Purpose of antivirus programs called vaccine. Classification of antivirus programs. Detector programs, doctor programs, auditor programs, filter programs. Prevention of virus infection. Virus detection and protection programs

Apparently, many users of modern computer systems Have you heard or know that there are so-called detector programs? What they are is not difficult to understand if you simply refer to the translation or interpretation of the English word detect, which literally means “to detect.” In this regard, questions arise about what such programs should identify. In most cases, for some reason, such applications are classified as protecting computer systems from viruses, although in fact, the category of detector programs could quite logically include, for example, utilities for searching for errors in operating systems or computers. hard drives. As is already clear, the scope of application of such utilities is quite wide, but since in this moment this is exactly what we're talking about computer security, we will consider just such programs.

Classification of antiviruses: detector programs

Yes, indeed, in the field of protecting computer systems, counteracting various kinds of viruses, of which there are more and more every day since their appearance, occupies one of the first places. And these threats must somehow be identified (at the stage of penetration into the system, in an already infected system, etc.) and neutralized, if this is, of course, possible.

It was precisely for the detection of virus applets that special tools were developed at one time, which today are commonly called detector programs. But on what principles do such applications work and how exactly do they detect virus threats?

Purpose of anti-virus detector programs and basic properties

In general, based on the original purpose and the very first developments of such utilities, it is not difficult to guess that they should be used exclusively to search for threats, but not to prevent their penetration into computer systems or to neutralize them. First software products This type really only knew how to identify various kinds of executable codes that could be located in the body of the virus, but a little later the programs, if you like, “got wiser” and became able to identify files infected with viruses, which predetermined the emergence of their classification.

So, today, if we consider such applets, so to speak, in their pure form, it is customary to distinguish between universal and specialized detectors. The former determine infection by the criterion of file immutability, which is achieved by comparing checksums before and after infection. The latter find viruses using signatures known to them, that is, they can identify only those threats that are contained in the corresponding databases. Over time, such programs began to actively use the method of heuristic and behavioral analysis, and then the applications themselves became so universal that it became simply impossible to classify them into any one category of antivirus software.

Compatible functions

The fact is that modern ones are no longer used only as a tool for identifying threats like the most common scanners. As doctors say, disease is easier to prevent than to treat. This applies equally to antivirus programs. Thus, modern detectors also play the role, so to speak, of a protective barrier at the entrance, and most (if not absolutely all) also combine the functions of doctor programs, which are used both to treat infected objects and to neutralize the cause infection, if possible.

If we give examples of detector programs, most of them are presented in the form of portable utilities, which allows you to run them one-time and with removable media information, while avoiding the infection that the program might be exposed to if it were installed as standard means in a computer system. Kaspersky portable antivirus scanners are considered the most famous and most powerful. Virus Removal Tool and Dr. Web CureIt!.

However, they are often supplemented with checks using specialized utilities like AdwCleaner, which are mostly focused on ad viruses and browser hijackers from the Hijackers group.

How to properly use virus detection utilities?

Actually, the issues of using such programs are clear to any user. True, depending on the settings present in the utilities, different parameters are applied.

However, it is believed that if you suspect the presence of viruses in your system, you must scan absolutely all objects that can be listed in the program itself, including system and hidden areas. In addition, if there is such a parameter, it is necessary to specify an in-depth scan, and not a S.M.A.R.T type check. Although it belongs to the so-called “smart” virus detection, it nevertheless checks mainly only boot sectors hard drive and components responsible for operation operating system directly.

Mobile antivirus tools

As for installing detector programs on Android, there is nothing particularly complicated here (we are not considering Apple systems, since until recently there were no viruses for them). If you look carefully even at those applets that are offered for installation from Google storage Play (aka Paly Market), it is easy to notice that most antivirus applets are simply presented mobile versions stationary scanners. In most cases, the set of tools or functionality is comparable to desktop programs, although scanning can be done in a slightly different way. This is understandable, because Windows and Android are different system files and sections. But in general there shouldn't be any difficulties.

Afterword

That's all that concerns programs for detecting virus threats in a nutshell. different systems. To summarize, the main conclusion should be that modern programs of this type no longer relate only to detection tools, but have much greater capabilities.

– doctor programs or phages;

– audit programs;

– filter programs;

– vaccine or immunizer programs.

Detector programs search for a signature characteristic of a specific virus in random access memory both in the files and when detected, they issue a corresponding message. The disadvantage of such antivirus programs is that they can only find viruses that

known to the developers of such programs.

Doctor programs or phages, as well as vaccine programs, not only find files infected with viruses, but also “treat” them, i.e. remove the body of the virus program from the file, returning the files to the initial state. At the beginning of their work, phages search for viruses in RAM, destroying them, and only then proceed to “cleaning” files. Among the phages, polyphages are distinguished, i.e. Doctor programs designed to search and destroy a large number of viruses. The most famous of them: AVP, Norton AntiVirus, Doctor Web.

Considering that new viruses are constantly appearing, detector programs and doctor programs quickly become outdated, and regular version updates are required.

Audit programs are among the most reliable means of protection against viruses. Auditors remember the initial state of programs, directories and system areas disk when the computer is not infected with a virus, and then periodically or at the user’s request, compare the current state with the original one. Detected changes are displayed on the monitor screen. As a rule, comparison of states is carried out immediately after loading the operating system. When comparing, the file length and cyclic control code ( check sum file), date and time of modification, other parameters. Auditor programs have fairly developed algorithms, detect stealth viruses and can even clean up changes in the version of the program being checked from changes made by the virus. Among the audit programs is the Adinf program, widely used in Russia.

Filter programs or “watchmen” are small resident programs designed to detect suspicious actions during computer operation, characteristic of viruses. Such actions may be:

1. attempts to correct files with COM, EXE extensions;

2. changing file attributes;

4. writing to the boot sectors of the disk;

Vaccines or immunizers are resident programs that prevent file infections. Vaccines are used if there are no doctor programs that “treat” this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect its operation, and the virus will perceive it as infected and therefore will not take root. Currently, vaccine programs have limited use.

Timely detection of virus-infected files and disks and complete destruction of detected viruses on each computer help avoid the spread of a virus epidemic to other computers.

The main weapon in the fight against viruses is antivirus programs. They allow you not only to detect viruses, including viruses that use various disguise methods, but also to remove them from your computer. The latter operation can be quite complex and take some time.

There are several basic virus detection methods that are used by antivirus programs. The most traditional method of searching for viruses is scanning.

It consists of searching for signatures isolated from previously detected viruses. Antivirus scanner programs that can remove detected viruses are usually called polyphages.

The disadvantage of simple scanners is their inability to detect polymorphic viruses that completely change their code. To do this, it is necessary to use more complex search algorithms, including heuristic analysis of the programs being checked.

In addition, scanners can only detect already known and previously studied viruses for which a signature has been defined. Therefore, scanner programs will not protect your computer from the penetration of new viruses, which, by the way, appear several times a day. As a result, scanners become outdated the moment a new version is released.

AntiViral Toolkit Pro

AVP has a convenient user interface, a large number of user-selectable settings, as well as one of the world's largest anti-virus databases, which guarantees reliable protection from a huge number of different viruses.

– During operation, AVP scans the following areas:

– RAM.

– Files, including archived and packaged ones.

– System sectors containing the Master Boot Record, the boot sector and the Partition Table.

– AntiViral Toolkit Pro has a number of features that characterize its operation:

– detection and removal of a huge number of a wide variety of viruses, including polymorphic or self-encrypting viruses; stealth viruses or invisible viruses; macro viruses infecting Word documents And Excel tables;

– scanning inside packed files (Unpacking Engine module);

– scanning inside archive files(Extracting Engine module);

– scanning objects on floppy, local, network and CD-ROM drives;

– heuristic module Code Analyzer, necessary for detecting unknown viruses;

– search in redundant scanning mode;

– checking objects for changes in them;

– “AVP Monitor” is a resident module that is permanently located in the computer’s RAM and monitors all file operations in the system. Allows you to detect and remove a virus before the system as a whole is actually infected;

– convenient user interface;

– creating, saving and loading large quantities various settings;

– a mechanism for checking the integrity of the anti-virus system;

– powerful system help;

– AVP Control Center is a shell program that allows you to organize effective anti-virus protection on your PC.

- Let's describe some of them.

AVP Monitor is a resident anti-virus program that resides permanently in RAM and monitors file and sector access operations. Before allowing access to an object, AVP Monitor checks it for a virus. Thus, it allows you to detect and remove a virus before the system is actually infected.

The main window of AVP Monitor contains 5 tabs: “General”, “Objects”, “Actions”, “Settings”, “Statistics”. By moving through the tabs and selecting the desired options, you can change the program settings.

Vaccines or immunizers are resident programs that prevent files from becoming infected. Vaccines are used when there are no doctor programs to “treat” this virus. Vaccination can only be used against known viruses. The essence this method is that the vaccine modifies the program or disk in such a way that this does not manifest itself in their operation, and the virus will consider them infected and, therefore, will not take root. Currently, vaccine programs are limited in use.

There are two types of immunizers: immunizers that notify about infection, and immunizers that prevent infection with any virus. The former are most often written at the end of files and check for changes every time the file is launched. The second type of immunization protects the system from damage by a specific type of virus.

Filter programs

Filter programs, also called resident watchmen and monitors, are always located in RAM and intercept specified interrupts in order to check them for suspicious actions. They are also able to block “dangerous” actions or issue a request to the user.

Actions to be monitored may be: modification of the master boot record (MBR) and boot records logical disks and GMD, writing to an absolute address, low-level disk formatting, leaving a resident module in RAM, etc. Just like auditors, filters are often “intrusive” and create certain inconveniences in the user’s work.

All types of antivirus programs are aimed, first of all, at protecting your computer from viruses.

Each person, when installing an antivirus program, strives to achieve certain results. For some main task is to prevent information leakage. Others focus on the integrity of information. For still others, trouble-free operation comes first. information systems. There have been cases when viruses blocked the work of organizations and enterprises. Moreover, several years ago a case was recorded when computer virus caused the death of a person - in one of the hospitals in the Netherlands, a lethal dose of morphine was administered to a patient because the computer was infected with a virus and was providing incorrect information.

Today, more than ever, antivirus software is not only the most popular in the security system of any operating system, but also one of its main components. And if previously the user had a very limited, modest choice, now you can find a lot of such programs. But if you look at the list of “Top 10 antiviruses”, you will notice that not all of them are equivalent in terms of functionality. Let's look at the most popular packages. At the same time, the analysis will include both paid and shareware (antivirus for 30 days), and freely distributed applications. But first things first.

Top 10 antiviruses for Windows: testing criteria

Before you start compiling a rating, you should probably familiarize yourself with the basic criteria that are used in most cases when testing such software.

Naturally, it is simply impossible to consider all known packages. However, among all those designed to ensure the protection of a computer system in the broadest sense, the most popular can be identified. At the same time, we will take into account both the official ratings of independent laboratories and reviews of users who use this or that software product in practice. Besides, mobile programs will not be affected, we will focus on stationary systems.

As for conducting basic tests, as a rule, they include several main aspects:

availability of paid and free versions and limitations related to functionality;
standard scanning speed;
quick identification of potential threats and the ability to remove or quarantine them using built-in algorithms;
frequency of updating anti-virus databases;
self-defense and reliability;
availability of additional features.

As can be seen from the above list, checking the operation of antivirus software allows you to determine the strengths and weak sides one or another product. Next we will consider the most popular software packages, included in the Top 10 antiviruses, and also their main characteristics are given, of course, taking into account the opinions of people who use them in their daily work.

Kaspersky Lab software products

First, let's look at the software modules developed by Kaspersky Lab, which are extremely popular in the post-Soviet space.

It’s impossible to single out just one program here, because among them you can find the standard Kaspersky Antivirus scanner, and modules like Internet Security, and portable utilities like Virus Removal Tool, and even boot disks for damaged Rescue Disc systems.

It is immediately worth noting two main disadvantages: firstly, judging by the reviews, almost all programs, with rare exceptions, are paid or shareware, and secondly, system requirements unreasonably high, which makes it impossible to use them in relatively weak configurations. Naturally, this scares off many ordinary users, although activation keys for Kaspersky Antivirus or Internet Security can easily be found on the World Wide Web.

On the other hand, the activation situation can be corrected in another way. For example, Kaspersky keys can be generated using special applications like Key Manager. True, this approach is, to put it mildly, illegal, however, as a way out, it is used by many users.

The speed of operation on modern machines is average (for some reason, more and more heavyweight versions are being created for new configurations), but constantly updated databases, unique technologies for identifying and removing known viruses and potentially dangerous programs here at the top. It is not surprising that Kapersky Laboratory is today a leader among security software developers.

And two more words about the recovery disk. It is unique in its own way because it boots the scanner from graphical interface even before the start of Windows itself, allowing you to remove threats even from RAM.

The same applies to the portable utility Virus Removal Tool, which can track any threat on an infected terminal. It can only be compared with a similar utility from Dr. Web.

Protection from Dr. Web

Before us is another of the strongest representatives in the field of security - the famous “Doctor Web”, who stood at the origins of the creation of all anti-virus software since time immemorial.

Among the huge number of programs you can also find standard scanners, security tools for Internet surfing, portable utilities, and recovery disks. You can't list everything.

The main factor in favor of this developer’s software can be called high speed work, instant threat identification with the ability to either complete removal, or isolation, as well as a moderate load on the system as a whole. In general, from the point of view of most users, this is a kind of lightweight version of Kaspersky. There is still something interesting here. In particular, this is Dr. Web Katana. It is believed that this is a new generation software product. It is focused on the use of “sand” technologies, i.e. placing a threat in the “cloud” or “sandbox” (whatever you want to call it) for analysis before it penetrates the system. However, if you look at it, there are no special innovations here, because this technique was used back in free antivirus Panda. In addition, according to many users, Dr. Web Katana is a kind of Security Space with the same technologies. However, generally speaking, any software from this developer is quite stable and powerful. It is not surprising that many users prefer such packages.

ESET programs

Speaking about the Top 10 antiviruses, it is impossible not to mention another bright representative of this field - the ESET company, which became famous for such a well-known product as NOD32. A little later, the ESET Smart Security module was born.

If we consider these programs, we can note interesting point. To activate the full functionality of any package, you can do two things. On the one hand, this is the acquisition of an official license. On the other hand, you can install trial antivirus free, but activate it every 30 days. The situation with activation is also interesting.

As absolutely all users note, for ESET Smart Security (or for a standard antivirus) on the official website you could find freely distributed keys in the form of a login and password. Until recently, only this data could be used. Now the process has become somewhat more complicated: first you need to login and password on a special website, convert it into a license number, and only then enter it into the registration field in the program itself. However, if you do not pay attention to such trifles, you can note that this antivirus is one of the best. Pros noted by users:

virus signature databases are updated several times a day,
identification of threats at the highest level,
there are no conflicts with system components (firewall),
the package has the strongest self-defense,
there are no false alarms, etc.

Separately, it is worth noting that the load on the system is minimal, and the use of the Anti-Theft module even allows you to protect data from theft or misuse for personal gain.

AVG Antivirus

AVG Antivirus is paid software designed to provide comprehensive security for computer systems (there is also a free, truncated version). And although today this package is no longer among the top five, it nevertheless demonstrates fairly high speed and stability.

Basically, it is ideal for home use, because, in addition to speed, it has a convenient Russified interface and more or less stable behavior. True, as some users note, sometimes it is able to miss threats. And this does not apply to viruses as such, but rather to spyware or advertising "junk" called Malware and Adware. Own module The program, although widely advertised, still, according to users, looks somewhat unfinished. And an additional firewall can often cause conflicts with the “native” Windows firewall if both modules are active.

Avira package

Avira is another member of the antivirus family. It is not fundamentally different from most similar packages. However, if you read user reviews about it, you can find quite interesting posts.

Many people do not recommend using the free version under any circumstances, since some modules are simply missing in it. To ensure reliable protection, you will have to purchase a paid product. But such an antivirus is suitable for versions 8 and 10, in which the system itself uses a lot of resources, and the package uses them at the lowest level. In principle, Avira is best suited for, say, budget laptops and weak computers. A network installation, however, is out of the question.

Cloud service Panda Cloud

Free at one time became almost a revolution in the field of antivirus technologies. The use of a so-called “sandbox” to submit suspicious content for analysis before it penetrates the system has made this application especially popular among users of all levels.

And it is precisely with the “sandbox” that this antivirus is associated today. Yes, indeed, this technology, unlike other programs, allows you to prevent threats from entering the system. For example, any virus first saves its body on the hard drive or in RAM, and only then begins its activity. Here the matter does not come to conservation. First, the suspicious file is sent to cloud service, where it is checked, and only then can it be saved in the system. True, according to eyewitnesses, unfortunately, this can take quite a lot of time and unnecessarily loads the system. On the other hand, it’s worth asking yourself what is more important: security or increased verification time? However, for modern computer configurations with Internet connection speeds of 100 Mbit/s and higher, it can be used without problems. By the way, its own protection is provided precisely through the “cloud”, which sometimes causes criticism.

Avast Pro Antivirus Scanner

Now a few words about another prominent representative. He is quite popular among many users, however, despite the presence of the same “sandbox”, anti-spyware, network scanner, firewall and virtual account, unfortunately, Avast Pro Antivirus in terms of key indicators of performance, functionality and reliability is clearly inferior to such giants as Kaspersky Lab software products or applications using Bitdefender technologies, although it demonstrates high scanning speed and low resource consumption.

What attracts users to these products is mainly that free version The package is as functional as possible and does not differ much from paid software. In addition, this antivirus works on everyone Windows versions, including the “ten”, and behaves perfectly even on outdated machines.

360 Security Packages

Before us is probably one of the fastest antiviruses of our time - 360 Security, developed by Chinese specialists. In general, all products labeled “360” are distinguished by enviable speed of operation (the same Internet browser 360 Safety Browser).

Despite its main purpose, the program has additional modules to eliminate operating system vulnerabilities and optimize it. But neither the speed of operation nor the free distribution can be compared with false alarms. In the list of programs that have the highest indicators for this criterion, this software occupies one of the first places. According to many experts, conflicts arise at the system level due to additional optimizers, the action of which intersects with the execution of tasks of the OS itself.

Software products based on Bitdefender technologies

Another “old man” among the most famous defenders of operating systems is Bitdefender. Unfortunately, in 2015 it lost the palm to Kaspersky Lab products, nevertheless, in antivirus fashion, so to speak, it is one of the trendsetters.

If you look a little more closely, you will notice that many modern programs (the same 360 Security package) in different variations are made precisely on the basis of these technologies. Despite the rich functional base, it also has its shortcomings. Firstly, you will not find the Russian antivirus (Russified) Bitdefender, since it does not exist in nature at all. Secondly, despite the use of the latest technological developments in terms of system protection, unfortunately, it shows too high a number of false positives (by the way, according to experts, this is typical for the entire group of programs created on the basis of Bitdefender). The presence of additional optimizer components and their own firewalls generally does not affect the behavior of such antiviruses for the better. But you can’t deny the speed of this application. In addition, P2P is used for verification, but there is no real-time email verification, which many people do not like.

Antivirus from Microsoft

Another application that is notable for its enviable performance with or without reason is Microsoft's own product called Security Essentials.

This package is included in the Top 10 antiviruses, apparently, only because it is designed exclusively for Windows systems, which means it does not cause absolutely any conflicts at the system level. Besides, who else, if not specialists from Microsoft, knows all the security holes and vulnerabilities of their own operating systems. By the way, it is interesting that the initial Windows builds 7 and Windows 8 had MSE as standard, but then for some reason they abandoned this kit. However, for Windows it can become the simplest solution in terms of security, although you can’t count on any special functionality.

McAfee app

As for this application, it looks quite interesting. However, it gained the greatest popularity in the field of application on mobile devices with all kinds of blocking, however, on desktop computers this antivirus behaves no worse.

The program has low-level support for P2P networks when sharing Instant Messenger files, and also offers 2-level protection in which the main role dedicated to the WormStopper and ScriptStopper modules. But in general, according to consumers, the functional set is at an average level, and the program itself is focused more on identifying spyware, computer worms and Trojans and preventing executable scripts or malicious code from entering the system.

Combined antiviruses and optimizers

Naturally, only those included in the Top 10 antiviruses were considered here. If we talk about other software of this kind, we can note some packages containing anti-virus modules in their sets.

What to prefer?

Naturally, all antiviruses have certain similarities and differences. What to install? Here you need to proceed from the needs and the level of protection provided. Usually, to corporative clients It’s worth purchasing something more powerful with the possibility of network installation (Kaspersky, Dr. Web, ESET). As for home use, here the user chooses what he needs (if desired, you can even find an antivirus for a year - without registration or purchase). But, if you look at user reviews, it is better to install Panda Cloud, even despite some additional load on the system and the time it takes to check in the sandbox. But this is where there is a complete guarantee that the threat will not penetrate the system in any way. However, everyone is free to choose for themselves what exactly they need. If activation is not difficult, please: ESET products work fine on home systems. But using optimizers with anti-virus modules as the main means of protection is extremely undesirable. Well, it’s also impossible to say which program takes first place: there are so many users, so many opinions.

Today, the list of available antivirus programs is very extensive. They vary both in price (from very expensive to absolutely free) and in their functionality. The most powerful (and, as a rule, more expensive) antivirus programs are packages of specialized utilities that, when used together, can block almost any type of malware.

A typical list of functions that antivirus programs can perform:

Scan memory and disk contents according to a schedule;

Scanning your computer's memory, as well as recorded and readable files in real time using a resident module;

Selective scanning of files with changed attributes;

Recognition of behavior characteristic of computer viruses;

Blocking and/or removal of detected viruses;

Restoration of infected information objects;

Forced check of connected to corporate network computers;

Remote updating of anti-virus software and databases with information about viruses, including automatic update Internet virus databases;

Filtering Internet traffic to detect viruses in transmitted programs and documents;

Identification of potentially dangerous Java applets and ActiveX modules;

Maintaining protocols containing information about events related to antivirus protection.

The most powerful and popular anti-virus packages in Russia today include:

- Doctor Web (often referred to more briefly in documentation as Dr Web) is a program of a Russian company;

- Kaspersky Anti-Virus (more briefly called AVP in the documentation) developed by another Russian company

Norton AntiVirus of Simantes Corporation;

McAfee VirusScan from Network Associates;

Panda AntiVirus.

Nod32 AntiVirus.

The popularity of the packages listed above is primarily due to the fact that they implement an integrated approach to combating malware. That is, by installing such a package you get rid of the need to use any additional anti-virus tools.

The latest versions of anti-virus packages also contain tools to combat malware that penetrates from the network (primarily from the Internet). So what exactly are the technologies for identifying and neutralizing computer viruses?

Experts in the field of antivirus protection identify five types of antiviruses that implement the corresponding technologies: scanners, monitors, change auditors, immunizers and behavioral blockers.

Scanner

The principle of operation of an anti-virus scanner is that it scans files, RAM and boot sectors of disks for the presence of virus masks, that is, a unique program code of the virus. Virus masks (descriptions) of known viruses are contained in the scanner's anti-virus database, and if it encounters program code that matches one of these descriptions, it displays a message indicating that the corresponding virus has been detected.

Detector programs

Detector programs provide search and detection of viruses in RAM, on external media, and when detected, a corresponding message is displayed. There are universal and specialized detectors. Universal detectors in their work use checking the immutability of files by counting and comparing with a checksum standard. The disadvantage of universal detectors is associated with the inability to determine the causes of file corruption.

Specialized detectors search for known viruses by their signature (a repeated section of code). The disadvantage of such detectors is that they are unable to detect all known viruses. A detector that can detect multiple viruses is called a polydetector. The disadvantage of such antivirus programs is that they can only find viruses that are known to the developers of such programs.

Doctor programs (phages)

Doctor programs not only find files infected with viruses, but also “treat” them, i.e. remove the body of the virus program from the file, returning the files to their original state. At the beginning of their work, phages search for viruses in RAM, destroying them, and only then proceed to “cleaning” files. Among the phages there are polyphages, i.e. Doctor programs designed to search and destroy a large number of viruses.

Because New viruses are constantly appearing, detector programs and doctor programs quickly become outdated, and regular updates of their versions are required.

Auditor programs

Audit programs are among the most reliable means of protection against viruses. Auditors remember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then, at the user’s request, or periodically compare the current state with the original one. Detected changes are displayed on the video monitor screen. As a rule, comparison of states is carried out immediately after loading the operating system. When comparing, the file length, cyclic control code (file checksum), date and time of modification, and other parameters are checked.

Auditor programs have fairly developed algorithms, detect stealth viruses and can even distinguish changes in the version of the program being checked from changes made by a virus.

Filter programs (watchmen)

Filter programs are small resident programs designed to detect suspicious actions during computer operation that are characteristic of viruses.

Such actions may be:

Attempts to correct files with COM and EXE extensions;

Changes in file attributes;

Direct writing to disk at absolute address;

Write to boot sectors of the disk;

When any program tries to perform the specified actions, the “guard” sends a message to the user and offers to prohibit or allow the corresponding action. Filter programs are very useful because they are able to detect a virus at the earliest stage of its existence before replication. However, they do not “clean” files and disks. Killing viruses requires other programs, such as phages. The disadvantages of watchdog programs include their intrusiveness (for example, they constantly issue a warning about any attempt to copy an executable file), as well as possible conflicts with other software.

Vaccines (immunizers)

Vaccines are resident programs that prevent file infections. Vaccines are used if there are no doctor programs that “treat” this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect its operation, and the virus will perceive it as infected and therefore will not take root. Currently, vaccine programs have limited use. A significant disadvantage of such programs is their limited ability to prevent infection from a large number of different viruses.

1. Signs of a computer infection?

2. Indirect signs of computer infection?

3. What to do if signs of malware infection appear?

4. Sources of computer viruses?

5. Global networks And Email as a source of computer viruses?

6. Electronic conferences as a source of computer viruses?

7. Local networks as a source of computer viruses?

8. Pirated software as a source of computer viruses?

9. Public computers as a source of computer viruses?

10. Repair services as a source of computer viruses?

11. Basic rules for protecting against computer viruses?

12. Antivirus programs?