Each of us has come across a computer virus at least once in our lives. And it's good if the pest is weak. An antivirus program can easily deal with a simple virus. But the more serious software that hackers usually use can cause irreparable damage to the entire system and personal data.
Many people know what a computer virus is. But not everyone fully understands its role and capabilities. This type of malware software It can easily copy itself, penetrate into the code of other applications, disrupt the performance of system memory structures and boot sectors, and spread through various communication channels.
Many inexperienced users believe that the purpose of a virus is to damage or delete personal data. In fact, this is not the case. Of course, there are different types of computer viruses, but most often their main purpose is to spread malware. But the accompanying actions are just the deletion of information, damage to data elements, blocking of functioning and much more.
It is important to understand that a computer virus is not always manageable. Therefore, if the hacker did not want to create malicious elements, the software can still harm the system due to oversights that were made during development, and the OS and other applications simply may not register such errors.
Inexperienced users often refer to any malware as a virus. This is not entirely correct, since viruses in particular are just a type of such software.
When specialists developed a self-replicating virus, no one knew. But it was precisely such developments that became the basis for its formation.
Before creating self-replicating mechanisms, it was necessary to lay down the algorithms of the theory. This was done by John von Neumann. Already in 1951, he discovered ways to create such a program.
His idea was supported by many experts and began an active publication, which was devoted to the development of a self-replicating system.
In one of the articles, the first mechanical structure of this type was presented. So people were able to learn about a two-dimensional model of structures that could independently activate, capture and release.
Such a self-replicating program was imperfect due to the fact that the virtual "creature" died due to the lack of current supply to the platform.
Another attempt to develop the first computer viruses was the invention of an unusual puzzle called "Darwin". In the early 1960s, scientists from an American company created a series of utilities that they called "organisms." The software had to be loaded into the archives of the computer. The "organisms" that were formed by one player were supposed to consume the enemy "organisms" and take their territory. The winner was the one who took away all the memory or accumulated more points.
Many people believe that humanity has learned what a computer virus is already by the 70s of the XX century. However, self-replicating programs or games like "Darwin" cannot be called viruses. Real "pests" became known much later and were much more influential and dangerous.
The most was created in the early 80s. After that, the active development of malware began. As a result, along with Elk Cloner, Joe Dellinger's virus appears, the "Dirty Dozen" project, followed by a number of antivirus utilities.
He was the first to show the world a boot virus. Elk Cloner was designed specifically for the Apple II. It was possible to find the "pest" immediately when the system was booted: a message appeared with a small poem, in which the virus threatened the user with the loss of personal files, disruption of system work and the impossibility of deletion.
John Dellinger also begins his activity. He also developed a virus for the Apple II. The specialist so wanted to be the first that he missed one of the malicious programs. She began to "spread" throughout the university. One of the sectors of the memory analysis easily detected it. Though regular user I could not find this section in the system.
The John Dellinger virus was overwhelming the graphics of one famous puzzle. As a result, after half a month, all the "pirated" versions were "broken". To fix the error, the developer created another virus that fixed the previous version.
By 1984, many experts began to understand what a computer virus is. The first research paper was released that raised the issues and concerns of systemic infection. Despite the fact that the term itself was proposed by the curator of the author of the article, it is the researcher Cohen who is called the author of this term.
When many began to understand what a computer virus is, it became clear that there is a need to create system protection against it. The first anti-virus program was developed by Andy Hopkins. A similar utility has been analyzing the text of the boot file since 1984, pointing out all the dubious elements of codes and notifications.
At one time, it turned out to be the simplest and most effective. The program could redirect the writing and formatting processes that took place through the BIOS. At the same time, she allowed the user to intervene in the operation.
By the end of the eighties, a cheap IBM PC was released. Its appearance was the impetus for the development of larger-scale viruses. Therefore, in a short period of time, there have been three major systemic disasters.
Naturally, computer virus outbreaks have never happened before. Therefore, the fight against them turned out to be difficult. The first attack occurred thanks to the Brain virus, which was developed by two brothers back in 1986. And the very next year it was launched on all computers.
Now it is difficult to say how large-scale the epidemic was. It is only known that the virus has affected more than 18 thousand systems. As it turned out later, the brothers did not want to harm anyone. The virus was supposed to punish "pirates" who stole software. But something went wrong, and Brain touched not only Pakistan itself, but also users around the world. Many experts got acquainted with the first stealth virus, which changed the infected sector to its complete original.
The Brain virus has also been associated with a pest known as Jerusalem. In the late 1980s, several companies and universities suffered from it. The virus instantly deleted data upon activation. Later it became known that this is one of the most widespread pests that affected users from Europe, America and the Middle East.
The infection with computer viruses did not stop there. The world soon learned about the Morris worm. It was the first network pest to target Unix. It was planned that the utility would get into the computer system and remain there, without the possibility of detection. The author of the virus wanted to make it hidden and harmless, but everything did not go according to plan. The reason for the self-propagation of the virus was mistakes made during the development.
The epidemic has severely impacted the functionality of systems. It later turned out that the damage amounted to $ 96 million. Although, if the author wanted to deliberately harm the operating system, the amount would be much larger.
Such an unsuccessful development led Morris to court, where he was given three years probation, sent to community service and forced to pay a "round" amount.
Until specialists began to understand the types of computer viruses, systemic outbreaks occurred more and more often. This is how DATACRIME became known in 1989. It was not just a virus, but a whole series. In just a few months, she managed to hit more than 100 thousand systems.
This problem could not pass by the programmers, and soon utilities were released that scanned the lines characteristic of this virus.
When this series of viral programs was done away with, the first Trojan horse, AIDS, was born. This is how users learned about ransomware that blocked access to data on the hard drive and showed only information on the monitor. AIDS demanded $ 189 for a specific address. Naturally, many users paid the ransomware. But he was soon arrested after being caught cashing checks.
It turned out that knowing what a computer virus is is not enough. It was necessary to somehow distinguish between "pests" in order to develop protective utilities afterwards. In addition, the development of the PC also influenced the classification of computer viruses.
Malware can now be classified according to its propagation method and functionality. Before the widespread development of the Internet, viruses could be stored on floppy disks and other media. Now they are mainly transmitted through local and global networks. Along with this, their functionality has also grown.
Unfortunately, it has not yet been possible to develop a clear classification. However, viruses can be divided into those that:
This includes the following types of computer viruses: file, boot, script, violating the source code, macro viruses.
For example, a file malware affects file system computer for its "reproduction". It is embedded in almost any executable document. operating system... Usually, as his "victim" he can choose binaries with the extension ".exe" or ".com", can affect the dynamic link library, "firewood" or batch files.
A macro virus usually "lodges" in application packages such as Microsoft Office. With the help of macro languages, such "pests" can move from one file to another.
There are viruses that can infect any operating system. But not all are geared towards “collaborating” with every platform. Therefore, hackers develop viruses for individual operating systems. This includes DOS, Windows, Linux, Unix and many more.
The peculiarity of computer viruses is that they can use special technologies. For example, a technique is used that lowers the detection rate. As a result, the simplest antivirus applications cannot detect the pest.
Stealth viruses are translated as "invisible". Such software completely or partially obscures its presence. To do this, the virus intercepts calls to the OS.
This group includes rootkits. They can be represented by executable files, scripts, configuration documents. Their task is to provide masking of objects, to manage events that occur in the system, to collect data.
A lot of time has passed since the appearance of viruses and antivirus programs. In different years, special pests appeared that were remembered by the whole world due to their catastrophic influence.
For example, CIH is a virus that was dedicated to the tragedy at the Chernobyl nuclear power plant. At the moment of activation, the "pest" paralyzed the work of all systems. Nimida turned out to be the fastest virus that took a quarter of an hour to infect a million PCs.
Slammer was called the most aggressive because the virus deleted information from 75 thousand systems in just 10 minutes. Conficker is considered to be one of the most dangerous "pests". The worm attacked Windows systems and damaged 12 million computers in 3 months.
In the 2000s, the ILOVEYOU virus was registered. Later, he got into the Guinness Book of Records, receiving the title of "The most destructive computer virus in the world." This worm infected 15 million computers, and the damage to the world economy, according to various estimates, amounted to 10-15 billion dollars.
Now they still happen, but powerful antivirus programs sometimes cope with them. There is an international independent organization that analyzes the performance of security utilities. AV-TEST has presented a list of the best antivirus programs of 2017:
These are the most efficient utilities at the moment. While they are all paid, each has a trial period and a relatively low annual cost.
Computer viruses
Computer virus is a small program written by a highly qualified programmer capable of self-propagation and performing various destructive actions. To date, more than 50 thousand computer viruses are known.
There are many different versions regarding the date of birth of the first computer virus. However, most experts agree that computer viruses, as such, first appeared in 1986, although historically the emergence of viruses is closely related to the idea of creating self-replicating programs. One of the "pioneers" among computer viruses is the "Brain" virus, created by a Pakistani programmer named Alvi. In the United States alone, this virus has infected over 18,000 computers.
Viruses act only programmatically. They usually attach to the file or penetrate the body of the file. In this case, the file is said to be infected with a virus. The virus gets into the computer only together with the infected file. To activate the virus, you need to download the infected file, and only after that, the virus begins to act on its own.
Some viruses become memory resident during the execution of an infected file (they are permanently located in random access memory computer) and can infect other downloaded files and programs.
Another type of virus, immediately after activation, can cause serious damage, for example, formatting a hard disk. The effect of viruses can manifest itself in different ways: from different visual effects that interfere with work, to the complete loss of information.
The main sources of viruses:
a floppy disk containing virus-infected files;
a computer network, including an e-mail system and the Internet;
a hard drive that got a virus as a result of working with infected programs;
a virus left in RAM after the previous user.
The main early signs of a virus infection of your computer are:
reducing the amount of free RAM;
slowing down the loading and operation of the computer;
incomprehensible (for no reason) changes in files, as well as changes in the size and date of the last modification of files;
errors when loading the operating system;
the inability to save files in the required directories;
incomprehensible system messages, musical and visual effects, etc.
Signs of the active phase of the virus:
disappearance of files;
formatting hard disk;
inability to load files or operating system.
There are many different viruses. They can be conditionally classified as follows:
1) boot viruses or BOOT viruses infect boot sectors of disks. Very dangerous, can lead to the complete loss of all information stored on the disk;
2) file viruses infect files. Are divided into:
viruses that infect programs (files with the .EXE and .COM extensions);
Macro viruses Viruses that infect data files such as Word documents or Excel workbooks;
satellite viruses use the names of other files;
DIR viruses distort system information about file structures;
3) boot-file viruses capable of infecting both boot sector code and file code;
4) invisible viruses or STEALTH viruses falsify information read from the disk so that the program that is intended for this information receives incorrect data. This technology, which is sometimes called Stealth technology, can be used in both BOOT viruses and file viruses;
5) retroviruses infect antivirus programs, trying to destroy them or disable them;
6) worm viruses provide small e-mail messages with a so-called header, which is essentially the Web address of the location of the virus itself. When trying to read such a message, the virus begins to read its "body" through the global Internet network and, after downloading, begins a destructive action. They are very dangerous, as it is very difficult to detect them, due to the fact that the infected file does not actually contain the virus code.
If you do not take measures to protect against computer viruses, the consequences of infection can be very serious. In a number of countries, criminal legislation provides for liability for computer crimes, including the introduction of viruses. General and software tools are used to protect information from viruses.
Common remedies that help prevent infection with the virus and its devastating effects include:
information backup (making copies of files and system areas of hard drives);
refusal to use random and unknown programs. Most often, viruses are spread along with computer programs;
restricting access to information, in particular, physical protection of a floppy disk while copying files from it.
Various antivirus programs (antiviruses) are classified as protection software.
Antivirus is a program that detects and neutralizes computer viruses. It should be noted that viruses are ahead of anti-virus programs in their development, therefore, even in the case of regular use of anti-viruses, there is no 100% security guarantee. Antivirus programs can detect and destroy only known viruses; when a new computer virus appears, protection against it does not exist until its own antivirus is developed for it. However, many modern anti-virus packages include a special software module called heuristic analyzer, which is able to examine the contents of files for the presence of code typical of computer viruses. This makes it possible to timely identify and warn of the danger of infection with a new virus.
The following types of antivirus programs are distinguished:
1)detector programs: are designed to find infected files by one of the known viruses. Some detector programs can also cure files for viruses or destroy infected files. There are specialized, that is, detectors designed to deal with one virus and polyphages that can fight many viruses;
2) healer programs: designed to cure infected drives and programs. Treatment of the program consists in removing the body of the virus from the infected program. They can also be both polyphages and specialized;
3) auditor programs: designed to detect virus infection of files, as well as find damaged files. These programs remember data about the state of the program and the system areas of disks in the normal state (before infection) and compare these data while the computer is running. In case of data inconsistency, a message about the possibility of infection is displayed;
4) healers-auditors: designed to detect changes in files and system areas of disks and, in case of changes, return them to their initial state.
5) filter programs: designed to intercept calls to the operating system, which are used by viruses to propagate and inform the user about it. The user can enable or disable the corresponding operation. Such programs are resident, that is, they are located in the computer's RAM.
6) vaccine programs: are used to process files and boot sectors in order to prevent infection by known viruses (recently this method has been used more and more often).
It should be noted that choosing one "best" antivirus is an extremely erroneous decision. It is recommended to use several different anti-virus packages at the same time. When choosing an anti-virus program, you should pay attention to such a parameter as the number of recognizing signatures (a sequence of characters that are guaranteed to recognize a virus). The second parameter is the presence of a heuristic analyzer for unknown viruses, its presence is very useful, but it significantly slows down the program's operation time.
Control questions
What is a computer virus?
How does a virus infect a computer?
How do computer viruses work?
What sources of computer virus infection do you know?
By what signs can you detect the fact of a computer virus infection?
What types of viruses do you know? What destructive actions do they carry out?
What actions are taken to prevent infection with a computer virus?
What is antivirus? What types of antivirus do you know?
What is a heuristic analyzer? What functions does it perform?
Computer viruses- special programs that are created by cybercriminals to obtain any benefit. Their principle of operation can be different: they either steal information, or induce the user to perform some action for the benefit of the attackers, for example, replenish an account or send money.
Today, there are many different viruses. The main ones will be discussed in this article.
Now there are several tens of thousands. computer viruses.
Depending on the habitat, viruses are divided into boot, file, system, network, file-boot.
Boot viruses injected into the boot sector of the disk or into the sector containing the boot program for the system disk.
File viruses are embedded mainly in executable files with the .COM and .EXE extensions.
System viruses penetrate system modules and peripheral device drivers, file allocation tables and partition tables.
WITH network viruses inhabit computer networks; f file - bootable (multifunctional) infect disk boot sectors and application files.
According to the method of infecting the environment, viruses are subdivided into resident and non-resident.
Resident viruses When a computer is infected, it leaves its resident part in RAM, which then intercepts the operating system's access to other objects of infection, injects itself into them and performs its destructive actions up to shutting down or restarting the computer. Non-memory resident viruses do not infect the PC's RAM are active for a limited time.
The algorithmic feature of the construction of viruses affects their manifestation and functioning. For example, replicator programs, due to their fast reproduction, lead to an overflow of the main memory, while the destruction of replicator programs becomes more difficult if the reproduced programs are not exact copies of the original. In computer networks, widespread programs-"worms". They calculate the addresses of network computers and send copies of themselves to these addresses, maintaining communication with each other. If the worm ceases to exist on any PC, the rest of them find a free computer and inject the same program into it.
"Trojan horse"Is a program that masquerades as a useful program, performs additional functions that the user does not even know about (for example, collects information about names and passwords, writing them to a special file accessible only to the creator of this virus), or destroys the file system.
Logic bomb Is a program that is built into a large software package. It is harmless until a certain event occurs, after which its logical mechanism is realized. For example, such a virus program starts working after a certain number of an application program, a complex; in the presence or absence of a specific file or file record, etc.
Mutant programs, self-replicating, they recreate copies that are clearly different from the original.
Invisible viruses, or stealth viruses intercept the operating system's calls to infected files and disk sectors and substitute uninfected objects for themselves. When accessing files, such viruses use rather original algorithms that allow "tricking" the resident antivirus monitors.
Macro viruses use the capabilities of macro-languages built into office data processing programs (text editors, spreadsheets, etc.).
According to the degree of impact on the resources of computer systems and networks, or destructive capabilities, harmless, harmless, dangerous and destructive viruses are distinguished.
Harmless viruses do not have a destructive effect on the operation of the PC, but they can overwhelm the RAM as a result of their reproduction.
Harmless viruses does not destroy files, but reduces free disk space, displays graphical effects, creates sound effects, and so on. Dangerous viruses often lead to various serious disruptions in the operation of the computer; destructive - to erasure of information, complete or partial disruption of the operation of application programs. It should be borne in mind that any file capable of loading and executing program code is a potential location for a virus to infiltrate.
Anyone who deals with computers, undoubtedly, many times met with the concept of "virus", "Trojan", "Trojan horse" and the like, earlier, in the pre-computer era, used exclusively in biomedical and historical research. These words designate a certain kind of programs that are often used to frighten inexperienced users, describing their irresistible force that can destroy everything in a computer, even the mechanical structure of a hard drive.
Computer virus is a malicious computer program that contains a piece of code that is executed after a virus runs on a computer system. While running, the virus infects other programs with copies of itself.
The effect of the virus can range from mild annoyance to the user to complete destruction of all data on the system. However, some viruses can replicate themselves and spread to other systems. This makes it difficult to localize viruses and protect against them. To write a simple virus, you just need to enter a few lines of code.
Viruses can be transmitted about communication lines or spread on infected media... This makes it difficult to localize the creator of the virus. Some viruses can hide inside other programs or infiltrate the computer's operating system.
Virus attacks are vulnerable all computer operating systems however, some are more vulnerable than others. Viruses often hide in new computer game which you can download online. In addition, viruses can be found in macros used in office information systems, or in components downloaded from the Internet Web pages. The ways viruses enter computers are different, but they have one thing in common - viruses enter computer systems only from external sources.
As soon as the virus enters the system, it can begin its destructive activity immediately, or the virus can wait for activation by some event, for example, the receipt of certain data or the onset of a specified date or time. Known several different forms of viruses that can invade the computer system.
Trojan horse is a computer program that is masked or hidden in a part of a program. Unlike other viruses, Trojans do not replicate themselves on the system. Some forms of Trojan horses can be programmed to self-destruct and leave no trace other than the destruction they cause. Some hackers use Trojan horses to retrieve passwords and send them back to the hacker. In addition, they can be used for banking scams where small amounts of money are withdrawn from legitimate accounts and transferred to a secret account.
Worms are programs that destroy a computer system. They can infiltrate data processing programs and replace or destroy data. Worms are like Trojan horses in that they cannot replicate themselves. However, like viruses, they can cause great damage if not detected in time. It is much easier to eliminate a worm or Trojan horse if only a single copy of the destructive program exists.
Logic bombs are similar to programs used for Trojan horses. However, logic bombs have a timer that detonates them at a given date and time. For example a virus Michelangelo has a trigger set for the birthday of the famous artist Michelangelo - March 6th. Logic bombs are often used by disgruntled employees who can set them to activate after they leave the company. For example, a logic bomb might "detonate" when that employee's name is removed from the payroll. Thanks to the built-in delay mechanism, logic bombs are actively used for blackmail. For example, a blackmailer might send a message saying that if a certain amount of money is paid to him, he will provide an instruction to disable the logic bomb.
Origin history viruses are rather vague, as are the goals that their developers pursue. Computer books claim that the first known virus was a program that implements a model of the universe, in which some creatures lived that could move, look for and eat food, as well as multiply and die of hunger. From the point of view of the authors of the book, virus programs are the result of purely scientific research in the field of creating some artificial organisms capable of independent existence, like living beings. This is also emphasized by the name of the programs developed on the basis of such research - viruses, i.e. something alive, capable of reproduction, mutation and self-survival. We must understand that we are invited to classify the creators of computer viruses as harmless eccentrics engaged exclusively in scientific problems divorced from real life.
We will not go deep into the controversy on this matter, noting only that the first program that could really claim to be a virus appeared in 1987 year and it was the Pakistani virus, developed by brothers Amdjat and Bazit Alvi. Their goal was to punish (!) US citizens for buying cheap copies of programs in Pakistan. Further, the number of viruses began to grow at an avalanche rate, and the losses from their appearance in computers began to amount to millions and hundreds of millions of dollars. Infection of computers with viruses of various nature took on the character of an epidemic and required the adoption of protective measures, including legal ones. Let's consider how these malicious creatures, viruses, get into computer systems.
Viruses can enter a wide variety of routes. Viruses enter your computer system from a wide variety of sources, executable programs, programs and files transferred to you by colleagues, software purchased in archived form. Let's take a look at the structure used to store data on floppy disks to reveal locations that are functionally suitable for the hidden existence of viruses. Floppy disks can store data files, programs, and operating system software. They serve as the most common intermediary for transferring data files. A floppy disk consists of a boot sector and data. If necessary, the boot sector can store information needed to boot the computer. It also stores partition information, boot management information, and file location information. Data is all the content that is stored on a floppy disk. The favorite habitat for viruses are boot sectors and executable files stored on a floppy disk. Viruses placed in the boot sector can be launched when the system is booted from a floppy disk. Viruses embedded in executable files are launched together with the infected program, after which they begin their activity in the computer system.
The same virus transfer capabilities provide CDs, which have now become the main means of transferring files and information between computers. CDs contain binary digital information that is written to the disc by creating microscopic pits on the surface of the disc. The information is read by passing a beam of light generated by a laser across the disk. Compact disks are similar to floppy disks in that they also use a boot sector and data structure to store data.
The Internet has provided users with new connectivity options that increase the potential for security holes in their virus protection. Web technologies, such as Java and ActiveX applet creation, make it easier for users to interact over the Internet, but, on the other hand, serve as a convenient vehicle for distributing malicious software. Users of a workstation installed on a computer use software and data files to carry out their tasks. All of this information, including the operating system, is stored on your computer's hard drive. Another place of permanent storage of information necessary for a computer to operate is non-volatile CMOS memory, which stores the basic input / output system (BIOS) of the computer; BIOS procedures are used during system boot, so their infection is a serious danger, despite the small size of the CMOS. Thus, in a computer there are two main places capable of constantly storing and updating information - the hard disk and the CMOS memory. These components of the computer system are the places where viruses most often get when they infect a computer. The favorite habitat for viruses is the hard drive. HDD consists of the following elements. Partition table used to keep track of the partitions and structure of a disk. The Master Boot Record, which indicates whether this disk is capable of booting or not. The boot sector, which tells the system loader where to look for the first file required to start the operating system. ... The first FAT stores a record indicating how all other records are related in the data storage area of the disk. ... The second FAT, which is a backup of the first FAT in case the first is corrupted. ... A diagnostic cylinder used to track errors or isolate problems in a piece of hardware or software. It is available only to the hard drive itself for internal tasks. Most often, viruses hide in the boot sectors, which allows them to influence the system boot (see next section). Another favorite place is executable files. The executable files include the following items. A header that informs the operating system of the type of this file and whether it is intended to work with the current operating system. In addition, the header provides other information that the operating system may need, such as the amount of memory required to open the file. The header occupies a specific area that can separate different parts of the file. A footer that informs the computer's operating system when the end of the file has been reached. In addition, it informs the computer what to do after reaching the end of the file. The file can be supplemented with insignificant information so that the data written to the disk will fill up a certain amount of space. The extension of the executable does not contain any information. For example, an executable file containing 500 bytes of code can be written in a 512 byte block with 12's complement bytes. When infecting an executable file, the virus replaces the executable code of the program with its own code. When the program starts, the virus code is launched, performing various actions instead of those that the program should perform. The habitat of the virus is directly related to its functioning (as in the case of real live viruses). Virus attacks can even be classified according to where they are located on the computer.
There are three main types of virus attacks.
Boot sector viruses infect the boot sector or master boot record of the computer system. When the computer boots up, the virus program is activated. Boot sector viruses primarily move or overwrite the original boot code and replace it with infected boot code. The information of the original boot sector is transferred to another sector of the disk, which is marked as a defective disk area and is not used further. Because the boot sector is the first item loaded when the computer starts up, detecting boot sector viruses can be challenging. Boot sector viruses are one of the most popular types of viruses. They can spread by using infected floppy disks when the computer boots. This can easily happen if the floppy disk is inserted into the drive when the computer is restarted.
Viruses that infect files, infect executable files. They can only be activated when the file is executed. The most commonly affected files are COM, EXE, DLL, DRV, BIN, SYS and VXD files. Viruses that infect files can become resident and attach themselves to other executable programs. File-infecting viruses usually replace the instructions to download the executable file program with their own instructions. They then move the original program load instruction to a different section of the file. This process increases the file size, which can help detect the virus.
Viruses based on macros ( macro viruses), perform unintended actions by using the application's macro language for their distribution to other documents. They can, for example, infect Microsoft Word DOT and DOC files, as well as Microsoft Excel files.
These viruses belong to cross-platform viruses and can infect both Macintosh systems and PCs.
Other viruses may have features of one or more of the types described above.
* Invisible viruses (slang name - "stealth viruses") during their work try to hide from the operating system and anti-virus programs. To intercept all attempts to use the operating system, the virus must be in memory. Stealth viruses can hide any changes they make to file sizes, directory structures, or other sections of the operating system. This makes them much more difficult to detect. To block stealth viruses, they must be detected while they are in memory.
* Encrypted viruses encrypt their virus code during operation, which allows them to prevent detection and recognition of the virus.
* Polymorphic viruses can change their appearance with each infection. They use mutation mechanisms to change their appearance and make it difficult to detect. Polymorphic viruses can take on more than two billion different forms because they change the encryption algorithm with each infection. Multicomponent viruses infect both boot sectors and executable files. It is one of the most difficult viruses to detect because multicomponent viruses can combine some or all of the stealth and polymorphic virus concealment methods.
* Self-updating viruses that have appeared very recently, capable of secretly updating via the Internet during communication sessions.
* The appearance of unusual system messages.
* Disappearance of files or increase in their size.
* Slowdown of the system.
* Sudden lack of disk space.
* The disc becomes unavailable.
Antivirus software An important method of protecting against viruses is by deploying antivirus software. An antivirus program has three main tasks.
* Virus detection.
* Virus removal.
* Proactive protection.
* Digital Signature Scan is used to identify the unique digital code of the virus. The digital signature is a pre-installed hexadecimal code, the presence of which in the file indicates a virus infection. Digital signature scanning is a highly successful method for identifying viruses. It is, however, entirely dependent on maintaining a database with digital signatures of viruses and the intricacies of the scanning engine. Possibly false detection of a virus in an undamaged file.
* Heuristic analysis (or rule scans) is faster than most traditional scans. This method uses a set of rules to analyze files efficiently and quickly detects suspicious virus code. As noted, all heuristic methods, in one form or another, emulate the execution of the virus code. Therefore, with some experience, a virus developer can protect his "product" from detection by heuristic analysis. Heuristic analysis is prone to false alarms, and, unfortunately, depends on the correctness of a set of virus detection rules, which are constantly changing.
* Memory probe is another method commonly used successfully to detect viruses. It depends on recognizing the location of known viruses and their codes when they are in memory. While memory exploration is usually successful, this method can be resource intensive. In addition, it can interfere with the normal operation of the computer.
* Interrupt monitoring works by localizing and preventing virus attacks that use interrupt calls. Interrupt calls are requests for various functions via system interrupts. Interrupt monitoring, like memory exploration, can also drain significant system resources. It can cause problems with legal system calls and slow down the system. Due to the large number of viruses and legal system calls, interrupt monitoring can have difficulty localizing viruses.
* Integrity control (also known as calculating checksums) examines the characteristics of program files and determines if they have been modified by a virus code. This method does not need a software update because it does not rely on digital signatures from viruses. However, it requires you to maintain a virus-free checksum database of files. Integrity Monitoring is unable to detect passive and active stealth viruses. In addition, it cannot identify detected viruses by name or type. If the antivirus program is memory resident, it monitors viruses continuously. This is a traditional security measure for file servers, as every file must be validated when used. Continuous monitoring can be inappropriate for a client machine because it can process too much information, which slows down the computer. On the client machine, it is preferable to configure the anti-virus program to run at a specific time. For example, it can be launched when the computer boots up or when a new file is read from a floppy disk. Some packages (including the Norton AntiVirus and MacAfee VirusScan described below) use a technique known as a scheduled scan to scan your hard drive for viruses at specified times. Another method is to use an anti-virus program when the computer is idle. For example, it can be used as part of a screen saver program.
1. Programs - detectors detect files infected with one of the known viruses, such programs in their pure form are now rare.
2. Phages or programs - doctors, as well as programs - vaccines not only find files infected with viruses, but also "cure" them, i.e. delete the body of the virus program from the file, restoring the program to the state in which it was before the virus infection. At the beginning of their work, phages look for viruses in the RAM, destroying them, and only then proceed to "cure" files. Polyphages - destroy a large number of viruses. Aidstest, Scan, Norton AntiVirus, Doctor Web.
3. Programs-auditors are among the most reliable means of protection against viruses. Auditors remember the initial state programs, when the computer is not yet infected with a virus, and then periodically compare the current state of the file with the original. If changes are detected, messages are displayed on the display screen. ADinf.
4. Programs - filters or "watchmen" - small resident programs that are permanently located in the computer's memory. They monitor computer operations and detect suspicious computer activity typical of viruses. When any program tries to perform the specified actions, the "watchman" sends a message, and the user can prohibit or allow the execution of the corresponding operation. Filters can detect a virus at an early stage of its existence, but they do not "cure" files and disks.
