Clever Geek Ideas

Computer viruses and the fight against them

What do you think, how many known viral threats are there in the world today? It is impossible to answer this question even approximately, since from the moment of their appearance more and more varieties of dangerous software appear too quickly, and even many organizations that are professionally involved in this problem and developers of various protective equipment simply do not have time to react to their distribution. If I may say so, today viruses grow like mushrooms after rain. But what methods of combating computer viruses are used to protect? To understand this difficult issue, you first need to understand what constitute such threats, what they are and how they affect computers or the data stored on them.

What are computer viruses?

First, let's find out how computer science treats viruses and the fight against them. A virus is usually taken to mean a small-sized program aimed at performing certain actions in order to harm the operating system, files stored on the hard drive, or even some "iron" devices. Yes Yes! You heard right. Viruses can affect equipment by intercepting control from device drivers or related management applications. As the simplest example, we can cite a software applet, which at one time focused maximum illumination on obsolete monitors with cathode ray tubes at one point on the screen, which led to either its burn-out or to complete damage to the monitor itself. But such threats can be called a rarity, and the main types of viruses affect file objects more, disabling both operating systems and programs.





Viral Spyware Threats




But among the relatively new threats, those that engage in espionage and theft of confidential or personal information can be called particularly dangerous. It's no secret, after all, that money from bank cards most often disappears due to the impact of such software applets and the carelessness or inattention of the owners themselves.

But the viruses themselves can either be executed in the form of an independent software applet, or they can work on the principle of introducing their own malicious codes into existing files, after which such objects become “infected”.

General classification of known viral threats

To understand the methods used to combat computer viruses, you need to understand what types of threats can be found in the modern computer world. As the saying goes, the enemy needs to know in person. Despite the fact that viruses can differ among themselves, some of them can be grouped using common signs. It is customary to classify modern computer threats by the following criteria:

  • habitat;
  • threatened operating systems;
  • algorithms for the functioning of the viruses themselves;
  • degree of impact on computer systems (destructiveness).

Habitat

In this subsection, four main groups of known threats can be distinguished:









  • file
  • bootable;
  • network
  • macro viruses.

But this is only the main division, and after all, many known threats at the present stage of development of computer technologies have clearly transformed, and so that it is impossible to attribute them to any one group. So, for example, it is often possible to meet network macro viruses or file-boot threats.

Habatat classification of viruses




File threats are among the most common and got their name for the reason that they are embedded in files (most often executable) or create infected copies of them, replacing the originals, because of which installed applications stop working or work incorrectly.

Infected and clean areas of the hard drive




Boot objects use slightly different principles and for the most part write their own malicious codes either in the boot sectors or in the master boot record of the hard disk (Master Boot Record). Accordingly, when changing such entries, the operating system may stop loading or may not work correctly, since the virus starts with the infected OS through the created entry.

Network threats, as already understood, are mainly aimed at transferring information independently from one computer to another, using loopholes in organizing network structures or getting into the system via e-mail (most often due to the carelessness of the user opening the attachments of dubious type and content without preliminary antivirus software verification).

Finally, macro viruses are mainly aimed at office documents and work on the basis of special scripts that work when files are opened in the corresponding editors (for example, written in Visual Basic).

Operating Systems

Speaking about computer viruses and the fight against them, it would be naive to believe that modern threats selectively affected and affect only Windows or legacy DOS systems. And how many threats have already been identified in the same Google Play store that caused irreparable harm to Android-systems? For some reason, it is believed that all UNIX-like operating systems, to which Linux can be attributed, and built on its image and the likeness of Android-modification, are not exposed to virus threats, since they do not have a system registry as such. But viruses can also reduce the performance of devices by loading system resources. And this is not talking about all kinds of spyware programs that monitor the actions of users with keyloggers, ransomware or applets that steal personal information. Until some time, and "apple" systems were considered invulnerable.

IPhone Cracking Message




But look at how many publications have recently appeared that the same “iPhones” are completely disabled by sending messages to the device that contain some text, which can hardly be called malicious code. So, a character set. But the fact remains. When opening such a message, the device “dies”.

Virus Algorithms

Considering computer viruses and the fight against them, it’s worth separately saying a few words about exactly what principles of work are used by modern threats. Among the common signs by which classification is carried out in this direction, the following are usually distinguished:

  • residency;
  • the presence or absence of stealth masking;
  • self encryption;
  • polymorphism;
  • the use of non-standard techniques.

To understand the separation of viruses by residency is very simple. Unlike a non-resident virus, a resident threat when exposed to a system leaves a part of the executable code directly in RAM, that is, some part of it is constantly present in the form of components loaded and executed in RAM. By and large, the same macro viruses in a sense can also be called resident, but they are active only during the work of a certain editor, in which the documents matching it are opened.

Stealth technology, I think, does not need to be explained. In relation to viruses, this is the same disguise intended to hide in the system, replacing itself with other objects in the form of supposedly uninfected pieces of information. Very often, this also manifests itself in intercepting requests from the operating system to read, write or overwrite infected objects. For example, the same macro viruses use the popular method of setting prohibitions on disabling macros or on calling the corresponding menu for viewing them.

To a certain extent, self-encryption directly related to polymorphism can also be attributed to camouflage attributes, only the technique used is to complicate the recognition of threats by means of security by encrypting the body of the original malicious code with the creation of its polymorphic (modified) copy in such a way that all subsequent clones may be completely different from the original object.

Non-standard methods include somewhat different from generally accepted principles of the most deep penetration into the core of a system in order to make it difficult to detect them. Particularly striking examples include the notorious threat of “infection” and some varieties of the virus “TRUO”.

System Impact

According to their destructive capabilities and the degree of impact on the OS or these threats, they are divided as follows:

  • harmless (not particularly affecting the operation of a computer system, with the exception of reducing free disk space or RAM);
  • non-hazardous (having the same signs of exposure as the first group, but accompanied by various kinds of visual or sound effects);
  • dangerous (the impact of which can lead to serious malfunctions in the operation of the operating system and programs installed in its environment);
  • very dangerous (leading to system crash, damage or deletion of important data, information theft, file encryption, etc.).
Ansomware virus blocking computer




But if we talk about the fight against viruses, each user should clearly understand that even if the principle of destructive impact on the system is not detected in the malicious code itself or in some branch of it, it is still impossible to consider the threat safe. The main problem is that through the most seemingly harmless joke viruses, more dangerous threats can easily penetrate the computer system, which, if they are not detected in time, can cause very serious damage to the system, and the consequences will become irreversible.

Computer virus detection and control methods

With the basic concepts and classification of viral threats, clarity is more or less introduced. Finally, we proceed to determine the possible means of combating computer viruses of all the types presented above. Modern anti-virus software developers use several fundamental principles that allow you to detect a threat in a timely manner, neutralize it (cure an infected object) or remove it from the system painlessly if treatment is not possible. Among the whole variety of methods of combating viruses, the following can be especially distinguished:

  • scanning (signature analysis);
  • heuristic (behavioral) analysis;
  • resident monitoring method and tracking of program changes;
  • vaccination applications;
  • use of hardware and software.

Scanning by comparing signatures is the most primitive and quite inefficient method, since in the process of checking the system, it is compared only with already known signatures stored in extensive databases. As already clear, it will be extremely difficult to identify new threats that are not in such databases.

To combat viruses in this situation, more advanced methods are used. Heuristic analysis is widespread relatively recently. This principle is based on the fact that the security software checks the operation of all programs, identifying possible deviations and the presence of signs of making copies, placing resident teams in RAM, creating records in boot sectors, etc. In other words, it is possible that some working applet to threats just on the basis of their non-standard behavior. For the most part, this technique is most effective in detecting new unknown viruses.

As one of the most powerful means of combating viruses, quite often special resident monitors are used that monitor suspicious actions of applications, as was shown in the description of heuristic analysis. But such methods have a narrow focus.

Vaccination programs mean checking the integrity of applications by comparing file checksums. If discrepancies are detected, a warning may be issued or some treatment utility may be launched. But stealth threats cannot be detected using such methods.

Finally, special software and hardware modules installed in connectors with shared access to the bus and allowing to control absolutely all processes occurring in the system are considered the most effective means of combating viruses. They are special controllers that track any changes. Their software is stored in special areas of the hard drive. That is why the virus will no longer be able to make changes to boot records and sectors, configuration files, or executable applets.

First signs of infection

As for the methods of combating viruses that the user can use on his own, sometimes the presence of threats in the system can be detected by some typical signs:

  • the system starts to run slower, freezes, spontaneously reboots or does not boot at all;
  • for no apparent reason, the load on the central processor, RAM, hard drive or network increases;
  • some files disappear, rename or become damaged;
  • free disk space is drastically reduced;
  • incomprehensible or provocative messages and advertising are displayed on the screen;
  • extraneous visual effects appear, or sound signals are issued;
  • installed programs do not work correctly or stop working at all;
  • files turn out to be corrupted (or encrypted) and do not open;
  • the system is completely blocked, etc.

The main directions in neutralizing threats

Now let's see what methods can be used to successfully counter potential threats. To combat viruses of all known and unknown types, special software is usually used, generally called antivirus. In turn, such software products can also be divided according to some common features. The following types of programs are mainly used:

  • antivirus filters and watchmen;
  • anti-virus detectors and auditors, some of which combine the capabilities of doctors;
  • vaccine applications.

The first type of protective equipment is aimed at preventing the penetration of any type of threat into the system that affects the software environment of the computer. But such utilities are unable to prevent intrusion when the virus accesses the BIOS. The second category is designed to track the presence of viruses in already infected systems based on the above algorithms. But the third type of software in its own way looks very unusual. Such tools are able to add to the body of the program data about a possible virus infection, due to which any attempts to change them are suppressed.

Programs to fight viruses in already infected systems

If the system was subjected to a virus attack, it can be cured (if only the impact has reached critical proportions) in most cases, it is quite simple.

KVRT Antivirus Scanner




As a rule, special portable scanners that do not require installation on a hard disk (for example, KVRT or Dr. Web CureIt!), Or disk applications on the basis of which you can create bootable media and check the system, are used to combat viruses and "diseases" of the system. before loading the OS (for example, Kaspersky Rescue Disk).

Some methods for manually deleting threats

In some cases, users can confront threats on their own. For the most part, such methods of combating viruses can be attributed to neutralizing adware threats that can be installed as separate applications, browsers can be introduced as extensions (additions) or panels.

Clean and infected browser shortcuts




To remove threats related to the Malware and Hijackers classes, uninstalling applets, extensions and panels, removing residual entries from the system registry and files on the hard drive, returning to the start page with restoring the search engine in browsers, and deleting all possible posts that are usually used are usually used. can be contained in the object type field in the properties of the browser shortcut (the path to the executable file must end with the name of the browser start file and its extension).

Precautionary measures

But in general, it can be noted that the fight against viruses is a serious and troublesome business. In practice, most known virus threats enter the system through the fault of the user himself, who does not follow the recommended precautions. , . :

  • ;
  • ;
  • , ;
  • ( );
  • ;
  • , , , ;
  • , ;
  • ;
  • , ;
  • ;
  • to constantly update anti-virus databases, if such operations are not provided in automatic mode, or they cannot be performed due to lack of access to the Internet.



More articles:


All Articles