crosses and... deletes files from disks.

The script virus "Monopoly" was felt by the head of Microsoft, Bill Gates. By showing a crappy picture, the virus inexplicably removes sensitive information from the computer.

Unfortunately, the phenomenon of the “computer virus” still evokes a great fear, a need to firmly understand the situation and live safely. What kind of stink is this virus? How bad is the stench? What antivirus protection methods are emerging today and how effective are they? On this and other topics, the fakes of the wired anti-virus software manufacturer “Kaspersky Lab” fade.

WHAT IS A COMPUTER VIRUS?

At this point, it would seem, simply that no unambiguous species has yet been found. In the specialized literature, you can find hundreds of meanings of the concept of “computer virus,” many of which vary in some ways. The original “virology” is determined by its current meaning: a computer virus is a program that enters a computer without the user’s knowledge and performs various unauthorized activities there. This significance would be incomprehensible, as if we had not guessed about yet another power that was associated with a computer virus. This property “multiplies” in order to create its duplicates and transfer them to the computational network and/or files, system areas of the computer and other objects that are being compiled. Moreover, virus duplicates may not be identical to the original.

The presence of viruses before they “multiply” makes it necessary for some people to equate them with a “special form of life” and to endow them with “evil intelligence”, which interferes with their work vile revolutions for to reach the set mark. It's all just a guess and a game of fantasy. A similar feeling is suggested by the average phenomena about evil spirits, which no one knew, but everyone was afraid of. The “reproduction” of viruses is not disrupted in any way, for example, by the program copying files from one directory to another. It is also important that you sign off without the knowledge of the account manager, so that daily notifications do not appear on the screen. In every other virus, there is a primary program that attacks other computer commands.

Computer viruses are one of a large class of programs called bogus codes. Today's concepts are often misunderstood, but from a scientific point of view this is not the case. The group of bad codes also includes the so-called “scramblers” and “Trojan horses”. The main thing about viruses is that they cannot “multiply”.

The software program expands across computer networks (local and global), without going so far as to "multiply". Natomist automatically, without the knowledge of the correspondent, sends out its original, for example, by electronic mail.

"Trojan" programs have eliminated any built-in expanded functions: they can be used on computers, including "for the help" of their authors or those who are illegally vikorist. Let's remember Homer's Iliad. After many unsuccessful attempts to take Troy by storm, the Greeks retreated to cunning. The stinks recovered the statue of a horse and deprived it to the Trojans, leaving them to advance. Proteus was in the middle empty and caught the corral of Greek soldiers. The Trojans, who worshiped the deity of the image of a horse, themselves pulled the statue into the gate of the place. "Trojan" programs use a similar method of propagation: they remove stinks from the computer under the guise of brown, coppery and often hackish programs. For example, koristuvachev receive a sheet of e-mail with a proposal and start sending a file containing, say, a million rubles. After launching this file on the computer, the program is constantly wasted, which performs all sorts of unnecessary things. For example, it can search for the password of an infected computer (check what sites it provides, what passwords it provides to access the Internet, etc.) and then forcefully remove the data from its author.

Nowadays, there have been frequent occurrences of so-called “mutants”, or useless codes that bring out the peculiarities of several classes. A typical example is the “Melissa” macrovirus, which caused a great epidemic in Bereznia in the past. It expanded with edges like a classic Internet hack. "LoveLetter" is also a mixture of the hedge worm and the virus. In some cases, the malfunctioning program may have the characteristics of all three types (such as, for example, the “BABYLONIA” virus).

SYNOPSIS OF COMPUTER VIRUSES

Surprisingly enough, the idea of ​​computer viruses appeared long before the advent of personal computers. In 1959, the American scientist L. S. Penrose published an article in the journal “Scientific American” devoted to self-creating mechanical structures. This article described in its simplest form a model of two-dimensional structures created before activation, reproduction, mutation, and burial. Nezabar, US researcher F. G. Stahl, implemented this model in additional machine code on the IBM 650.

At that time, computers were magnificent, easy to use and extremely expensive machines, so their owners could only be great companies and ordinary computing and scientific centers. On April 20, 1977, the first “people’s” personal computer, the Apple II, rolled off the assembly line. The price, reliability, simplicity and handiness of the robot mean it is widely used in the world. The total sales of computers in this series reached over three million units (not including many copies, such as Pravets 8M/S, Agat and others), which significantly exceeded the number of all other EOMs at that time. Millions of people of different professions, social beliefs and mentalities were denied access to computers. It is not surprising that at the same time the first prototypes of modern computer viruses appeared, and two of their most important developments were revealed - the expansion of the “living space” and the emergence of functions of everyday life.

In the future, minds became more hospitable to viruses. The assortment of personal computers available to the cross-border community has expanded, besides small 5-inch magnetic disks have become rigid, local networks have rapidly developed, as well as technologies for transmitting information using additional telephone lines that are switched. The first BBS (Bulletin Board System) data banks have been released, and the “dogs are dumbfounded”, which significantly eased the exchange of programs between traders. More recently, many of them have been transferred to the great online software systems (CompuServe, AOL, etc.). Everything has brought about the emergence of the third most important mind and the development and expansion of viruses - individuals and groups of people who deal with their creations have begun to appear.

Who writes virus programs and things? This food (please indicate the address and phone number) is especially favorable to those who have already recognized a virus attack and have spent the results of a rich campaign of work. Today, the portrait of the average “virus writer” looks like this: a man, 23 years old, an employee of a bank or financial organization, who is responsible for information security and proper administration. However, according to our data, this century is still lower (14-20 years), and there will be no business in the future. The idea that unites all the creators of viruses is important to see and manifest for yourself, let it be known in the herostratic field. In everyday life, such people often look like sinister quiet people, like a fly. All this living energy, hatred to the world and egoism find a way out from the creation of other “computer abominations”. They will tremble with satisfaction when they find out that their “child” has caused a real epidemic in the computer world. However, this is also the sphere of competence of psychiatrists.

The 1990s, which were marked by the rise of the global Internet, turned out to be the best hour for computer viruses. Hundreds of millions of people around the world have spontaneously become computer literacy, and computer literacy has become just as necessary as the ability to read and write. Just as in the past computer viruses developed extensively (as their number and clear characteristics grew), today, thanks to the advanced transmission technology, one can speak of a protracted virus. The “primitive ancestors” are being replaced by “wise” and “cunning” viruses, richly better suited to new minds of living. Today's virus programs no longer interfere with the sharing of files, dangerous sectors, or the creation of unnecessary melodies. All of them collect data on motherboard microcircuits. With this technology, masking, encryption and expansion of viruses can often lead to the discovery of counterfeiters.

HOW VIRUSES ARE

To date, approximately 55 thousand computer viruses have been registered. Their number is steadily increasing, and new, previously unknown types are appearing. Classifying viruses is more important than rivers. Finally, they can be divided into groups based on the following basic characteristics: dowkill, operating system, features of the robot algorithm. Therefore, with these three classifications, the Chernobil virus, for example, can be classified as a file-resident non-polymorphic Windows virus. The report will explain what this means.

1. The center of living

It is important to separate files, viruses and macroviruses carefully.

Initially, the broadest form of computer “infection” is file viruses, which are “loitering” in files and folders of the computer’s operating system. Before them lie, for example, “overwriting” - viruses (in English “to write over”). When you put it into your computer, you write down your code instead of the code in the file that is being infected, knowing it instead. Naturally, the file stops processing and is not updated. However, it is possible to avoid primitive viruses: stinks, as a rule, are very noticeable and cannot become the cause of an epidemic.

The “companion” virus is even more “cunning” (from the English “buddy”, “companion”). Don't change the file itself, but create a duplicate file in such a way that when you run an infected file, the control removes the duplicate itself, like a virus. For example, “companion” viruses that run under DOS, using specific features of that operating system, firstly link files with extended COM extensions, and then with extended EXE extensions. Such viruses create duplicates for EXE files that carry the same names, but with extended COM. The virus is written to the COM file and does not change the EXE file. When you run an infected DOS file, the COM file itself will first be detected and installed as a virus, and then the virus will run the file with the EXE extension.

Other “companion” viruses simply rename the file that is being infected, and under the old names write their old code to disk. For example, the file XCOPY.EXE is renamed to XCOPY.EXD, and the virus is recorded under the name XCOPY.EXE. When the file is launched, Keruvanya receives the virus code, which already launches the original XCOPY, which is saved under the names XCOPY.EXD. A similar type of virus has been detected in many operating systems - not only in DOS, but also in Windows and OS/2.

Other ways to create duplicate files. For example, viruses of the "path-companion" type "play" on the peculiarities of the DOS PATH - a hierarchical record of file deletion in the DOS system. The virus copies its code under the name of the file it is infecting, but places it not in the same directory, but one level higher. In this case of DOS, the first thing to detect and launch is the virus file itself.

The principle of dii vandalized viruses Based on algorithms for launching the operating system. These viruses infect the boot sector of a floppy disk or hard drive - a special area on the disk that hosts the boot sector of the computer. If you change the default sector instead, you may not be able to start your computer.

Macroviruses- A variety of computer viruses created with the help of macros introduced into popular office programs on the computer Word, Excel, Access, PowerPoint, Project, Corel Draw and in (Division “Science and Life” No. 6, 2000). Macro macros are used for writing special programs (macros) that improve the efficiency of office applications. For example, in Word you can create a macro that automates the process of filling and sending faxes. All you need to do is enter the data into the form fields and click the button - you can create the macro yourself. The trouble is that, in addition to the original ones, you can also use bad macros on your computer, which may allow you to create your own copies and carry out actions without the knowledge of the account manager, for example, changing changes. documents, files or directories. This is what macroviruses are.

The greater the capabilities of these and other macroviruses, the more cunning, sophisticated and insecure can be written on a new macrovirus. Today's most advanced macro is Visual Basic for Applications (VBA). Your capabilities are rapidly growing from a new version of your skin. In such a manner, the more thorough the office programs are, the more careless we are in them. Therefore, macroviruses are becoming a real threat to computer users today. According to our forecasts, due to the fate of the skin, the stench will become more and more elusive and unsafe, and the liquidity of its expansion will soon reach unprecedented levels.

2. The operating system that is being tested..

The file edge virus infects files on any operating system - DOS, Windows, OS/2, Linux, MacOS, etc. Which is based on another method of classifying viruses. For example, the "BOZA" virus, which only works on Windows and nowhere else, is related to Windows viruses. Virus "BLISS" - before Linux viruses, etc.

3. Robotic algorithms.

Viruses can also be separated by the robotic algorithms they use, as well as various software tricks that make their desktops unsafe and dangerous.

First of all, all viruses can be divided into resident and non-resident. A resident virus is similar to a rogue virus that is constantly operating in a foreign country. Once infected in the computer's RAM, the virus remains in it until the computer is turned off or re-enabled. Create a resident virus and continue its destructive actions. Non-resident viruses do not infect the computer’s memory and the existing ones “multiply” only when they are launched.

All macroviruses can also be classified as resident. The stench is present in the memory of the computer that has been infected with them for a long time.

Otherwise, viruses happen visible and invisible. For the common man, invisibility to the virus is perhaps the greatest mystery of its power. There is nothing demonic about him. “Invisibility” lies in the fact that the virus, through the use of software tricks, does not allow computers or anti-virus programs to mark the changes that were made to the infected file. Constantly occupying the computer's memory, the stealth virus overrides the operating system's requests to read and write such files. Having copied the request, it replaces the infected file with an unzipped option. In this manner, the coralists will always be targeted by only “clean” programs, at that time, as the virus will inevitably carry out its “black right.” One of the first invisible file viruses is “Frodo”, and the first fascinating invisible virus is the “Brain” virus.

To camouflage yourself as much as possible from anti-virus programs, almost all viruses are victorious methods self-encryption or else polymorphicity So they can encrypt and change things for themselves. By changing their external appearance (program code), viruses completely save the work of doing anything else. Previously, anti-virus programs were able to detect viruses only “in their guise”, behind their unique program code. Therefore, the appearance of polymorphic viruses somewhat inevitably marked the revolution in computer virology. Nina has already discovered universal methods of combating such viruses.

METHODS OF COMBATING COMPUTER VIRUSES

It is necessary to remember the basics of fighting computer viruses - do not panic. There are thousands of high-class anti-virus hackers in the computer security market, whose professionalism many times outweighs the total potential of all computer hooligans - hackers. In Russia, two computer companies are engaged in anti-virus surveillance - Kaspersky Lab (www.avp.ru) and SalD (www.drweb.ru).

In order to successfully resist virus attempts to penetrate your computer, it is necessary to follow two simple minds: follow the basic rules of “computer hygiene” and use anti-virus programs.

Since the antivirus industry is strong, no cure for computer viruses has been found. The versatility and diversity of today's systems is truly shocking. Let’s try to figure out the advantages and disadvantages of these and other methods of protection and how effective they are against different types of viruses.

Today, you can see five main approaches to ensuring anti-virus security.

1. Anti-virus scanners.

The pioneer of the anti-virus revolution is a scanner program that came to light almost overnight with the computer viruses themselves. The principle of the scanner is to look at all files, protected sectors and memory to identify virus signatures in them, so that a unique program code for the virus.

The main part of the scanner is unavailable for various modifications of the virus. For example, there are dozens of variants of the Melissa virus, and even for each of them, antivirus companies have had to release an updated antivirus base.

This raises another problem: at any time between the appearance of a new modification of the virus and the release of a reliable antivirus, computer users are left virtually unprotected. However, later experts came up with and introduced to scanners an original algorithm for identifying unknown viruses - a heuristic analyzer, which checks program code for the possibility of the presence of a new computer virus. However, this method has a high production rate, is not reliable enough and, moreover, does not allow for the detection of the virus.

And, you will find, the third step of the anti-virus scanner is that it only scans files if you “ask” it to run the program. Sometimes, hackers often forget to check suspicious files, for example, files from the Internet, and as a result, they infect the computer with their own hands. The scanner can detect the fact of infection even after the system has already developed a virus.

2. Anti-virus monitors.

Essentially, anti-virus monitors are different types of scanners. However, in addition to the rest, they are constantly in the computer’s memory and there is a background check of files, important sectors and memory on a real-time scale. To increase the anti-virus protection of the computer, it is enough to lock the monitor at the time of locking the operating system. All files that are launched will be automatically checked for viruses.

3. Change auditors.

The work of this type of anti-virus programs is based on the extraction of original “bits” (CRC sums) from files and system sectors. These “bits” are saved in the database. When started, the auditor checks the “samples” from their originals and notifies customers about the changes that have been made.

The auditors also have limited changes. First of all, the virus does not begin to cause harm the moment it appears in the system, but only disappears within an hour, even after the virus has spread across the computer. Otherwise, they cannot detect a virus in new files (e-mail, on floppy disks, in files that are being updated from a backup copy, or when unpacking files from an archive), fragments in databases of auditors information about it files daily. This is where viruses are detected, infecting only the files that are created and lost, thus invisible to auditors. Thirdly, auditors need to be launched regularly - the more often they work, the more reliable they will be in monitoring virus activity.

4. Immunizers.

Antivirus immunizer programs are divided into two types: immunizers that notify about infection, and immunizers that block infection by any type of virus.

Be sure to record each file first (following the principle of a file virus) and when starting a file, check it immediately for changes. There is only one shortcoming of such immunizers, but one important thing: they are absolutely unable to detect invisible viruses that cleverly gain their presence in an infected file.

Another type of immunizer protects the system when infected with a virus. For this purpose, the files are modified so that the virus recognizes them as already infected. For example, to prevent a COM file from being infected by the “Jerusalem” virus, it is enough to add a new row of MsDos. And to protect against a resident virus, a program that has a copy of the virus is entered into the computer’s password. When launched, the virus encounters it and assumes that the system is already infected and cannot be dealt with.

Of course, it is not possible to immunize files against all known viruses: they are subject to their own risk of infection. The immunizers themselves have not undergone a great expansion and at this time it is practically not necessary to resort to violence.

5. Behavioral blockers.

All types of antiviruses have a major problem - protection from unknown viruses. Thus, computer systems appear dry in front of them, and antivirus vendors do not disintegrate anti-drugs. Sometimes there are a lot of years on the way. In one hour you can consume all the important information.

Definitely responds to the question “how should we work with unknown viruses?” We will have more than a thousand years to come. Prote, today you can make similar forecasts. In our opinion, the most promising direct anti-virus protection is the creation of so-called behavioral blockers. They themselves are practically built with a hundred-hundred-hundred-hundred-hundred-hundred-hundred- de dekth guarantee of resistance to attacks by new viruses.

What is a behavior blocker? This is a program that constantly resides in the computer’s RAM and “moves through” various parts of the system. If “suspicious” actions are detected (which can be caused by a virus or other harmful program), the blocker blocks this action or asks for permission from the customer. In other words, the blocker does not detect the code of the virus, but instead prevents its actions.

Theoretically, the blocker can defeat all types of viruses, both known and unknown (written after the blocker). But the problem lies in the fact that “virus-like” actions can affect the operating system itself, as well as underlying programs. A behavior blocker (here we refer to the “classic” blocker, which is used to fight against file viruses) cannot independently determine whether the suspected action is a virus, an operating system or a program, etc. If you are worried, ask for confirmation from the correspondent. In this way, the lawyer who makes the final decision is required to have sufficient knowledge and evidence in order to give the correct testimony. There are too many such people. Moreover, blockers have not yet become popular, although the idea itself has been around for a long time. The advantages of these anti-virus programs often became their drawbacks: the stinks seemed too intrusive, burdensome with their regular drinks, and the hackers simply saw them off. Unfortunately, this situation can only be corrected by the use of human intelligence, which would independently understand the reasons for this and other suspected cases.

Today's behavioral blockers can be successfully used to fight macroviruses. In programs written in VBA macros, it is possible, with great ease, to separate out bad actions from the wrong ones. At the end of 1999, Kaspersky Lab developed a unique system for protecting against macroviruses in the MS Office package (versions 97 and 2000), based on new approaches to the principles of a behavioral blocker - AVP Office Guard. Based on the analysis of the behavior of macroviruses, the sequence of their actions was identified, which most often converge. This made it possible to introduce into the blocker program a new highly intelligent system for filtering macros, which practically and without harm reveals those of them that represent a real problem. Zyomuyaki Tsomo Avp Office Guard blocker, with one side, to put the Koristuvachevi nbagato Menezhe Pylki "Nastilki" Na'yazliviy, Yak Yogo File Twithes, and he is practical to 100% borely macrovyrus. not written.

AVP Office Guard overcomes and blocks many platform macro viruses, such as viruses that are produced in several add-ons. In addition, the AVP Office Guard program controls the operation of macros from external programs, including email programs. Tim himself is getting tired of the expansion of macroviruses through email. And in this same way, the “LoveLetter” virus infected tens of thousands of computers around the world.

The effectiveness of the blocker would be zero, as macroviruses could completely disable it. (This is one of the few anti-virus protection included in MS Office add-ons.) AVP Office Guard contains a new mechanism for counteracting macrovirus attacks on the user by being disabled and removed from the system. Zrobiti tse mozhe lishe koristuvach himself. Thus, using AVP Office Guard will save you the constant headache of keeping the drive connected and updating the anti-virus database to protect against new macroviruses. Apparently installed, this program will reliably protect your computer from macro viruses right up to the release of a new version of VBA software with new functions that can be used to write viruses.

If you want a behavior blocker, the main problem is to identify and protect against a wide range of macroviruses, without the purpose of removing them. Therefore, you need to use an anti-virus scanner at the same time in order to successfully protect against virus detection. The blocker allows you to safely check the period between the detection of a new virus and the release of an updated anti-virus database for the scanner, without interrupting the operation of computer systems through the fear of losing valuable data again or seriously damaging the computer’s hardware.

COMPUTER HYGIENI RULES

"Every time, do not open files that are being used by e-mail from people unknown to you. If the addressee is known to you, be careful: your friends and partners may not suspect that you are logged into their computer Rus, who constantly sends its copies to addresses from their address book.

Be sure to check all floppy disks, CDs and other mobile media, as well as files that are retrieved from the Internet and other public resources (B BS, electronic conferences etc.).

Carry out a complete anti-virus scan of your computer after removing it from repair services. Repairmen use the same floppy disks to check all computers - they can easily be “infected” from other machines!

"You can quickly install patches in the operating systems and programs that you are victorious about.

Be careful when allowing other hackers access to your computer.

"To enhance the security of your data, periodically back up your information on a separate media.