Соглашение | Публикация статей

Шторы - calon.by

METHODS OF PROTECTION FROM COMPUTER VIRUSES
Категория: English version

Whatever was not a virus, you need to know the basic methods of protection against computer viruses.
To protect against viruses, you can use:
* General protection of information that are useful as well as insurance against physical damage to the disc, not programs or erroneous actions user;
* Preventive measures to reduce the likelihood of infection;
* Specialized programs to protect against viruses.
Common remedies information useful not only for protection against viruses. There are two main types of funds:
* Copy of the information - the creation of duplicate files and system areas of the disc;
* Distinguish access prevents unauthorized use of information, in particular, protection from changes in programs and data by viruses, not programs and erroneous actions of users.
Despite the fact that the general protection of information is essential to protect against viruses, yet they are not enough. There is a need to use specialized programs to protect against viruses. These programs can be divided into several types: detectors, doctors (Faguy), auditors, doctors, auditors, filters and vaccines (immunizatory).
PROGRAM-detector can detect the files are infected with one of the few known viruses. They check whether the files on a user specified disk specific for this virus, a combination of bytes. When it detects any file on your screen displays a message.
Many detectors have treatment regimens or destruction of infected files.
It should be emphasized that the program detectors can detect only those viruses that are "known". Program Scan firm McAfee Associates and Aidstest DN Can detect some Lozinsky 1000 virus, but a total of more than five thousand! Some detectors, such as Norton AntiVirus or AVSP company "Dialogue-MSU, can adjust to new types of viruses, they need only indicate the combination of bytes inherent in the virus. Nevertheless, it is impossible to develop such a program, which could detect any previously unknown virus.
Thus, the fact that the program has not been identified as infested detectors should not be that it healthy - it can sit any new virus or a slightly modified version of an old virus, unknown program-detectors.
Many detectors (including Aidstest) do not know how to detect contamination of invisible viruses, if such a virus is active in memory. The point is that to read the disc they use functions DOS, and they perehvatyvayutsya virus, which says that all is well. True, Aidstest and other detectors are trying to identify the virus through the viewing of RAM, but against some "hitryh" virus that does not work. So reliable diagnosis program detectors provide only when booting DOS with a clean, sheltered from the floppy disk recording, with a copy of the program-detector should also be started from this disk.
Some detectors, for example, ADinf firm Dialog-Nauka, able to catch the "invisible" viruses, even when they are active. To do this, they read the disk without using the challenges of DOS. True, this method does not work at all drives.
Most detectors have a "Doctor", ie they are trying to restore the infected files or disk area in their original state. Those files that have not been restored, as a rule, are dysfunctional or removed.
Most doctors know how to "treat" only on a fixed set of viruses, so they quickly become obsolete. But some programs may be taught not only how to detect, but also new ways to treat viruses.
This includes AVSP company "Dialogue-MSU."
PROGRAM auditors have two stages of work. First, they remember the status of programs and system disk area (the boot sector and the sector with the table partitioning the hard disk). It is expected that at this point programs and system disks are not infected area. After that, using the auditor may at any time to compare state programs and systemic areas of the disc with the original. On the reported deficiencies identified user.
To check the status of programs and drives held every time you boot the operating system should include a command to run the program auditor in a batch file AUTOEXEC.BAT. This allows you to find any computer virus when he had not yet managed to inflict great harm. Moreover, the same program, the auditor will be able to find a virus damaged files.
Many programs, auditors are very "smart" - they can distinguish between changes in files, such as that caused by the transition to a new version of the program of changes to the virus, and do not cry wolf. The fact is that the virus is usually modify files very specific way and make the same change in different software files. It is clear that in normal circumstances, such changes are almost never found, so the program auditor, record of such changes can confidently report that they are caused by a virus that is.
It should be noted that many of the programs, auditors can not detect contamination "invisible" viruses, if such a virus is active in memory. But some programs, auditors, for example ADinf firm Dialog-Nauka, still know how to do it without using calls for DOS disk (though they do not work at all drives). Other programs often use different half - trying to find the virus in memory, call the challenges of the first line of the file AUTOEXEC.BAT, hoping to work on the "pure" computer, etc. Alas against some "hitryh viruses all this is useless.
To verify that the file whether unchanged, some programs, auditors check the length of the file. But this inspection is not sufficient - some viruses do not change the length of infected files. A more reliable verification - to read the entire file and compute the checksum. Edit the file so that the checksum remains virtually impossible.
Recently, there have been very useful hybrid auditors and doctors, that is Doctor-AUDITOR - programs that not only can detect changes in files and system areas discs, but can change automatically in the event returned to its original state. Such programs can be much more universal than-doctorate programs, because they use in the treatment of pre-stored information on the status of files and areas of the disc. This allows them to remedy the files, even from those viruses that have not been established at the time of writing programs.
But they can not treat all viruses, but only from those who use "standard", known at the time of writing programs, infected files.
There are also software filters that are resident in RAM, and intercept those resorting to the operating system, used by viruses to reproduction and harm, and report them to the user. The user can enable or disable execution of the operation.
Some filters are not "catch" suspicious activities, and inspect the implementation of the program caused by viruses. This is slowing down the computer.
However, the advantages of software filters is very important - they make it possible to detect many viruses at a very early stage, when the virus has not yet managed to reproduce and anything to spoil. In doing so, can be reduced losses from the virus to a minimum.
PROGRAM-VACCINE or IMMUNIZATORY, modify programs and disks in a way that does not affect the work programs, but the virus, of which the vaccination, believes these programs or disks are already infected. These programs are very inefficient.
Neither type of antivirus software separately does not provide complete protection against viruses. The best strategy for protection from viruses is a multilevel, "eshelonirovannaya" defense. Describe the structure of the defense.
Intelligence capabilities in the defense of virus-detection program correspond to inspect the newly acquired software for viruses.
At the front line of defense is software filters. These programs may be the first to report on the virus and prevent infection of the programs and CDs.
The second tier defense program, auditors, program doctors and doctor auditors.
The most profound line of defense - this means access control. They do not allow the virus and the wrong programs, even if they have entered into a computer, corrupt important data.
The "strategic reserves" are archived copies. This allows you to restore the information when it is damaged.
This is an informal description of the methodology allows a better understanding of the use of antivirus tools.


Статьи по теме:

Icons in the design. Stages and stage of development of computer
Robot Helps Salamandra Razgadyvat Riddles Evolution
Zao «Light Kommunikeyshn» confirm its status «Microsot Gold Certified Partner» In 2008
Print Manager
Development of Software Development Projects
Split Access database
COMPUTER CRIME PREVENTION
TYPES LKS
Maintenance of computers in the Framework for IT outsourcing
Gigabit Ethernet Technology
The world software
Optimal cache lifetime for Joomla CMS
Corporate Information System (Crm, Erp, mobile commerce)
Ergonomic organization of the workplace
Hackers, as the subjects of computer crime
HISTORY OF BUILDERS
Windows Media Player
Mobile Trade Optimum - Office Business Representatives
Legal and technical documents
The physical medium for LANs
Three Training from well-known vendors: Especially for «antiviral Decisions»
Planning in the operating system UNIX
Tracing processes in UNIX
Soa-platform Ijanet Free
Development of Iron Industry Or Who Wanted Now Multi Processors
Backing up the blog on Blogspot. Blogger Backup utility
Technology Platform 1C: Enterprise 8 - Areas Development
Aptitude CompactPCI-products of rapid obsolescence
The total points in the organization LAN
Mistakes Windows registry repair
The history of personal computers
What is the codec and where they can be downloaded
Review converters for video
On Legalization. Price Errors!
Why work for a computer is harmful to human health
Robot Tartalo knocking at your door
How to choose the CRM: Develop a short-list CRM systems
Introduction to Windows
Linux set in motion devices: Now in the market
Development and dissemination of computer viruses
Varieties of computer crime
The device Netping Cooler Board Received At Warehouse Company Zao «Light Kommunikeyshn»
Crm system, introduction Crm Systems
Team-quality design of computer
Integration modules PADS in the enterprise software environment
Free software, whether or not to be
Loading the alternative mode
PRINCIPLE OF CONSTRUCTION OF COMPUTER NETWORKS
Free software for everyone!
Memory management Freebsd
Geographic Information Systems (GIS) as a means of collecting and analyzing Geodannyh
Fraud Cell Phones
Automatic Generation of meaningful text of a possible?
Enabling Windows Vista
What is the standard CompactPCI?