METHODS OF PROTECTION FROM COMPUTER VIRUSES
Whatever was not a virus, you need to know the basic methods of protection against computer viruses.
To protect against viruses, you can use:
* General protection of information that are useful as well as insurance against physical damage to the disc, not programs or erroneous actions user;
* Preventive measures to reduce the likelihood of infection;
* Specialized programs to protect against viruses.
Common remedies information useful not only for protection against viruses. There are two main types of funds:
* Copy of the information - the creation of duplicate files and system areas of the disc;
* Distinguish access prevents unauthorized use of information, in particular, protection from changes in programs and data by viruses, not programs and erroneous actions of users.
Despite the fact that the general protection of information is essential to protect against viruses, yet they are not enough. There is a need to use specialized programs to protect against viruses. These programs can be divided into several types: detectors, doctors (Faguy), auditors, doctors, auditors, filters and vaccines (immunizatory).
PROGRAM-detector can detect the files are infected with one of the few known viruses. They check whether the files on a user specified disk specific for this virus, a combination of bytes. When it detects any file on your screen displays a message.
Many detectors have treatment regimens or destruction of infected files.
It should be emphasized that the program detectors can detect only those viruses that are "known". Program Scan firm McAfee Associates and Aidstest DN Can detect some Lozinsky 1000 virus, but a total of more than five thousand! Some detectors, such as Norton AntiVirus or AVSP company "Dialogue-MSU, can adjust to new types of viruses, they need only indicate the combination of bytes inherent in the virus. Nevertheless, it is impossible to develop such a program, which could detect any previously unknown virus.
Thus, the fact that the program has not been identified as infested detectors should not be that it healthy - it can sit any new virus or a slightly modified version of an old virus, unknown program-detectors.
Many detectors (including Aidstest) do not know how to detect contamination of invisible viruses, if such a virus is active in memory. The point is that to read the disc they use functions DOS, and they perehvatyvayutsya virus, which says that all is well. True, Aidstest and other detectors are trying to identify the virus through the viewing of RAM, but against some "hitryh" virus that does not work. So reliable diagnosis program detectors provide only when booting DOS with a clean, sheltered from the floppy disk recording, with a copy of the program-detector should also be started from this disk.
Some detectors, for example, ADinf firm Dialog-Nauka, able to catch the "invisible" viruses, even when they are active. To do this, they read the disk without using the challenges of DOS. True, this method does not work at all drives.
Most detectors have a "Doctor", ie they are trying to restore the infected files or disk area in their original state. Those files that have not been restored, as a rule, are dysfunctional or removed.
Most doctors know how to "treat" only on a fixed set of viruses, so they quickly become obsolete. But some programs may be taught not only how to detect, but also new ways to treat viruses.
This includes AVSP company "Dialogue-MSU."
PROGRAM auditors have two stages of work. First, they remember the status of programs and system disk area (the boot sector and the sector with the table partitioning the hard disk). It is expected that at this point programs and system disks are not infected area. After that, using the auditor may at any time to compare state programs and systemic areas of the disc with the original. On the reported deficiencies identified user.
To check the status of programs and drives held every time you boot the operating system should include a command to run the program auditor in a batch file AUTOEXEC.BAT. This allows you to find any computer virus when he had not yet managed to inflict great harm. Moreover, the same program, the auditor will be able to find a virus damaged files.
Many programs, auditors are very "smart" - they can distinguish between changes in files, such as that caused by the transition to a new version of the program of changes to the virus, and do not cry wolf. The fact is that the virus is usually modify files very specific way and make the same change in different software files. It is clear that in normal circumstances, such changes are almost never found, so the program auditor, record of such changes can confidently report that they are caused by a virus that is.
It should be noted that many of the programs, auditors can not detect contamination "invisible" viruses, if such a virus is active in memory. But some programs, auditors, for example ADinf firm Dialog-Nauka, still know how to do it without using calls for DOS disk (though they do not work at all drives). Other programs often use different half - trying to find the virus in memory, call the challenges of the first line of the file AUTOEXEC.BAT, hoping to work on the "pure" computer, etc. Alas against some "hitryh viruses all this is useless.
To verify that the file whether unchanged, some programs, auditors check the length of the file. But this inspection is not sufficient - some viruses do not change the length of infected files. A more reliable verification - to read the entire file and compute the checksum. Edit the file so that the checksum remains virtually impossible.
Recently, there have been very useful hybrid auditors and doctors, that is Doctor-AUDITOR - programs that not only can detect changes in files and system areas discs, but can change automatically in the event returned to its original state. Such programs can be much more universal than-doctorate programs, because they use in the treatment of pre-stored information on the status of files and areas of the disc. This allows them to remedy the files, even from those viruses that have not been established at the time of writing programs.
But they can not treat all viruses, but only from those who use "standard", known at the time of writing programs, infected files.
There are also software filters that are resident in RAM, and intercept those resorting to the operating system, used by viruses to reproduction and harm, and report them to the user. The user can enable or disable execution of the operation.
Some filters are not "catch" suspicious activities, and inspect the implementation of the program caused by viruses. This is slowing down the computer.
However, the advantages of software filters is very important - they make it possible to detect many viruses at a very early stage, when the virus has not yet managed to reproduce and anything to spoil. In doing so, can be reduced losses from the virus to a minimum.
PROGRAM-VACCINE or IMMUNIZATORY, modify programs and disks in a way that does not affect the work programs, but the virus, of which the vaccination, believes these programs or disks are already infected. These programs are very inefficient.
Neither type of antivirus software separately does not provide complete protection against viruses. The best strategy for protection from viruses is a multilevel, "eshelonirovannaya" defense. Describe the structure of the defense.
Intelligence capabilities in the defense of virus-detection program correspond to inspect the newly acquired software for viruses.
At the front line of defense is software filters. These programs may be the first to report on the virus and prevent infection of the programs and CDs.
The second tier defense program, auditors, program doctors and doctor auditors.
The most profound line of defense - this means access control. They do not allow the virus and the wrong programs, even if they have entered into a computer, corrupt important data.
The "strategic reserves" are archived copies. This allows you to restore the information when it is damaged.
This is an informal description of the methodology allows a better understanding of the use of antivirus tools.
Статьи по теме:
The Office of visualizationConcentrators Ethernet NetGearMore WinRAR 3.70 RU FinalMikrokontrolleryne SystemABOUT personal characteristics COMPUTER CRIMINALSLinear Magnetic Recording Dlt (Dlt-V/Sdlt/Dlt-S4) WAYS OF COMPUTER CRIMESWindows Vista: When ends DiskspaceGoogle on the Internet malicious softwareIncreases user rights Completed work on setting up a new product Alee Archive 3 for work with DBMSIt is fake? Theft of computer data3Ds Max 2008 (Rip)The total points in the organization LANWhat file compression better?The structure of the PC Mobile Trade Optimum - Office Business RepresentativesThe advent of IBM PC Black Banner - or the threat of new technologies? Network Installing Systems Videonablyudeniya In OfficeMobile Commerce, Mobile Commerce SystemMonitoring computer facts Spam and how to cope with it The program 1S Accounting Enterprise 8Backing up the blog on Blogspot. Blogger Backup utilityNETGEAR NetworkVisual work for the computer and its consequencesMore Software to create an electronic catalog SzagsThe organization and classification of printers Legal and technical documents Computer virusSystemic and local bus Greedy cabinet creators Spyware is testing! Integration Ibm Rational Clearquest and Microsoft Project - The key to successful planningPotential voltage stabilizers for the protection of the personal computer Erg-exercises to improve postureCare home PC Perfect System Digital Surveillance Uniteco Dvs Gigabit Ethernet TechnologyVARIETY COMPUTER VIRUSESHold printingWindows Media PlayerBus EISA Software for businesses - to add efficiency to business SWISH Max or Flash animation effectsMicrosoft Great Plains to customers in Russia: how to find a consultant and the most frequent questionsNew CCTV: Monitor Smartec STM-193 with a diagonal 19 " Robot Helps Salamandra Razgadyvat Riddles EvolutionPotential problems in WindowsThe process of software development, the Program for BusinessGeographic Information Systems (GIS) as a means of collecting and analyzing GeodannyhPen plotters (PP, PEN PLOTTER)Repair & servicing Windows registry