Antivirus protection methods and means. Abstract: Antivirus protection. Organization of anti-virus protection

Non-state educational institution

"WEST URAL INSTITUTE OF ECONOMICS AND LAW"

Faculty of Law

Subject: Computer Science

Topic: Antivirus protection

Completed by: student

1st year /6 years of study/

Kovaleva Anna Vladimirovna

Checked by: Tatarinova Svetlana

Rudolfovna, Art. teacher

Introduction........................................................ ................................................... 3

Chapter 1. Phenomenon computer viruses........................................... 4

Classification of computer viruses.................................................... 9

Types of antiviruses................................................... ............................... 12

What should you protect your PC from?................................................ ................ 13

How to deal with hacker attacks?................................................. ........... 15

How good are free web antivirus services?........... 15

Why is antivirus software distributed free of charge?................................. 15

What to do if a virus gets on your computer?................................................. 15

Which package should you prefer?................................................... ................. 16

Participated in testing................................................... ............... 17

Test results in detail......................................................... ................... 19

Summarizing test results................................................................... 21

Chapter 2. Internet Security Basics.................................... 22

Viruses........................................................ ................................................... 22

Conclusion................................................. ........................................... 29

Bibliography................................................................ ................. 31

Introduction

The widespread use of personal computers, unfortunately, turned out to be associated with the emergence of self-replicating virus programs that interfere with the normal operation of the computer, destroy the file structure of disks and damage the information stored on the computer. Once a computer virus penetrates one computer, it can spread to other computers.

To detect, remove and protect against computer viruses, many types of special programs have been developed that allow you to detect and destroy viruses. Such programs are called antivirus programs.

In the abstract I will talk about the types of viruses, their classification by habitat, method of infection, degree of impact, and algorithm features. And, of course, I will talk about anti-virus protection, the types of anti-virus programs, the advantages and disadvantages of free anti-virus programs, and I will give the results of their testing by specialists from the Computer Bild magazine. I will write about protecting your computer when working on the Internet.

Timely detection of virus-infected files and disks and complete destruction of detected viruses on each computer allows you to avoid the spread of a virus epidemic to other computers.

Chapter 1. The phenomenon of computer viruses

A VIRUS is a freely distributed program that, however, does nothing. That's why it's free.

ANTI-VIRUS is a program that displays a list of all available files in one line - and very quickly, so that you do not have time to read it.

From the Programmer's Dictionary

Roman Voronezhsky

A virus is perhaps the main enemy of a computer. Tiny malicious programs can instantly ruin the fruits of your many months of labor, destroy text files and spreadsheets, or even completely ruin file system on the hard drive...

Computer viruses behave in the same way as living viruses: they hide their code in the body of a “healthy” program and, every time it is launched, they are activated and begin to rapidly “multiply”, spreading uncontrollably throughout the computer.

This is one side of the virus's activity. Not the worst, by the way. If the virus simply multiplied without interfering with the work of programs, then it probably wouldn’t be worth messing with. Moreover, a significant number existing viruses belongs precisely to this relatively harmless category.

But, in addition to reproducing, the virus also has another “hobby” - to destroy, to cause mischief. The degree of “dirtyness” of the virus can be different - some limit themselves to displaying an intrusive picture on the screen that interferes with your work, others, without much hesitation, completely destroy the data on the hard drive; fortunately, such “cruel” viruses are rare.

In any case, the real harm from viruses today is much greater than, say, from, say, the world-famous “mistake of the year 2000.” The only pity is that, unlike this “soap bubble,” viruses do not feel the desire to immediately leave our sinful world with the advent of the new millennium. And there is no hope of completely dealing with them in any foreseeable time - because the talent of the authors of anti-virus programs is opposed by the perverted imagination of computer graphomaniacs.

After all, writing a virus is not a very difficult task. In any case, student brains and skills are enough for this. And if you come across a talented student, the “infection” he created will wander around the world for many years.

In fact, the age of the virus is short-lived. Antivirus programs, in contrast, poor fellows, are getting smarter by leaps and bounds. And the virus, which seemed elusive just yesterday, is today instantly removed and neutralized. That is why it is difficult to find viruses today whose age exceeds a year or two - the rest have long been preserved only in collections. Today, science knows about 30 thousand computer viruses - small malicious programs that follow only three commandments in their lives - Produce, Hide and Spoil.

And behind all this... simple human vanity, stupidity and an instinctive desire for destruction. We are touched when we see a child intently destroying a sand castle or an old magazine, and later such grown-up, but never grown-up children damage our computers.

And this story began no less than thirty years ago. It was then, in the late 60s, when one could read about “personal computers” only in science fiction novels, that several “large” computers located in large research centers in the USA were found to have very unusual programs. Unlike normal programs, which obediently walked “on line” and carried out all the orders of a person, these walked on their own, like Kipling’s cat. They were doing something in the depths of the computer that only they could understand, greatly slowing down the computer in the process. It’s good that they didn’t spoil anything and didn’t multiply.

However, this did not last long. Already in the 70s, the first real viruses were registered, capable of reproducing and even receiving their own names: the large Univac 1108 computer was “sick” with the Pervading Animal virus, and the Christmas tree virus made a nest on computers from the glorious IBM-360/37Q family.

By the 1980s, the number of active viruses was already in the hundreds. And the advent and spread of personal computers gave rise to a real epidemic - the number of viruses went into the thousands. True, the term “computer virus” appeared only in 1984: it was first used by F. Cohen, an employee of Lehigh University in the USA, in his report at a conference on information security.

The first “personal” viruses were simple and unpretentious creatures - they did not hide especially from users, they “brightened up” their destructive effect (deleting files, destroying the logical structure of the disk) with pictures displayed on the screen and tricky “jokes” (“Name the exact height of Mount Kilimanjaro in millimeters If you enter an incorrect answer, all data on your hard drive will be destroyed!!!). It was not difficult to identify such viruses: they “glued” to executable (*.com or *.exe) files, changing their original sizes - which was what the first antiviruses used to successfully identify impudent people.

Later, viruses became more cunning - they learned to disguise themselves, hiding their program code in such hidden corners that, as it seemed to them, no antivirus could reach. At first, they really didn’t get there. That is why such viruses were called “stealth”.

It seemed that the imagination of virus writers had finally run out. And when an “antidote” was finally found against stealth viruses, the computer people breathed a sigh of relief. And everything was just beginning...

Meanwhile, computers were deteriorating, information was being lost...

It is clear that the Internet, which debuted as a mass means of communication exactly in the early 90s, made a very significant contribution to the spread of viruses. Perhaps for the first time, public attention to the problem of Internet viruses was drawn after the appearance of the famous “Morris worm” - a harmless virus that, as a result of the carelessness of its creator, began to “crawl” throughout the world wide web.

In 1995, after the appearance operating system Windows 95 Microsoft announced with great fanfare: the end of old DOS viruses, Windows is 100 percent protected from them, and no new viruses are expected in the near future. If! Already in the same 1995, several powerful virus attacks were registered and the first virus running under Windows 95 was created.

The casket opened simply: into a text Microsoft editor Word and spreadsheet editor Microsoft Excel its own programming language was built in - Visual Basic for Applications (VBA), designed to create special additions to editors - macros. These macros were saved in the body of the documents Microsoft Office and could easily be replaced by viruses. After opening the infected file, the virus was activated and infected everything Microsoft documents Office on your disk.

Initially, macroviruses - that’s what they called new class viruses - behaved quite decently. In extreme cases, they spoiled text documents. However, soon macro viruses moved on to their usual duties - destroying information. Virus fighters were clearly not prepared for such a turn of events. And therefore, literally a few days after its appearance, the Concept virus, infecting Word documents, spread throughout the planet. Infected Word files with tasty content (for example, lists of passwords to Internet servers with collections of pornographic images) traveled from user to user through the same Internet. Gullible users grabbed the “bait” without hesitation - after all, even the smartest of them absorbed the thesis with their mother’s milk: viruses are not transmitted through texts! As a result, in the four years that have passed since the appearance of the first “macro virus,” this class of viruses has become the most numerous and dangerous.

In principle, protecting yourself from macro viruses is not so difficult. When opening any document containing built-in macros, smart Word or Excel will definitely ask the user: are you sure, good citizen, that instead of all sorts of useful things they are not slipping you all sorts of crap in the document? And is it worth downloading these macros? Click the “No” button - and the virus will be protected.

It’s simply surprising that despite such simplicity of protection, most users ignore the program’s warnings. And they get infected...

Of course, the matter was not limited to macroviruses alone. In 1995-1999, a good hundred “Windows 98-compatible” viruses frolicked merrily on the Internet. These cute little animals, of course, frolicked for a reason...

Bottom line. During the summer of 1998 - summer of 1999 alone, the world experienced several truly destructive virus attacks: as a result of the activities of the “sweet trinity” of viruses - Melissa, Win95.ClH and Chernobyl - about a million computers were disabled in all countries of the world. Viruses spoiled HDD, destroyed the BIOS motherboard...

There is no doubt that viral attacks will continue in the future - after all, there are still many fools in the world who crave heroic glory. And the only good thing is that now these “homemade” ones are caught no less carefully than hackers and other “sharks” and “piranhas” of the computer world.

Classification of computer viruses

Viruses can be divided into classes according to the following characteristics:

· according to the habitat of the virus;

· according to the method of contamination of the habitat;

· according to destructive capabilities;

· according to the characteristics of the virus algorithm.

Based on their habitat, viruses can be divided into network, file and boot viruses.

Network viruses spread across a computer network, file viruses are embedded in executable files, boot viruses are embedded in the boot sector of the disk (Boot sector) or in the sector containing the hard drive system loader (Master Boot Record).

Methods of infection are divided into resident and non-resident. When a resident virus infects a computer, it leaves its resident part in the RAM, which then intercepts the OS's access to infected objects and injects itself into them. Resident viruses reside in memory and are active until the computer is turned off or rebooted. Non-resident viruses do not infect computer memory and are active for a limited time.

Viruses can be divided according to their destructive capabilities:

· to harmless, i.e. do not affect the operation of the computer in any way;

· non-hazardous, the influence of which is limited to a decrease free memory on disk and graphic, sound and other effects;

· dangerous, which can lead to serious malfunctions;

· very dangerous, which can lead to the loss of programs, destroy data, and erase information necessary for the operation of the computer recorded in system memory areas.

Based on the characteristics of the algorithm, the following groups of viruses can be distinguished:

· “companion viruses” - viruses that do not have files;

· “worm viruses” - viruses that spread on a computer network, and like “companion viruses”, do not change files and sectors on disks.

· “student” viruses are extremely primitive viruses, often non-resident and containing a large number of errors.

· “stealth viruses” (invisible viruses), which are very advanced programs that intercept DOS calls to infected files or disk sectors and “substitute” uninfected sections of information in their place.

· “polymorphic viruses” - viruses that are quite difficult to detect and do not have signatures, i.e. not containing a single permanent piece of code.

· “macro viruses” - viruses of this family use the capabilities of macro languages built into data processing systems.

There are many ways the virus can spread. A malicious program can “build a nest” on a floppy disk that was given to you by a neighbor, acquaintance or work colleague, settle on a pirated CD, or arrive along with an email message containing an attached document or executable program.

It is unlikely that you will be able to completely “cut off” viruses from your computer unless you remove the disk drive from the system, stop working on the Internet and use only legal software. But in our conditions, all these pieces of advice - especially the last one - look like either a utopia or a mockery.

The main symptoms of a computer virus infection are:

· Slowdown of programs;

· Increasing file sizes;

· The appearance of previously non-existent “strange” files;

· Reducing the amount of available RAM;

· Suddenly appearing various video and sound effects.

There is only one way left: to equip the OS with reliable guards - anti-virus programs that can promptly recognize and neutralize an enemy who has sneaked into the lair.

They do not look at a given horse's teeth. Folk wisdom! However, when choosing anti virus program it should not be guided by. After all, by using an unreliable antivirus, you will jeopardize the security of your PC! If worms, Trojan horses, or other malicious applications make their way onto your hard drive, you may lose data or have your passwords stolen; Many other troubles are also likely.

Windows, unfortunately, does not have its own anti-virus protection tools, if you do not take into account the antivirus from McAfee, included in the Microsoft Plus 98 package. It is good that there are many independent programs in the world for catching software infections...

The most famous antiviruses are the VirusScan program from McAfee, the Norton Antivirus complex from Symantec, the Dr. Solomon... plus a dozen more titles.

Norton Antivirus is a more “corrosive” program; not a single process running on the computer can escape its control. After installing Norton Antivirus (for example, as part of the Norton System Works kit), you can completely forget about it - NAV itself will monitor everything you need. Its “guardians” will protect your mailbox by conscientiously scanning every incoming letter, will build a protective mechanism into Microsoft Office applications, will not forget to scan your computer after each boot... All these processes will proceed invisibly to the user, and the program will attract your attention only when a new virus is detected or, if necessary, to update anti-virus databases via the Internet.

However, for all its advantages, NAV is an overly cumbersome program for most home computers, the size of its installation kit leaves much to be desired, and the speed of operation is not encouraging. Almost all anti-virus programs are capable of not only checking a disk for viruses at the user’s request, but also scanning all files launched on the computer, unnoticed by the user. Finally, most antivirus programs have a mechanism automatic update anti-virus databases via the Internet.

Types of antiviruses

To combat computer viruses, several types of anti-virus programs have been developed: detectors, filters, auditors, doctors.

Detector programs detect specific viruses by signature and signal their presence on the computer.

Auditor programs detect the presence of viruses by periodically comparing the current state of programs, directories and system areas disks with the original state.

Filter programs are small resident programs that allow you to detect suspicious actions during computer operation that are characteristic of viruses.

Doctor programs detect and remove viruses from RAM and treat virus-infected files on disks.

Vaccines or immunizers are resident programs that prevent file infections.

What should you protect your PC from?

· Viruses can delete or change data. If you try to open an infected file, this will activate the virus, which will be able to spread further.

· Worms, as a rule, get onto the computer along with e-mail messages and often come not alone, taking with them other “pests”, such as backdoor viruses1, and try to disable anti-virus programs. Unlike viruses, worms can spread on their own, for example, by sending themselves to all addresses known to your email program.

· “Trojans” are real spies who disguise themselves as useful software or even hide inside other programs, remaining undetected, they find out your passwords and other confidential information, which is then forwarded to attackers via the Internet.

· Rootkits2 hide very cleverly, so antivirus programs do not always detect them. As a rule, they contain malicious modules.

· Backdoor programs and bots1 usually end up on your hard drive with the help of Trojans. Hackers use them to get remote access to computers and can use them for their own purposes, for example to send spam.

· Spyware most often resides in free software. They collect information about the user and send it over the Internet, for example to companies that send advertising.

· IN Lately A type of fraud called phishing has become widespread: attackers called “phishers” send letters from fake email addresses, using which they try to find out passwords and codes to gain access to users’ bank accounts.

Can good antivirus protect from all “troubles”?

No. None of the antiviruses provide guaranteed protection. However, if you regularly update your anti-virus database, this will significantly reduce the likelihood of “pests” infiltrating your computer. The following graph shows how quickly developers of tested programs react to the emergence of new viruses:

For optimal computer protection, you should install a firewall along with an antivirus, which enhances security when working on the Internet. Only in this way will you be able to prevent unwanted sending of data over the Network if your antivirus is unable to do so.

How to deal with hacker attacks?

Some antiviruses can counter rootkits, phishing, and spyware. However, for greater reliability, it is better to install additional software. Thus, the Rootkit Revealer and Blacklight utilities will help get rid of rootkits. You can protect yourself from phishing using a free filter from Microsoft. By installing it, you have the opportunity to never end up on a fake site.

How good are free web antivirus services?

Such services may only be used for emergency assistance during a virus attack. The fact is that they do not have an on-the-fly file scanning feature that protects the computer throughout the entire Internet session. In addition, some services simply check files for viruses, but do not delete malware.

Why is antivirus software distributed free of charge?

This is how manufacturers promote their product. Usually, along with the free version, developers also offer a commercial version of the program, which has more functions and often a more convenient interface. for example, the free version simply scans the hard drive for viruses, but checking files on the fly is only possible in full. Paid. Paid versions are available for BitDefender, Antivir Personal, Avast, AVG Antivirus and Microworld Antivirus.

What to do if a virus gets on your computer?

It depends on what the virus managed to do to the PC.

· The computer is infected, but starts. If you do not already have an antivirus program installed, install it immediately! Update your anti-virus databases via the Internet, and then scan your hard drive for viruses. To do this, you can use, for example, Kaspersky Anti-Virus or Dr.Web.

· The antivirus program has been disabled by a virus. The most “cunning” viruses are capable of disabling running antivirus programs. In this case, you can use the help of a web-based antivirus service, such as Softwin BitDefender Scan Online. This service recognizes and removes most known viruses, including those sent by email.

· The system does not start or is unstable. The best way out of this situation is to regularly create backups your his hard drive. This can be done using a special program, such as Acronic True Image. In this case, you can get rid of viruses by simply restoring the system from a previously created image.

Which package should you prefer?

Any, if there are no viruses on your computer and you do not use virus-hazardous sources of information. If you are a lover of programs, toys, you conduct active correspondence by e-mail and use Word or exchange Excel tables, then you should still use some kind of antivirus. Which one - decide for yourself.

The quality of antivirus programs is determined by the following items:

1. Reliability and ease of use - no freezing of antivirus or other technical problems, requiring special training from the user.

2. High-quality detection of viruses of all common types, scanning inside document files, packed and archived files. No “false positives”1.

3. The existence of antivirus versions for all popular platforms, the presence of not only the “on-demand scanning” mode2, but also “on-the-fly scanning”3.

4. Speed of operation and other useful features, functions, “poultices” and “goodies”.

Summary of test results

The main task facing free antiviruses was to prove that the words “free” and “useless” are not synonymous. For comparison with testing, the leader of the list of antivirus programs, Kaspersky Anti-Virus Personal 5.0, took part.

Spies are in trouble!

The good news is that all but two of the programs successfully identified the 2,676 most common viruses today. Only Clamwin Antivirus and Microworld Antivirus Toolkit did not show a 100% result here. In addition, both of these programs, as well as BitDefender Free Edition, do not automatically scan files on the fly - scanning the hard drive must be started manually each time.

The test participants encountered the greatest difficulties when searching for specialized malware. When catching rootkits, only Etrust EZ Antivirus looked convincing; other programs were significantly inferior to it in this parameter.

However, how good is EZ Antivirus at finding rootkits? It detects Trojans and backdoor viruses just as poorly. The developers of the Clamwin Antivirus program should also address this shortcoming. Both Avast Home Edition and free versions AVG Anti-Virus and BitDefender.

Results shown Kaspersky program Anti-Virus Personal 5.0, none free antivirus failed to achieve.

Bottom line. Best results among free programs to fight viruses was shown by the test winner – Antivir Personal Edition. If you want to protect your computer from spyware and email viruses, you will have to purchase paid version this program.

Chapter 2. Internet Security Basics

How paradoxical human nature is! After all, every single day we hear about more and more machinations of hackers, we melancholy record the emergence of new viruses, we lament the instability and vulnerability of existing ones information systems... And at the same time we do nothing to somehow protect our own computer! Moreover, we don’t even know what dangers we may encounter on the information highway.

And there are not so few of them. For all its outward friendliness, the Internet road is by no means paved with yellow brick; potholes are not uncommon on it, and there are also camouflaged holes with stakes at the bottom.

Another thing is that for many “predators” our brother the user is too small a game. And therefore, your computer, connected to the Internet in session mode, through a weak modem channel, is unlikely to be attacked by serious hackers.

One of those that you don’t feed with bread, but let them “overwhelm” a serious server of some Pentagon, and the contents of your hard drive will not fly into the abyss in a matter of seconds

All this - again, for us, users - is no worse than a paper tiger. However, there are not too few real tigers, and meeting them in most cases will not bring you any pleasant emotions.

So it doesn’t hurt to think about protection.

But first, we still need to find out what exactly we will be protecting ourselves from. So let’s count and name the existing striped evil spirits.

This enemy is quite real and formidable, and it is viral intrigues that cause a good half of the troubles for active “networkers”. Despite the fact that the methods of their distribution and favorite dirty tricks have long been memorized by heart - thanks to the same press. And yet, one or the other user bites on the fishing rod they abandoned, despite the brazenly protruding hook.

We remember that viruses are most often transmitted by email messages containing attached files. We also remember that an infection can enter a computer either through programs (that is, executable files with the *.exe or *.com extension) or through Microsoft Office documents that may contain malicious sections of code. We also remember that from the side of pictures or sound files It seems that no trouble can threaten us. And therefore, having unearthed unexpectedly in mailbox a letter with a picture attached to it (judging by the file name and extension), we immediately happily launch it... And we discover that a malicious virus “script” was hiding under the guise of the picture. It’s also good if we detect it immediately, and not after the virus has managed to completely destroy all your data.

The trick of the virus creators is simple - the file, which seemed like a picture to us, had a double extension! For example

AnnaCournikova.jpg.vbs

It is the second extension that is the true file type, while the first is simply part of its name. And since the vbs extension is familiar to Windows, it, without hesitation, hides it from the eyes of users, leaving only the name on the screen.

AnnaCournikova.jpg

From my experience with Explorer, I remember that this is exactly what Windows does with all registered file types: it discards the permission, and the file type should be indicated by its icon. Which, alas, we rarely pay attention to.

Is it a good trap?

By the way, the very real “Anna Kournikova” virus that attacked Russia in February 2001 was taken as an example. And a year before that, the already legendary IloveYou virus, disguised as a simple virus, “pricked” the whole world in exactly the same way. text file. The result is from 30 to 80 (!) percent of PCs affected and disabled.

However, it is not at all necessary that viruses will deem it necessary to disguise themselves. Sometimes exe files are “attached” to a letter completely openly. And it would seem that even a fool would understand that we are talking about a virus attack. However, these programs are also eagerly launched by users - to some of them, insidious virus writers promise to demonstrate pictures of indescribable beauty, to others they promise programs for “hacking” the Internet, to others they present themselves as an update to a popular program. There are many ways to fool the user’s brains. But it also happens that a friend or acquaintance sends you an infected file with a clear conscience... Finally, you can get viruses along with the programs themselves - especially if you download them from servers unknown to you.

The consequences of a virus can be different - from the complete destruction of the contents of the hard drive to damage to certain types of files. In any case, you will not get pleasure from communicating with them.

There is only one way to cope with this scourge, and you know it very well: a good anti-virus program. With fresh, updated at least once a week, anti-virus databases. And even in this case, especially suspicious letters should be deleted without trying to taste their mysterious “filling”.

"Trojan programs"

In fact, these programs are called “Trojans” only due to a misunderstanding - after all, in Homer’s “Odyssey,” it was not they, but their enemies the Danaans who did their dirty deed, penetrating the besieged city in the belly of a wooden horse. But Odysseus’s cunning fellow tribesmen got out of it this time too, placing dubious “laurels” on the heads of the long-suffering inhabitants of Troy.

A gentleman thief like Arsene Lupine would gladly recognize the authors of these programs as his heirs. Similar in principle to viruses, Trojans work much more elegantly and subtly. They will not behave like a bull in a china shop, but will quietly and quietly steal your login and password for accessing the Internet, and at the same time your email. Decide for yourself which is scarier.

Simple Trojans spread in the same ways as their virus counterparts - in the form of hidden attachments in emails. But this, really, is not aerobatics for such high-flying swindlers! It is much more elegant, like a kind of programmatic Khlestakov, to insinuate himself into respectable society under someone else’s guise. For example, in the form of a helpful and extremely useful program that allows you to speed up data transfer through your channel by a hundred or two times. Or in the form of a skilled optimizer of the entire system. Finally, in the form of the same antivirus. Which, by the way, in this case will help you neutralize the impudent people - if this antivirus is real and fresh enough.

Just remember that you can steal a password not only from your computer, but also from your provider’s server - and this is exactly what happens in most cases. Therefore, it makes sense to change your password regularly (at least once a month), rendering the efforts of Trojans and their creators useless.

But there are also “Trojans” that live on our computer quite legally. Manufacturers took them as allies software, “settling” them in their programs of the adware or freeware category. True, these “gentlemen of fortune” were taught a bit good manners- now they no longer steal passwords, but work as “decoy ducks”, regularly notifying program manufacturers about your actions: where you go, what you are looking for, what sites you prefer. And in return they delight you with a good portion of advertising...

Is it worth fighting these “spies”? Users with a heightened conscience believe that we have no moral right to do this - after all, we have to pay for everything. Including for the services of “free” programs. Therefore, with a sigh, they allow the “Trojans” to knock on them and conscientiously contemplate all the incoming advertising.

Users with a heightened instinct of self-preservation are not so flexible and at the first sign of the presence of a “Trojan” in the program, even a “cultured” one, they drive it off the computer along with the carrier program. Fortunately, it is not difficult to find an alternative to any program today. And as a last resort, they resort to the services of the Ad-Aware program, which allows you to clean all advertising and spyware from your computer without interfering with the functionality of the carrier programs. There are, of course, exceptions - for example, the popular download manager Go!Zilla refuses to work after removing the Trojan filling, but its colleagues GetRight and FlashGet are more flexible.

Just remember that Ad-aware can only fight “legal” “Trojans” - it is defenseless against ordinary viruses and password thieves. This means that you need to run this program not instead of, but together with a regular antivirus.

"Killer Scripts"

Until now, we have talked about programs that do dirty tricks from the inside, making a nest for themselves in the cozy and spacious belly of our PC. However, when working on the Internet, you may encounter more terrible enemies who will break through your computer’s defenses from the outside.

No, we are not talking about hackers, but for now only about the microprograms they created, which are launched along with the Web pages we open. As is the case with Word documents, the use of microprograms (scripts, Java applets, etc.) in itself is not a crime - most of them work quite peacefully, making the page more attractive to the eye or more convenient. Chat, Guest book, voting system, counter - our pages owe all these conveniences to microprograms - “scripts”. As for Java applets, their presence on the page is also justified - they allow, for example, to display a convenient and functional menu that expands under your mouse cursor...

Convenience is convenience, but don’t forget that all these applets and scripts are real, full-fledged programs. Moreover, many of them are launched and work not somewhere out there, in the “beautiful far away”, on an unknown server, but directly on your computer! And by embedding malicious content into them, the creators of the page will be able to gain access to the contents of your hard drive. The consequences are already known - from simple password theft to formatting the hard drive.

Another variety malicious scripts- numerous advertising windows that fill your monitor screen after opening a single page. Thus, the site creator earns his bread with a thick layer of caviar - at the expense of your time and nerves. It is difficult to cope with the rain of windows - in place of one closed one, two new ones immediately pop up - and the user has to work hard to finally stop this advertising disgrace. Relatively harmless, but terribly unpleasant...

Of course, you will have to deal with “killer scripts” a hundred times less often than with ordinary viruses. By the way, in this case there is little hope for conventional antiviruses, but a malicious program opened along with the page will have to overcome the protection of the browser itself, the creators of which are well aware of such things.

Let's go back to settings for a minute. Internet Explorer- namely in the menu “Tools/Internet Options/Security”. At one time we only briefly mentioned its presence, why not now renew our acquaintance?

As you can see, Internet Explorer offers us several levels of security. In addition to the standard level of protection (Internet zone), we can strengthen (Restrict zone) or weaken our vigilance (Trusted nodes zone). By clicking the “Other” button, we can manually adjust the browser’s protection by allowing or disabling the operation of various “active elements” of the pages.

Although the security system of the same Internet Explorer is full of “holes” that attackers can take advantage of, if used correctly you will insure yourself against most unpleasant surprises. For example, when entering a dubious “hacker” site, the protection can be strengthened...

Conclusion

There are no antiviruses that guarantee 100% protection against viruses, and statements about the existence of such systems can be regarded as either false advertising or unprofessionalism. Such systems do not exist, since for any antivirus algorithm it is always possible to propose a counter-algorithm for a virus that is invisible to this antivirus. Moreover, the impossibility of the existence of an absolute antivirus was proven mathematically based on the theory finite state machines, the author of the proof is Fred Cohen.

So in order not to expose your computer to viruses and to ensure reliable storage of information on disks, you must follow the following rules:

· Equip your computer with modern anti-virus programs;

· Before reading information stored on other computers from floppy disks/CD/flash, always check these diskettes for viruses by running your computer's anti-virus programs.

· When transferring archived files to your computer, scan them immediately after unzipping them on your hard drive, limiting the scan scope to newly recorded files only.

· Check periodically for availability viruses hard computer disk, running anti-virus programs to test files, memory and system areas of disks from a write-protected floppy disk, after loading the OS also from a write-protected system floppy disk.

· Always write-protect your floppy disks when working on other computers unless they will be written to.

· Be sure to make backup copies of information that is valuable to you on external media.

· Do not leave floppy disks in drive A: pocket when turning on or rebooting the OS to prevent your computer from being infected by boot viruses.

· Use anti-virus programs to inspect all executable files received from computer networks.

· Buy distribution copies of software from official sellers rather than copying them for free or almost free from other sources or buying pirated copies.

· Use information integrity checking utilities.

Bibliography

1. Computer Science: Textbook – 3rd revision. ed./Ed. Prof. N.V. Makarova. – M.: Finance and Statistics, 2000. – 768 p.

2. Kaspersky E.V. Computer viruses: what they are and how to fight them - M.: SK Press, 1998. –288 p.

3. The largest European magazine about computers “Computer Bild” Russian edition No. 8/2006. P.36-41.

4. Leontiev V.P. Latest encyclopedia personal computer 2003. – M.: OLMA-PRESS, 2003. – 920 p.: ill. (P.381-388, P.801-806)

A worm is a self-replicating program that spreads primarily across the Internet. Some worms get onto a PC when an infected e-mail message is opened, others can select and attack computers in automatic mode.

A “Trojan” is a virus that gets onto a PC, masquerading as useful program. Performs unauthorized actions: deleting and modifying data, collecting and sending information, transferring computer control to a remote user.

1 Backdoor virus. Performs unauthorized computer control. Typically consists of two parts: a small program that is secretly installed on the affected computer, and a control program that is located on the attacker's PC.

2 A rootkit is a program that allows you to secretly take control of a hacked system. A rootkit is usually installed by a hacker on a hacked PC after gaining initial access and very effectively masks its presence in the system. A rootkit includes a variety of utilities for obtaining superuser rights, for “covering up” traces of an intrusion into a system, hacker tools and Trojans.

1 A bot is a malicious program that, having penetrated a PC, secretly controls access to the Internet and allows attackers to use the victim computer to carry out, for example, unauthorized spam mailing.

1 “False positive” – detection of a virus in an uninfected object.

2 “On-demand scanning” – search for viruses at the user’s request.

3 “Scanning on the fly” (real-time, on-the-fly) – constant scanning of objects accessed for viruses.

Significantly lower than macro viruses. For this reason, such incidents almost never end in mass epidemics, which cannot be said about macro viruses.2 Anti-virus software for local network servers The issues of effective anti-virus protection today are more relevant than ever both in the corporate sector and among private users, however, unlike the latest, problems and challenges arising...

Control. We analyzed the main aspects of the problem that macro viruses posed to programmers around the world, talking about macro viruses distributed through documents Microsoft package Office in general and the MS Word word processor in particular. I would like to briefly touch on macro viruses, which are not yet so common, but whose potential danger is comparable to the danger...

There is a class of programs that were originally written for the purpose of destroying data on someone else’s computer, stealing someone else’s information, unauthorized use of someone else’s resources, etc., or acquired such properties for some reason. Such programs carry a malicious payload and are accordingly called malware. All malicious programs, according to their methods of distribution and malicious load, can be divided into four main types - computer viruses, worms, Trojans and other programs.

A computer virus is a program that can create duplicates of itself and inject them into computer networks and/or files, system areas of the computer and other executable objects. At the same time, duplicates retain the ability to further spread. The main goals of any computer virus are to spread to other computer resources and perform special (often malicious) actions upon certain events or user actions, special actions. Activation of a virus can occur in several ways and, in accordance with the chosen method, viruses are divided into boot viruses, file viruses, macro viruses, and script viruses. Depending on the methods of masking from antiviruses used, viruses can be divided into encrypted, metamorphic (when using this method, viral copies are created by replacing some commands with similar ones, rearranging parts of the code) and polymorphic, using a combination of two types of masking.

A worm (network worm) is a malicious program that spreads across network channels and capable of independently overcoming computer network security systems, as well as creating and further distributing copies of itself, which do not necessarily coincide with the original. Depending on the method of penetration into the system, worms are divided into network, mail, IM worms, IRC worms, and P2P worms. Based on the activation method, all worms can be divided into two large groups - those that require active user participation and those that do not.

Trojan (Trojan horse) is a program whose main purpose is to cause harmful effects on a computer system by performing actions unauthorized by the user: theft, damage or deletion of confidential data, disruption of the computer or use of its resources for unseemly purposes. Trojans are classified according to the type of malicious payload: keyloggers, password stealers, hidden utilities remote control, anonymous SMTP servers and proxy servers, dialer utilities, browser settings modifiers, logic bombs, DDoS attack organizers.

Other malware includes:

riskware - remote control utilities, which are often used by administrators of large networks, IRC clients, programs for downloading files from the Internet, recovery utilities forgotten passwords and others;

adware - shareware programs that, as payment for their use, display advertising to the user, most often in the form of graphic banners;

pornware - this class includes utilities that are in one way or another related to showing pornographic information to users; hacking utilities - this type of program includes programs for hiding the code of infected files from anti-virus scanning, virus constructors and similar utilities;

evil jokes are programs that deliberately mislead the user by showing various kinds of notifications or threats.

Antivirus programs are programs whose main task is to protect against malware. Of all anti-virus protection methods, two main groups can be distinguished: signature methods and heuristic methods.

Signature-based methods are precise methods for detecting viruses based on comparing a file with known virus samples. A virus signature is a set of features that make it possible to uniquely identify the presence of a virus in a file (including cases when the entire file is a virus). All together, the signatures of known viruses make up the anti-virus database. The task of identifying signatures is usually solved by people - experts in the field of computer virology, who are able to isolate the virus code from the program code and formulate its characteristic features in a form that is most convenient for searching. To obtain a signature, you must have a sample of the virus. Consequently, the signature method is unsuitable for protection against new viruses, because until the virus has been analyzed by experts, it is impossible to create its signature. That is why all major epidemics are caused by new viruses. From the moment a virus appears on the Internet until the first signatures are released, several hours usually pass, and during this time the virus is able to infect computers almost unhindered.

Heuristic methods are approximate detection methods that allow us to assume with a certain probability that a file is infected. Heuristic analysis is based on the assumption that new viruses are often similar to any already known ones. Based on this assumption, a heuristic method is to search for files that do not completely, but very closely match the signatures of known viruses. A positive effect of using this method is the ability to detect new viruses even before signatures are allocated for them. Another method is based on identifying the main malicious actions, such as deleting a file, writing to a file, writing to certain areas system registry, opening a listening port, intercepting data entered from the keyboard, sending letters, etc. A heuristic analyzer based on this principle must constantly monitor the actions performed by programs. The advantage of the described method is the ability to detect previously unknown malicious programs, even if they are not very similar to known programs. For example, a new malicious program may use a new vulnerability to penetrate a computer, but after that it begins to perform already familiar malicious actions. The negative aspects of both approaches include:

probability of false positives

impossibility of treatment

low effectiveness against innovative viruses

Almost any antivirus today uses all known virus detection methods. But detection tools alone are not enough for the successful operation of an antivirus; in order for purely antivirus tools to be effective, additional modules are needed that perform secondary functions. First of all, every antivirus must contain an update module. This is due to the fact that the main method of detecting viruses today is signature analysis, which relies on the use of an anti-virus database. In order for signature analysis to effectively deal with the latest viruses, antivirus experts constantly analyze samples of new viruses and release signatures for them. After this, the main problem becomes delivering signatures to the computers of all users using the corresponding antivirus program. This is exactly the problem that the update module solves. After experts create new signatures, signature files are placed on the servers of the antivirus manufacturer and become available for download. The update module contacts these servers, determines the presence of new files, downloads them to the user's computer, and instructs the anti-virus modules to use the new signature files.

The second important auxiliary module is the planning module. There are a number of actions that an antivirus must perform regularly: in particular, scanning the entire computer for viruses and updating the anti-virus database. The update module allows you to configure the frequency of performing these actions. To update the anti-virus database, it is recommended to use a short interval - one hour or three hours, depending on the capabilities of the Internet access channel. Currently, new modifications of malware are constantly being discovered, forcing antivirus companies to release new signature files literally every hour. If a computer user spends a lot of time on the Internet, he exposes his computer to great risk and therefore should update the anti-virus database as often as possible. A full scan of the computer should be carried out, if only because new malicious programs appear first, and only then signatures for them, which means it is always possible to download a malicious program onto the computer before updating the anti-virus databases. To detect these malicious programs, your computer needs to be re-scanned periodically. A reasonable schedule for checking your computer is once a week. Based on the above, the main task of the planning module is to provide the opportunity to select for each action a schedule that is most suitable for this type of action. Therefore, the updater must support many different scheduling options from which to choose.

As the number of modules in an antivirus increases, the need for an additional module for management and configuration arises. In the simplest case, it is a common interface module with which you can access the most important functions in a convenient form. The main requirements for such a module are easy access to settings, intuitive clarity, detailed reference system, describing each setting, the ability to protect settings from changes if several people work at the computer. All antiviruses have a similar control module. home use. Antiviruses to protect computers on large networks must have slightly different properties. It has been said more than once that in a large organization, not computer users, but special employees are responsible for setting up and proper functioning of antiviruses. If there are many computers in an organization, then each employee responsible for security will have to constantly run from one computer to another, checking that the settings are correct and viewing the history of detected infections. This is a very inefficient approach to security system maintenance. Therefore, to simplify the work of anti-virus security administrators, anti-viruses that are used to protect large networks are equipped with a special management module.

Among other auxiliary tools, many antiviruses have special technologies that protect against possible data loss as a result of the actions of the antivirus. For example, it is easy to imagine a situation in which a file is detected as possibly infected by a heuristic analyzer and is deleted according to the antivirus settings. However, the heuristic analyzer never gives a 100% guarantee that a file is actually infected, which means that with a certain probability the antivirus could delete an uninfected file. Or the antivirus detects an important document infected with a virus and tries to perform disinfection according to the settings, but for some reason it fails and is lost along with the cured virus important information. Of course, it is advisable to insure against such cases. The easiest way to do this is if you save backup copies of files before disinfecting or deleting them, then if it turns out that the file was deleted by mistake or important information was lost, you can always restore from the backup copy.

Data protection - This is the use of various means and methods, the use of measures and the implementation of activities in order to ensure a system of reliability of transmitted, stored and processed information.

The problem of information security in electronic data processing systems arose almost simultaneously with their creation. It was caused by specific facts of malicious actions over information.

If in the first decades of active PC use the main danger was posed by hackers who connected to computers mainly through telephone network, then in the last decade the violation of information reliability has progressed through programs, computer viruses, global network Internet.

There are quite a lot methods of unauthorized access to information, including: viewing; copying and substitution of data; entering false programs and messages as a result of connecting to communication channels; reading the remaining information on its media; reception of electromagnetic radiation and wave signals; use of special programs.

1. Means of identification and restriction of access to information

One of the most intensively developed areas for ensuring information security is the identification and determination of the authenticity of documents based on an electronic digital signature.

2. Cryptographic method of information protection

The most effective means of increasing security is cryptographic transformation.

3. Computer viruses

Destruction of the file structure;

The disk drive warning light comes on when it is not being accessed.

The main ways computers are infected with viruses are usually removable disks (floppy disks and CD-ROMs) and computer networks. Infection of a computer's hard drive can occur if the computer is booted from a floppy disk containing a virus.

Based on the type of habitat viruses have, they are classified into boot, file, system, network and file-boot (multifunctional).

Boot viruses are embedded in the boot sector of the disk or in the sector that contains the system disk boot program.

File viruses are placed mainly in executable files with the extension .COM and .EXE.

System viruses embedded in system modules and drivers peripheral devices, file allocation tables and partition tables.

Network viruses are located on computer networks, and file-boot - infect boot sectors of disks and files application programs.

Along the path of infection of the environment, viruses are divided into resident and non-resident.

Resident viruses when a computer is infected, they leave their resident part in the operating system, which, after infection, intercepts the OS's calls to other infection objects, infiltrates them and carries out its destructive actions, which can lead to shutdown or reboot of the computer. Non-resident viruses do not infect the computer’s operating system and are active for a limited time.

The structural features of viruses affect their manifestation and functioning.

Logic bomb is a program that is built into a large software package. It is harmless until a certain event occurs, after which its logical mechanism is implemented.

Mutant programs self-reproducing, creating copies that are clearly different from the original.

Invisible viruses or stealth viruses, intercept OS calls to infected files and disk sectors and substitute uninfected objects in their place. When accessing files, these viruses use rather original algorithms that allow them to “deceive” resident anti-virus monitors.

Macro viruses use the capabilities of macro languages that are built into office data processing programs ( text editors, spreadsheets).

By degree of impact on resources computer systems and networks, or according to destructive capabilities, they distinguish harmless, non-dangerous, dangerous and destructive viruses.

Harmless viruses do not have a pathological effect on the operation of the computer. Non-dangerous viruses do not destroy files, but reduce free space disk memory, display graphic effects. Dangerous viruses often cause significant disruption to computer operation. Destructive viruses may lead to erasure of information, complete or partial disruption of application programs. It is important to keep in mind that any file that is capable of downloading and executing program code is a potential place where a virus could be placed.

4. Antivirus programs

The widespread use of computer viruses has led to the development of anti-virus programs that can detect and destroy viruses and “treat” affected resources.

The basis of most antivirus programs is the principle of searching for virus signatures. Virus signature call some unique characteristic a virus program that indicates the presence of a virus in a computer system.

According to the way they work, antivirus programs can be divided into filters, auditors, doctors, detectors, vaccines, etc.

Filter programs - these are “watchmen” who are constantly in the OP. They are resident and intercept all requests to the OS to perform suspicious actions, i.e. operations that use viruses to reproduce and damage information and software resources on the computer, including reformatting the hard drive. Among them are attempts to change file attributes, correct executable COM or EXE files, and write to boot sectors of the disk.

The constant presence of “guard” programs in the OP significantly reduces its volume, which is the main disadvantage of these programs. In addition, filter programs are not able to “clean” files or disks. This function is performed by other antivirus programs, for example AVP, Norton Antivirus for Windows, Thunder Byte Professional, McAfee Virus Scan.

Auditor programs are a reliable means of protection against viruses. They remember the initial state programs, directories and system areas of the disk, provided that the computer has not yet been infected with a virus. Subsequently, the program periodically compares the current state with the original one. If inconsistencies are detected (file length, modification date, file cyclic control code), a message about this appears on the computer screen. Among the audit programs we can highlight the Adinf program and its add-on in the form of the Adinf cure Module.

Doctor program is capable of not only detecting, but also “cleaning” infected programs or disks. At the same time, it destroys the infected programs of the virus body. Programs of this type can be divided into phages and polyphages. Phages - These are programs that are used to search for viruses of a certain type. Polyphages designed to detect and destroy a large number of different viruses. In our country, the most commonly used polyphages are MS Antivirus, Aidstest, Doctor Web. They are continuously updated to combat emerging new viruses.

Detector programs capable of detecting files infected with one or more viruses known to program developers.

Vaccine programs or immunizers, belong to the class of resident programs. They modify programs and disks in such a way that this does not affect their operation. However, the virus against which the vaccination is carried out considers them already infected and does not invade them. IN currently Many anti-virus programs have been developed that are widely recognized and are constantly being updated with new tools to combat viruses.

5. Data security in an online environment

Online environments are vulnerable to data security. An example of interactive environments is any of the systems with communication capabilities, such as e-mail, computer networks, and the Internet.

In order to protect information from hooligan elements, unqualified users and criminals, the Internet system uses a system of authority, or access control.

Assignment: notes, answer questions from teacher Tsv., p. 176, question. 3, 4 and 5.

Today, there is probably not a single person who has not suffered from computer viruses. Each system has shortcomings and may be vulnerable, but when it comes to a personal computer, one would like to hope that the protection of information from viruses on it is maximum and that all possible ways and funds.

How to secure your personal computer?

The World Wide Web is attracting more and more users; they constantly exchange information through email, social media, special programs. It is the Internet that is the main source of viruses, which, once they enter a system, tend to spread, penetrate computer objects, change or destroy information, and perform the most incredible harmful actions. It should be noted that viruses can only enter a computer from the outside, via the Internet or other media: disks or memory cards.

To ensure maximum information protection from viruses, it is enough to perform the following steps:

Make copies of all information on your computer on several disks and media. This medium should only be used for data storage;
In the future, duplicate all information;
Do not connect untested or questionable media to your computer; it is advisable to always have a clean spare disk or memory card;
Do not use the Internet at least on your work computer.

The latter is quite difficult to observe, but even when using the World Wide Web, you need to be careful:

Do not follow third-party links, do not download anything, use trusted resources;
Do not open pop-ups and suspicious messages;
Visit websites of an exclusively entertaining nature less often, and if information is necessary, look for it on official websites;
Remember that sites with information only of an erotic nature are always infected and you cannot visit them;
Install and correctly use anti-virus programs.

The last point deserves special attention; anti-virus protection is a mandatory attribute of a modern computer.

But what are viruses? They are created specifically to damage other computers and the information contained on them. They are programs written in a lower computer language that are automatically distributed to another software through infected media or when connecting to Internet resources.

There are three types of viruses:

Worms. Distributed through social networks, letters sent by email;
Viruses. They take control of the computer when running infected files;
Trojan programs. They are the most dangerous because they can perform independent actions on someone else’s computer that are not authorized by the owner, destroy or damage files, and steal data.

Viruses can reside in any part of a computer system and wait for a specific event or action to begin active work. They may well be harmless and exist on the computer for years without causing much harm, creating only some difficulties in operation. certain programs. It is worth noting that there are only a few of these, the majority of viruses are very dangerous, and that is what they were created for.

Viruses are now so advanced that they can do various functions. There are a number of viruses that infect RAM and then the whole computer, there are those that exist for a short time, perform certain actions and remain unidentified.

Signs of infection and antivirus programs

By certain features of your computer you can accurately determine the presence of viruses on it:

The computer works slowly, often freezes, and there are other glitches;
Launching programs takes considerable time;
The operating system does not boot;
Files cannot be opened or their contents are damaged;
The browser is unstable, certain windows cannot be closed, and messages of a dubious nature appear;
Programs run independently, without the participation of the owner;
Malfunctions of disks and memory cards.

It is worth noting that such problems can be caused not only by the activity of viruses, but if they occur constantly and interfere with normal operation, then it is necessary to check the computer. It is better to conduct a full scan of the system, especially if an antivirus program has not been installed on the computer.

How can you fight viruses, watch the video:

To check for viruses, you need to do the following:

Copy absolutely all information to a flash card or other storage medium;
Turn off the internet, turn off local network, if it is used;
If the computer does not turn on, try booting it using an emergency boot disk or in protection mode;
Install the latest licensed version of the antivirus;
Swipe full check computer for viruses using an antivirus program.

Find out from the video which free and paid antivirus is better:

No installation antivirus program It’s better not to start working on the Internet, with media. The program must be updated periodically to latest version. This is easy to do on the official website. Nowadays there are mainly two used: Kaspersky Laboratories and Dr. Web. They are constantly being improved, special algorithms are being developed that can identify unknown viruses. It should be remembered that if the program is installed on a computer, you need to follow all its recommendations, do not ignore them, and regularly carry out full checks.

Popular

How to number pages in OpenOffice

« From: Belgorod Registered: 2015.03.18 Posts: 550 Likes: 81 Topic: Open Document How to number pages Page numbers in a text... »

The largest public pages on VKontakte Cook it!

« 1. Collections of movies, Public films with those “save them on your wall so you don’t forget to watch them.” For convenience, in publications along with lists... »

Samsung Galaxy A9 Star Pro: the first smartphone with a quad camera Information about the type of speakers and audio technologies supported by the device

« The Koreans presented the world's first smartphone with four cameras - Samsung Galaxy A9 (2018). The price at the start of sales is 39,990 rubles. Someday this... »