home Tips Antivirus protection of information and devices. Protection of information in local computer networks, anti-virus protection. Two-tier client-server architecture

Antivirus protection of information and devices. Protection of information in local computer networks, anti-virus protection. Two-tier client-server architecture

INFORMATICS

Information protection, anti-virus protection.

(1 hour: lecture)

Antivirus tools protection.

The number of people using a computer and cell phone with access to the Internet is constantly growing. This means that the possibility of exchanging data between them by e-mail and through the World Wide Web is increasing. This leads to an increase in the threat of computer infection with viruses, as well as damage or theft of information by other people's malware, because the main sources of distribution malware are e-mail and the Internet. True, infection can also occur through a floppy disk or CD.

Computer virus - it is a purposefully created program that automatically attributes itself to other software products, changes or destroys them. Computer viruses can infect computer programs, lead to data loss and even damage your computer.

Computer viruses can spread and penetrate into the operating and file system of a PC only through external magnetic media (hard and floppy disks, CDs) and through means of computer-to-computer communication.

Malware can be divided into three classes:worms, viruses and trojans.

Worms - This is a class of malware that uses network resources to spread. Use networks, e-mail and other information channels to infect computers.

Viruses - these are programs that infect other programs - they add their own code to them in order to gain control when infected files are launched.

Trojans - programs that perform actions that are not authorized by the user on affected computers, i.e. depending on any conditions, they destroy information on disks, cause the system to freeze, steal confidential information, etc.

depending from habitatviruses can be divided intonetwork, file, boot and file-boot.

Network viruses spread over various computer networks.

File viruses are introduced mainly into executable modules, i.e. to files with COM and EXE extensions.

Boot viruses infect the disk's boot sector or the sector containing the boot program system disk.

File-bootviruses infect files and boot sectors disks.

According to the mode of infectionviruses are separatedfor resident and non-resident.

Residential When a virus infects a computer, it leaves random access memory its resident part, which then intercepts the call operating system to infection objects (files, disk boot sectors, etc.) and infiltrates them.

Non-resident viruses do not infect computer memory and are active for a limited time.

By degree of impact emit non-hazardous viruses that do not interfere with computer operation, dangerous, which can lead to various malfunctions of the computer, and very dangerous the impact of which can lead to loss of programs, destruction of data, erasure of information in the system areas of the disk.

To detect, remove and protect against computer viruses, several types have been developed. special programs, which allow you to detect and destroy viruses. Such programs are called antivirus .

There are the following types antivirus programs:

Programs-detectorsperform a search for a signature characteristic of a particular virus in the RAM and files and, if detected, issue the appropriate message. The disadvantage of such anti-virus programs is that what they can only find viruses that are known to the developers of such programs.

Doctor Programs or flags not only find virus-infected files, but also return files to the initial state. At the beginning of their work, the flags look for viruses in the RAM, destroying them, and only then proceed to the "treatment" of files.

Auditor programsremember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then periodically or at the request of the user compare the current state with the original one. Change detection is displayed on the monitor screen.

Filter programs or watchman, are small resident programs designed to detect suspicious actions during computer operation that are characteristic of viruses:

attempt to correct files with COM and EXE extensions;

changing file attributes;

direct write to disk at an absolute address;

When a virus attack is attempted, the watchman sends a message and offers to prohibit or allow the corresponding actions.

Programs: Vaccines or immunizers are resident programs that prevent file infection.

Signs of a computer virus infection.There are a number of signs that indicate a computer infection:

displaying unintended messages or images on the screen;

submission of unforeseen sound signals;

unexpected opening and closing of the CD-ROM tray;

arbitrary, without your participation, the launch of any programs on the computer;

displaying a warning on the screen about an attempt by any of the programs on your computer to access the Internet, although you did not initiate such behavior in any way (if you have the appropriate anti-virus program installed on your computer).

However, such symptoms are not always caused by the presence of viruses. Sometimes they can be the result of other causes. For example, in the case of mail, infected messages may be sent with your return address but not from your computer.

There are also indirect signs of infection on your computer:

frequent freezes and crashes in the computer;

slow computer operation when starting programs;

inability to boot the operating system;

disappearance of files and directories or distortion of their contents;

frequent access to the hard drive, when the light on the system unit flashes frequently;

Microsoft Internet Explorer freezes or behaves unexpectedly, such as the program window cannot be closed.

In 90% of cases, the presence of indirect symptoms is caused by a hardware or software failure. Despite this, when they appear, we recommend that you conduct a full scan of your computer for viruses.

If you notice that your computer is behaving suspiciously, follow these guidelines.

Do not panic!

Disconnect your computer from the Internet.

Disconnect your computer from local network if it was connected to it.

If the symptom of infection is that you cannot boot from hard drive computer, i.e. the computer gives an error when you turn it on, try booting into failsafe mode or from the Windows emergency boot disk.

Before taking any action, save the results of your work by writing them to external media (floppy disk, CD, flash card).

Install an antivirus program if you haven't already.

Get Latest updates antivirus databases.

Set the necessary anti-virus program settings and run a full scan.

Preview:

To enjoy preview presentations create an account ( account) Google and sign in: https://accounts.google.com

Slides captions:

Information protection, anti-virus protection

A computer virus is a purposefully created program that automatically attributes itself to other software products, changes or destroys them. Computer viruses can infect computer programs, cause data loss, and even disable your computer. Computer viruses can spread and penetrate into the operating and file system of a PC only through external magnetic media (hard and floppy disks, CDs) and through means of intercomputer communication.

Depending on the habitat, viruses can be divided into network, file, boot, and file-boot. Network viruses spread over various computer networks. File viruses infect mainly in executable modules, i.e. to files with COM and EXE extensions. Boot viruses infect the boot sector of a disk or the sector containing the boot program of the system disk. File-boot viruses infect files and boot sectors of disks. Malware classes

According to the method of infection, viruses are divided into resident and non-resident. When a resident virus infects a computer, it leaves its resident part in RAM, which then intercepts the operating system's access to infected objects (files, disk boot sectors, etc.) and infiltrates them. Non-resident viruses do not infect computer memory and are active for a limited time. Malware classes

According to the degree of impact, they distinguish: non-dangerous viruses that do not interfere with the operation of the computer, dangerous ones that can lead to various malfunctions in the computer, very dangerous ones, the impact of which can lead to the loss of programs, data destruction, and erasure of information in the system areas of the disk. Malware classes

To detect, remove and protect against computer viruses, several types of special programs have been developed that allow you to detect and destroy viruses. Such programs are called antivirus programs.

1. Detector programs search for a signature characteristic of a particular virus in RAM and files and, if detected, issue appropriate messages. The disadvantage of such anti-virus programs is that they can only find viruses that are known to the developers of such programs. 2. Doctor programs or phages not only find files infected with viruses, but also return the files to their original state. At the beginning of their work, the flags look for viruses in the RAM, destroying them, and only then proceed to the "treatment" of files. Types of antivirus programs

3. Auditor programs remember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then periodically or at the request of the user compare the current state with the original one. Change detection is displayed on the monitor screen. 4. Programs - vaccines or immunizers - are resident programs that prevent infection of files. Types of antivirus programs

5. Filter programs or watchdogs are small resident programs designed to detect suspicious actions during computer operation, typical for viruses: an attempt to correct files with COM and EXE extensions; changing file attributes; direct write to disk at an absolute address; writing to disk boot sectors; downloading the resident program. When a virus attack is attempted, the watchman sends a message and offers to prohibit or allow the corresponding actions. Types of antivirus programs

There are a number of signs that indicate a computer infection: display of unsolicited messages or images; giving unforeseen sound signals; unexpected opening and closing of the CD-ROM tray; arbitrary, without your participation, the launch of any programs on the computer; displaying a warning on the screen about an attempt by any of the programs on your computer to access the Internet, although you did not initiate such behavior in any way (if you have the appropriate anti-virus program installed on your computer). Signs of a virus infection

Signs of a virus infection There are also indirect signs of infection on your computer: frequent freezes and crashes in the computer; slow computer operation when starting programs; inability to boot the operating system; disappearance of files and directories or distortion of their contents; frequent access to the hard drive, when the light on the system unit flashes frequently; Microsoft Internet Explorer freezes or behaves unexpectedly, such as the program window cannot be closed.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Hosted at http://www.allbest.ru/

Ministry of Education and Science, Youth and Sports of Russia

State higher education institution

"Sevastopol Industrial Pedagogical College"

Course work

Data protection. Antivirus programs

Completed:

student of group TM-13

Moseychuk I.A.

Supervisor:

teacher Petrov V.A.

Sevastopol 2014

Introduction

3. Signs of the appearance of viruses

4. Types of viruses

6. Antivirus tools

11. Antivirus prophylaxis

Conclusion

Literature

Introduction

information computer antivirus program

Information protection - activities to prevent leakage of protected information, unauthorized and unintentional impacts on protected information.

Protection of information from unintentional impact - activities to prevent the impact on the protected information of errors of the user of information, failure of technical and software tools information systems, as well as natural phenomena or other influences that are not intended to change information, associated with the functioning of technical means, systems or with the activities of people, leading to distortion, destruction, copying, blocking access to information, as well as to the loss, destruction or failure of the functioning of the information carrier.

Protection of information from unauthorized access - activities to prevent the receipt of protected information by an interested subject in violation of the established legal documents or by the owner, owner of information of the rights or access rules.

Antivirus program (antivirus) - a specialized program for detecting computer viruses, as well as unwanted (considered malicious) programs in general and recovering files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system with malicious code .

1. Information protection. Antivirus programs

An antivirus program (antivirus) is a specialized program for detecting computer viruses, as well as unwanted (considered malicious) programs in general, and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system.

Protection of information from unauthorized impact - activities to prevent the impact on protected information in violation of established rights and / or rules to change information, leading to distortion, destruction, copying, blocking access to information, as well as loss, destruction or failure of the information carrier.

2. What is a computer virus?

In general, a computer virus is small program, which appends itself to the end of executable files, "drivers", or "settles" in the boot sector of the disk.

When infected programs and drivers are launched, the virus is first executed, and only then control is transferred to the program itself. If the virus "settled" in the boot sector, then its activation occurs at the time the operating system is loaded from such a disk. At the moment when the control belongs to the virus, various unpleasant for the user, but necessary for the continuation of life, are usually performed. this virus actions. This is finding and infecting other programs, data corruption, etc. The virus may also remain resident in memory and continue to harm until the computer is restarted. After the end of the virus, control is transferred to the infected program, which usually works "as if nothing had happened", thus masking the presence of a virus in the system. Unfortunately, very often a virus is detected too late, when most programs are already infected. In these cases, the losses from the malicious actions of the virus can be very large.

Probably the largest number of legends and exaggerations is associated with the problem of computer viruses and their capabilities. Many people, and sometimes entire organizations, are terrified of infecting their machines. In fact, everything is not so scary. In order not to infect your computers, it is enough to follow only a small number of elementary rules, but follow them strictly.

Recently, so-called macro viruses have appeared. They are transmitted), from here, together with documents that provide for the execution of macros (for example, Word text editor documents and their name. Macro viruses are macros that instruct to transfer the body of the virus to other documents and, if possible, perform various harmful actions. The most Currently, macro viruses that infect documents of the Word 6.0/7.0 text editor for Windows and the Excel 5.0/7.0 spreadsheet editor for Windows have become widespread.

3. Signs of the appearance of viruses

To mask a virus, its actions to infect other programs and cause harm may not always be performed, but under certain conditions. After the virus performs the actions it needs, it transfers control to the program in which it is located, and for some time its work does not differ from that of an uninfected one.

All actions of the virus can be performed quite quickly and without issuing any messages, so the user often does not notice that the computer is working with "oddities".

Signs of a virus outbreak include:

* slowdown of the computer;

* the impossibility of loading the operating system;

* Frequent freezes and computer crashes;

* termination of work or incorrect operation of previously successfully functioning programs;

* increase in the number of files on the disk;

* resizing files;

* periodic appearance on the monitor screen of inappropriate system messages;

* Reducing the amount of free RAM;

* noticeable increase in hard disk access time;

* change the date and time of file creation;

* destruction of the file structure (disappearance of files, distortion of directories, etc.);

* Lighting up the signal light of the drive when it is not being accessed.

It should be noted that these symptoms are not necessarily caused by computer viruses, they may be the result of other reasons, so the computer should be periodically diagnosed.

4. Types of viruses

Known software viruses can be classified according to the following criteria:

habitat

way of environmental contamination

impact

algorithm features

Depending on the habitat, viruses can be divided into:

file

boot

file-boot.

Network viruses spread over various computer networks.

File viruses infect mainly in executable modules, i.e. to files with COM and EXE extensions. They can be embedded in other types of files, but as a rule, written in such files, they never get control and, therefore, lose the ability to reproduce.

Boot viruses infect the boot sector of a disk (Boot sector) or the sector containing the system disk boot program (Master Boot Record).

File-boot viruses infect both files and boot sectors of disks.

According to the mode of infection, viruses are divided into:

resident

non-resident.

When a resident virus infects (infects) a computer, it leaves its resident part in RAM, which then intercepts the operating system's access to infected objects (files, disk boot sectors, etc.) and infiltrates them. Resident viruses reside in memory and remain active until the computer is turned off or restarted.

Non-resident viruses do not infect computer memory and are active for a limited time.

According to the degree of impact, viruses can be divided into the following types:

harmless, do not interfere with the computer, but reduce the amount of free RAM and disk space, the actions of such viruses are manifested in any graphic or sound effects

Dangerous viruses that can lead to various computer malfunctions

very dangerous, the impact of which can lead to loss of programs, destruction of data, erasure of information in the system areas of the disk.

5. Basic measures to protect against viruses

In order not to expose the computer to virus infection and to ensure reliable storage of information on disks, the following rules must be observed:

equip your computer with modern anti-virus programs, such as NOD32, Doctor Web, and constantly update their versions

Before reading information stored on other computers from floppy disks, always check these floppy disks for viruses by running anti-virus programs

when transferring archived files to a computer, scan them immediately after unzipping them on the hard drive, limiting the scan area to newly recorded files only

periodically scan computer hard drives for viruses by running anti-virus programs to test files, memory and system areas of disks from a write-protected floppy disk, after loading the operating system from a write-protected system diskette

always protect diskettes from writing when working on other computers, if information is not being written to them

be sure to make archival copies on floppy disks of valuable information

do not leave floppy disks in the pocket of drive A when turning on or rebooting the operating system, in order to prevent infection of the computer with boot viruses, use anti-virus programs for input control of all executable files received from computer networks.

6. Antivirus tools

material carrier information security are specific software and hardware solutions that are combined into complexes depending on the purpose of their application. Organizational measures are secondary to the existing material basis for ensuring information security, therefore, in this section The manual will focus on the principles of building the main software and hardware solutions and the prospects for their development.

A threat to the interests of the subjects of information relations is usually called a potentially possible event, process or phenomenon that, through the impact on information or other components of the CRF, can directly or indirectly lead to damage to the interests of these subjects.

Due to the peculiarities of modern CRF, there are a significant number of different types of security threats to the subjects of information relations.

One of the most common types of threats are computer viruses. They are capable of causing significant damage to the IRC.

Therefore, it is important not only to protect the network or individual means of information exchange from viruses, but also to understand the principles of anti-virus protection by users.

In our country, the most popular anti-virus packages are Kaspersky Anti-Virus and DrWeb.

There are also other programs such as "McAfee Virus Scan" and " Norton Antivirus".

The dynamics of changes in information in this subject area is high, therefore Additional information information on virus protection can be found on the Internet by searching for keywords"virus protection"

It is known that it is impossible to achieve 100% protection of a PC from computer viruses by separate software tools.

Therefore, in order to reduce the potential danger of introducing computer viruses and spreading them through a corporate network, an integrated approach is required that combines various administrative measures, anti-virus protection software and hardware, as well as backup and recovery tools.

Focusing on software and hardware, we can distinguish three main levels of anti-virus protection:

Search and destruction of known viruses;

Search and destruction of unknown viruses;

Blocking the manifestation of viruses

7. Requirements for antivirus programs

The number and variety of viruses is large, and in order to detect them quickly and effectively, an antivirus program must meet certain parameters.

Stability and reliability of work. This parameter, no doubt, is decisive - even the best antivirus will be completely useless if it cannot function normally on your computer, if, as a result of some kind of program malfunction, the computer scan process does not go through to the end. Then there is always the possibility that some infected files have gone unnoticed.

The size of the program's virus database (the number of viruses that are correctly detected by the program). Given the constant appearance of new viruses, the database must be updated regularly - what's the use of a program that does not see half of the new viruses and, as a result, creates an erroneous feeling that the computer is "clean". This should also include the ability of the program to detect various types of viruses, and the ability to work with files various types(archives, documents). Also important is the presence of a resident monitor that checks all new files "on the fly" (that is, automatically, as they are written to disk).

The speed of the program, availability additional features such as algorithms for detecting viruses even unknown to the program (heuristic scanning). This should also include the ability to recover infected files without erasing them from the hard drive, but only by removing viruses from them. Also important is the percentage of false positives of the program (an erroneous detection of a virus in a "clean" file).

Multiplatform (availability of program versions for different operating systems). Of course, if the antivirus is used only at home, on one computer, then this parameter does not have of great importance. But an antivirus for a large organization is simply obliged to support all common operating systems. In addition, when working on a network, it is important to have server functions designed for administrative work, as well as the ability to work with various types servers.

8. Characteristics of anti-virus programs

Anti-virus programs are divided into: detector programs, doctor programs, auditor programs, filter programs, vaccine programs.

Detector programs provide search and detection of viruses in RAM and on external media, and upon detection they issue a corresponding message. There are universal and specialized detectors.

Universal detectors in their work use checking the immutability of files by counting and comparing with a checksum standard. The disadvantage of universal detectors is the impossibility of determining the causes of file corruption.

Specialized detectors search for known viruses by their signature (a repeating piece of code). The disadvantage of such detectors is that they are unable to detect all known viruses.

A detector that can detect several viruses is called a polydetector.

The disadvantage of such anti-virus programs is that they can only find viruses that are known to the developers of such programs.

Doctor programs (phages) not only find files infected with viruses, but also "treat" them, i.e. remove the body of the virus program from the file, returning the files to their original state. At the beginning of their work, phages look for viruses in RAM, destroying them, and only then proceed to "treat" files. Among phages, polyphages are distinguished, i.e. doctor programs designed to find and destroy a large number of viruses.

Given that new viruses are constantly appearing, detection programs and doctor programs quickly become outdated, and regular updates of their versions are required.

Auditor programs are among the most reliable means of protecting against viruses. Auditors remember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then periodically or at the request of the user compare the current state with the original one. The detected changes are displayed on the video monitor screen. As a rule, states are compared immediately after the operating system is loaded. When comparing, the file length, cyclic control code (file checksum), date and time of modification, and other parameters are checked.

Auditor programs have fairly advanced algorithms, detect stealth viruses, and can even distinguish between changes in the version of the program being checked and changes made by the virus.

Filter programs (watchmen) are small resident programs designed to detect suspicious actions during computer operation that are characteristic of viruses.

Such actions may be:

Attempts to correct files with COM and EXE extensions;

Changing file attributes;

Direct write to disk at absolute address;

Writing to disk boot sectors.

When any program tries to perform the specified actions, the "watchman" sends a message to the user suggesting to prohibit or allow the corresponding action. Filter programs are very useful, as they are able to detect a virus at the earliest stage of its existence before reproduction. However, they do not "heal" files and disks. To destroy viruses, you need to use other programs, such as phages. The disadvantages of watchdog programs include their "annoyance" (for example, they constantly issue a warning about any attempt to copy an executable file), as well as possible conflicts with other software.

Vaccines (immunizers) are resident programs that prevent infection of files. Vaccines are used if there are no doctor programs that "treat" this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect their work, and the virus will perceive them as infected and therefore will not take root. Vaccine programs are currently of limited use.

A significant drawback of such programs is their limited ability to prevent infection from a large number various viruses.

9. Brief overview of antivirus programs

When choosing an anti-virus program, it is necessary to take into account not only the percentage of virus detections, but also the ability to detect new viruses, the number of viruses in the anti-virus database, the frequency of its updates, and the availability of additional functions.

Currently, a serious antivirus must be able to recognize at least 25,000 viruses. This does not mean that they are all "free". In fact, most of them have either ceased to exist or are in laboratories and are not being distributed. In reality, you can meet 200-300 viruses, and only a few dozen of them are dangerous.

There are many antivirus programs. Consider the most famous of them.

Norton AntiVirus 4.0 and 5.0 (manufacturer: "Symantec").

One of the most famous and popular antiviruses. The virus recognition rate is very high (close to 100%). The program uses a mechanism that allows you to recognize new unknown viruses.

Norton AntiVirus's interface includes a LiveUpdate feature that allows you to update both the program and the virus signature set via the Web with the click of a single button. Virus Control Master issues detailed information about the detected virus, and also gives you the choice to remove the virus either automatically or more carefully, through a step-by-step procedure that allows you to see each of the actions performed during the removal process.

Anti-virus databases are updated very frequently (sometimes updates appear several times a week). There is a resident monitor.

The disadvantage of this program is the complexity of the settings (although basic settings almost no need to change).

Dr Solomon's AntiVirus (manufacturer: "Dr Solomon" s Software).

Considered one of the most best antiviruses(Eugene Kaspersky once said that this the only competitor his AVP). Detects almost 100% of known and new viruses. A large number of functions, a scanner, a monitor, heuristics and everything you need to successfully resist viruses.

McAfee VirusScan (Manufacturer: "McAfee Associates").

This is one of the most famous antivirus packages. It removes viruses very well, but VirusScan is worse than other packages when it comes to detecting new varieties of file viruses. It is easy and quick to install using the default settings, but you can also customize it to your liking. You can scan all files or only program files, distribute or not distribute the scanning procedure to compressed files. It has many functions for working with the Internet.

Dr.Web (manufacturer: "Dialogue Science")

Popular domestic antivirus. It recognizes viruses well, but there are much fewer of them in its database than other antivirus programs.

Antiviral Toolkit Pro (manufacturer: Kaspersky Lab).

This antivirus is recognized worldwide as one of the most reliable. Despite the ease of use, it has all the necessary arsenal to fight viruses. Heuristic mechanism, redundant scanning, scanning of archives and packed files - this is not a complete list of its capabilities.

Kaspersky Lab closely monitors the emergence of new viruses and releases updates to anti-virus databases in a timely manner. There is a resident monitor to control executable files.

10. Recovery of affected files

In the vast majority of cases, the recovery of infected files is a rather complicated procedure that cannot be done "by hand" without necessary knowledge-- executable file formats, assembly language, etc.

In addition, several tens or hundreds of files are usually infected on the disk at once, and to neutralize them, you need to develop your own anti-virus program (you can also use the capabilities of the anti-virus database editor from the AVP kit).

When disinfecting files, consider the following rules:

it is necessary to test and disinfect all executable files (COM, EXE, SYS, OVL) in all directories of all disks, regardless of file attributes (i.e. read-only, system and hidden files);

it is necessary to take into account the possibility of repeated infection of the file with a virus ("sandwich" of viruses).

The file treatment itself is performed in most cases by one of several standard ways depending on the virus propagation algorithm. In most cases, this boils down to restoring the file header and reducing its length.

11. Antivirus prophylaxis

You should always have a disc burned on a non-infected computer. Burn to this disc latest versions polyphage anti-virus programs such as Doctor Web or Antiviral Toolkit Pro.

In addition to anti-virus programs, it is useful to write drivers for external computer devices to a disk, for example, a CD-ROM driver, programs for formatting disks - format and transferring the operating system - sys, a repair program file system Norton Disk Doctor or ScanDisk.

The disk will be useful not only in case of a virus attack. It can be used to boot the computer in case of damage to the operating system files.

You should periodically check your computer for viruses. Check not only executable files with COM, EXE extension, but also batch files BAT and system disk areas.

If a lot of files are stored on the computer, their scanning by polyphage antiviruses will most likely take a lot of time. Therefore, in many cases, it is preferable to use auditor programs for daily checks, and to subject new and changed files to polyphage checks.

Almost all auditors in the event of a change in the system areas of the disk (main boot record and boot record) allow you to restore them, even if it is not known which virus infected them. The ADinf Cure Module even allows you to remove unknown file viruses.

Almost all modern antiviruses can work correctly even on an infected computer when there is an active virus in its RAM. However, before removing the virus, it is still recommended to boot the computer from a disk beforehand so that the virus cannot interfere with treatment.

Firstly, to restart the computer, you must use the Reset button located on the case system block, or even turn off its power temporarily. Do not use a combination of three known keys to reboot. Some viruses may remain in memory even after this procedure.

Secondly, before restarting the computer from a disk, check the configuration of the computer's disk subsystem, and especially the parameters of disk drives and the operating system boot order (priority boot from disk must be set), recorded in non-volatile memory. There are viruses that cleverly change the settings stored in the computer's non-volatile memory, as a result of which the computer boots from a virus-infected hard drive, while the operator thinks that it is loading from a blank disk.

Be sure to check with antivirus programs all disks and all programs that come to the PC through any media or via modem. If the computer is connected to a local network, you need to scan files received via the network from other users.

With the advent of viruses spreading through macros word processor Microsoft Word and spreadsheet Microsoft Excel, you need to especially carefully check not only the executable files of programs and system areas of disks, but also document files.

It is extremely important to constantly monitor the release of new versions of the anti-virus tools used and timely update them on the disk and computer; use only the latest versions of antiviruses to recover infected files and system areas of the disk.

Conclusion

Despite the widespread use of anti-virus programs, viruses continue to "breed". To cope with them, it is necessary to create more universal and qualitatively new anti-virus programs that will include all the positive qualities of their predecessors. Unfortunately, at the moment there is no such anti-virus program that would guarantee 100% protection against all types of viruses, but some companies, such as Kaspersky Lab, have achieved good results to date.

Protection against viruses also depends on the literacy of the user. The use of all types of protection together will achieve high computer security, and, accordingly, information.

Literature

1. Journal for users personal computers"PC World"

2. Leontiev V.P. "The latest encyclopedia of the personal computer"

3. Scientific Libraries selected natural science publications scientific-library.rf (http://sernam.ru/ss_21.php)

4. http://www.commed.ru/uslugi/zashchita-informatsii/

5. http://ru.wikipedia.org/wiki

Hosted on Allbest.ru

...

Antivirus information protection tools

Given all the potential and actual danger of various viruses, a modern user cannot do without reliable protective equipment.

It is practically impossible to independently control all the processes that can activate the malicious program. Therefore, security must be approached systematically.

A brief instruction on the use of anti-virus information protection tools is as follows:

Emphasize on text editor and make sure that there is protection against macro execution;

Any digital media (flash drives, disks) must be checked before starting anything with their help;

Install a reliable anti-virus program on a PC, moreover, paid and in a complete set;

It is also relevant to periodically back up any important information.

What is worth understanding at the very beginning is the futility of trying to save money on free software. If the use of anti-virus information protection is really important due to the storage of valuable data on a PC, then it is hardly worth using any truncated options.

What you need to know about viruses

This topic is worth considering in order to realize the fact that operating systems are constantly exposed to strong threats. ordinary users and

So, anti-virus information protection tools are focused on countering malware, which can be divided according to the following criteria:

destructive possibilities;

Habitat;

Features of the algorithm underlying the virus;

The method by which the environment is contaminated.

In other words, viruses can be loaded into different elements of the system and have different negative effects. For example, they are able to intrude into boot sectors from a disk or other media, as well as into executable files. In addition, there are quite a few threats that are distributed in the vastness of the network, and can enter the system when loading a specific site or downloading a program.

As for the degree of destructiveness, viruses can be both harmless and extremely dangerous. But in the case of the features of the algorithm, everything is a little more complicated: you can list various options from invisible programs to macro viruses for a long time.

Obviously, there are a lot of existing threats to system software, and their number is constantly growing. Therefore, protecting information with the help of anti-virus programs is becoming an integral part of the everyday life of both ordinary users and large companies.

How to understand that the computer is infected

There are certain signs that are clear evidence of the fact that a virus has been introduced to the PC:

The amount of RAM without objective reasons suddenly and noticeably decreases;

The work of programs that used to function quickly is slowing down;

File sizes are increasing;

Unusual files appear that were not previously seen in the system;

Both audio and video effects, as well as other deviations, may occur.

In a word, noticeable failures are observed in the operation of the operating system during infection. If such signs were recorded, then it is worth checking how effective the current information protection is. are constantly improving, which means that it is worth putting aside the commitment to a particular product and periodically look for the most efficient systems PC protection.

Free antiviruses

This type of counteraction to various threats is quite popular in Runet. Not every user is so careful about his computer to pay for quality software annually. It is for this reason that within the framework of the topic "Instructions for anti-virus information protection" it is worth considering the prospect of using such software.

The bottom line is that the paid antiviruses initially limited in their capabilities. They may have quite good potential, but in most cases you will have to pay for the disclosure of all facets of the product.

The main risk here is the lack of fixation and subsequent blocking of a virus attack while using the Internet, which is very important. In other words, most of these antiviruses are able to detect a threat already when it knocks on the “door” of the operating system, but even then not always. A high-quality protection program always has a rich database of possible viruses, which is constantly updated. As for the free versions, they also contain similar data, but the reliability of detecting threats, including the newest ones, always remains in question.

Some free versions only fix viruses and do not guarantee their complete removal.

Thus, it is worthwhile to understand that free version- this is either a "stripped down" version of the antivirus, or new program, which is just beginning to be promoted on the network. And this means that soon it will become paid, like others.

But there is one possibility that deserves attention and does not require costs. We are talking about a free treating, located on the official website of the company and capable of high-quality scanning of the entire system for threats. Such anti-virus protection of computer information is especially relevant when any problems have already appeared. A striking example of such a utility is the Doctor Web product. Its installation allows you to conduct a one-time check of the PC and restore the damage caused by destroying malicious programs. But in order to use the capabilities of this antivirus on an ongoing basis, you will have to pay.

Types of antivirus programs

All paid antiviruses can be divided into several key groups, each of which is focused on a certain dominant function.

This list looks like this:

Doctor programs;

auditors;

Vaccines;

Filters;

Detectors.

Each of them may be needed in such a difficult and responsible matter as the organization of information security. Anti-virus protection, for example, from the "Doctor" category, is able not only to detect a threat, but also to cure the system, which is an extremely relevant feature. In this case, the body of the virus is removed from the affected file, and the latter is returned to its original state.

Initially, such programs, called phages, search for viruses, and if they find any, then, first of all, they destroy them and only then activate the recovery processes.

If a computer, for various reasons, is constantly exposed to a significant number of threats, then it makes sense to use polyphages, which are designed specifically for such loads.

As for the detectors, they are necessary for a quick search for viruses in various media and RAM in particular. Such anti-virus systems and information protection cannot be considered separately from each other.

Attention should also be paid to filter programs. They are designed to detect suspicious processes in the system. It is thanks to the work of such antiviruses that users periodically see warnings on the monitor that a particular program is trying to perform an incorrect or suspicious action.

Auditor programs are another tool that requires the use of information protection. Anti-virus protection of this type is engaged in detecting stealth viruses and fixing potentially dangerous changes in the system.

Vaccine programs are needed to prevent infection, which is the optimal protection strategy. Their use is especially relevant if reliable filters are not installed on the PC, which means there is a risk that all corrupted files will not be fully restored.

Well-known companies create products that combine all of the above properties.

Steps to help save the system

So, it is obvious that information protection is ensured by the use of anti-virus tools. But for the effective organization of this process, it is worth imagining at least a general algorithm of actions.

Security software is focused on 3 key tasks:

Prevention of infection;

Diagnostics of the state of the operating system and files;

Treatment.

Prevention should be understood as blocking various ways for viruses to access a PC, as well as preventing infection with malware that is already in the system. As for diagnostics, here we are talking about antiviruses that can detect a threat in a computer, as well as identify its specific type.

Treatment is also the tool without which there can be no full-fledged modern protection information. Anti-virus protection of this type first of all removes the detected threats, and then restores the damage caused.

Speaking about the security complex, which is used by virtually all companies and private users, it is worth understanding the total application of all the programs mentioned above.

Also, raising the issue of protection, you need to pay attention to the fact that the use of licensed programs. Pirated versions are always playing with fire.

firewall

In fact, if you translate this word, you get a "wall of fire." With this name, the developers tried to convey key function This tool is a protection that prevents potential threats from connecting to your computer.

And although such software has already been mentioned above, this set of utilities should be given more attention. Due to their action, only those data packets and files that are in accordance with the requirements of the system are skipped.

This utility is a relevant tool, without which full-fledged information protection is impossible. Malicious and constantly evolving, and the latter should work ahead of the curve, that is, prevent infection from the very beginning. Otherwise, you can pay, if not with all the data, but with part of it, which is also a tangible damage.

It is the firewall that helps to get the desired effect in protecting the computer while working on the network. Such firewall is essential for safe Internet browsing. Therefore, you need to select an antivirus program in such a way that it has a similar function, and it is implemented at a decent level.

Basic firewall functions

Considering topics such as information security and antivirus programs, it is worth paying attention to the fact how exactly a firewall works.

So, the most valuable are the following features of such software:

Notifying the user about a fact or an attempt to commit it;

PC access filtering;

Identification of suspicious reactions and processes in the system;

Blocking the ability to change network access settings;

Access control to all networks and nodes;

Protects subnets from spyware access and attempts to steal information.

If we evaluate firewalls by the degree of protection they can provide, then we can distinguish two key types: personal and corporate.

In the first case, we are talking about a network wall, which is relevant for an ordinary user who uses a computer for personal purposes. As for the second type, it is focused on the effective protection of internal networks of various companies. This means it is installed on the gateway between the Internet and the local network.

Accordingly, the settings of such firewalls may differ from the standard versions. But in any case, take care of the availability of high-quality fire wall just necessary.

How to install protection

In order for the antivirus program to protect all the necessary data, you need to follow a few simple steps.

First of all, you should choose the most reliable product (forums and ratings will help here). After you need to purchase its paid version. The following is the installation process, which is no different from the installation regular program. When it is completed, the computer will have to restart and select the current program settings.

Upon completion of this stage, you need to run a PC scan for threats and damage. If viruses are found, the protection will offer to destroy them. It is important to understand that before installing a new antivirus program, it is better to remove the old one, if any.

With the help of this simple algorithm of actions, information protection will be ensured. Anti-virus protection, as a rule, is paid once a year, and the required amount is available to virtually any layman.

The most common antiviruses

So, when choosing the appropriate software to save the working state of your computer, you should pay attention to brands that have managed to establish themselves exclusively on the positive side.

Let's start with the well-known Dr.Web. It effectively identifies, blocks and removes Trojans, network worms, email worms, stealth viruses, threats that affect office applications, password thieves, various malicious scripts and many other types of threats.

A distinctive feature of Dr.Web is its ability to effectively cure an infected computer. If the machine is already in a deplorable state, then you need to opt for this particular antivirus program. Moreover, this product contains one of the most complete and at the same time compact virus databases.

Kaspersky Anti-Virus. This is a Russian product that has become very famous in the post-Soviet space. In this case, it is worth paying attention to the behavioral module. This is a blocker that effectively controls the execution of macros and is able to stop any actions that fall into the category of suspicious ones.

It is the use this module provides reliable protection against macro viruses.

Kaspersky also has an excellent auditor, the main function of which is to track any changes in the system and fix unauthorized processes.

You need to pay attention to such protection tools as a background virus interceptor, a heuristic analyzer, and anti-virus filtering. In other words, the set of protection tools in the product under the brand name "Kaspersky" deserves respect.

Eset NOD32 is also one of the popular security programs. It is perfect for ordinary users, because it gives the desired effect and slightly loads the system. Its use guarantees the proactive detection and neutralization of any threats.

Results

It's obvious that effective protection information is provided by the use of anti-virus tools. Therefore, the acquisition of really high-quality software should be taken seriously.

Today there is no need to prove the need to build anti-virus protection for any information system. According to Western analysts, the global damage from the penetration of viruses, worms, Trojans and other malicious programs ranges from 8 to 12 billion dollars. Suffice it to recall the latest epidemics that swept the whole world (I-Worm.LoveLetter, I-Worm.Nimda, I-Worm.Klez). At the same time, the virus danger is growing more and more every year. This is explained, on the one hand, by the increasing number and variety of computer infections, and, on the other hand, by the vulnerability of local networks due to the penetration of viruses into them from external networks, including via Internet e-mail channels.

But, nevertheless, in practice, anti-virus protection is not given due attention. Even developers of complex information security systems often limit themselves to recommendations on choosing an anti-virus package, and also provide assistance in setting it up.

The danger of infection of computer networks is real for any enterprise, but a virus epidemic can really develop in the local networks of large economic and industrial complexes with a territorially branched infrastructure. Them computer networks, as a rule, were created in stages, using various hardware and software. Obviously, for such enterprises, the issue of anti-virus protection becomes very difficult, not only technically, but also financially.

At the same time, the solution of this issue is achieved by a combination of organizational measures and software and hardware solutions. This approach does not require large technical and immediate financial costs, and can be used for comprehensive anti-virus protection of the local network of any enterprise.

The following principles can serve as the basis for building such an anti-virus protection system:

the principle of implementing a unified technical policy when justifying the choice of anti-virus products for various segments of the local network;
the principle of complete coverage of the entire local network of the organization by the anti-virus protection system;
the principle of continuity of control of the local network of the enterprise, for the timely detection of computer infections;
the principle of centralized management of anti-virus protection;

The principle of implementing a unified technical policy provides for the use in all segments of the local network only anti-virus software recommended by the anti-virus protection department of the enterprise. This policy is long-term, approved by the management of the enterprise and is the basis for targeted and long-term planning of costs for the purchase of anti-virus software products and their further updating.

Completeness principle The system of anti-virus protection of a local network provides for the gradual introduction of anti-virus protection software into the network until it is completely saturated, in combination with organizational and regime measures for protecting information.

The principle of continuity of control The anti-virus state of a local network implies such an organization of its protection, which provides a constant possibility of monitoring the state of the network to detect viruses.

The principle of centralized management of anti-virus protection provides for the management of the system from one body using hardware and software. It is this body that organizes centralized control on the network, receives control data or reports from users from their workplaces on the detection of viruses, and ensures the implementation decisions taken managing the anti-virus protection system.

With these principles in mind, integrated system information security, an anti-virus protection unit is being created, which should solve the following tasks:

acquisition, installation and timely replacement of anti-virus packages on servers and user workstations;
control of the correct use of anti-virus software by users;
detection of viruses in the local network, their prompt treatment, removal of infected objects, localization of infected sections of the network;
timely notification of users about detected or possible viruses, their signs and characteristics.

To solve these problems in the integrated information security system, in addition to information security administrators, anti-virus protection administrators are created. If the LAN is small or well equipped with anti-virus software, then the appointment of a special anti-virus protection administrator is most often inappropriate, since his functions can be performed by the network security administrator.

To organize the functioning of anti-virus protection, it is necessary to develop internal organizational and administrative documents. In addition, the procedures for transmitting messages about viruses from users and notifications of administrators about the facts and possibilities of virus infections of the local network should be determined.

The effectiveness of the created anti-virus protection subsystem also depends on the fulfillment of the following additional conditions:

connection of users' PCs to the corporate network should be made only upon request marked by the anti-virus protection administrator for the installation of licensed anti-virus software (the request is entered into the database with fixation of the license validity period);
the transfer of a PC from one user to another must be carried out with the re-registration of the network connection;
it is expedient to examine the detected viruses at the stand of the information protection unit in order to develop recommendations for their correct neutralization;
in remote structural subdivisions, freelancers responsible for anti-virus protection should be appointed.

The practical implementation of anti-virus protection of information on servers and PCs of the corporate network is carried out using a number of software and hardware methods that are standard, but have their own specifics, determined by the characteristics of the corporate network. These include:

use of anti-virus packages;
archiving information;
information reservation;
maintaining a database of viruses and their characteristics;

Let's consider these methods in more detail.

The main method of anti-virus protection is installation of antivirus packages. The choice of anti-virus software is one of the most important tasks of anti-virus protection, the correct solution of which will further determine the anti-virus security of the system, as well as the cost of maintaining it. The anti-virus tools used must meet the following general requirements:

the system must be compatible with server and PC operating systems;
the anti-virus protection system should not violate the logic of the other applications used;
Availability complete set anti-virus functions necessary to ensure anti-virus control and neutralization of all known viruses;
frequency of updating anti-virus software and guarantees of suppliers (developers) regarding its timeliness.

Unlike other information security subsystems, this area lacks clearly formulated security indicators and corresponding criteria for comparing various anti-virus tools. As a rule, anti-virus systems are compared according to the following indicators: detection, disinfection, blocking, recovery, registration, integrity, updating the database of computer viruses, password protection of anti-virus tools, management tools, design guarantees, documentation.

With comprehensive protection of a local network, it is necessary to pay attention to all possible points of penetration of viruses into the network from the outside.

Figure 1 the general structure of anti-virus protection of a local network is given. At the first level, they protect the connection to the Internet or the network of the communication service provider - this is a firewall and mail gateways, since according to statistics, about 80% of viruses enter from there. It should be noted that no more than 30% of viruses will be detected in this way, since the remaining 70% will be detected only during execution.

The use of antiviruses for firewalls Today it comes down to filtering Internet access while simultaneously checking passing traffic for viruses. The anti-virus scanning carried out by such products is very slow and has a very inconvenience. high level detection, therefore, in the absence of the need to filter the websites visited by users, the use of such products is not appropriate.

All components of the information system involved in the transportation of information and / or its storage are subject to anti-virus protection:

file servers;
workstations;
workstations of mobile users;
backup server;
mail servers.

As a rule, the use of one (basic) anti-virus package to protect the local network seems to be the most appropriate. However, an analysis of the anti-virus market shows that in the case when we are dealing with a large corporate network, this is not always possible due to the heterogeneity of the operating platforms used in the network segments.

The next step after selecting the packages is their testing by the security administrator at a special stand of the information security department. This procedure allows you to identify errors in anti-virus software, evaluate its compatibility with system and application software used on PCs and network servers. Experience shows that such testing is far from superfluous, since the developer is not able to fully explore the process of functioning of his anti-virus tools in real networks. The test results are sent to the package developer, which allows him to make the necessary improvements before the start of the mass installation of the latter.

Modern anti-virus packages contain the following main software components:

monitor (located resident in the computer's RAM and automatically scans objects before launching or opening them; if a virus is detected, the program, depending on the settings, can: delete the infected object, disinfect it, deny access to it);
scanner (performs scanning of objects for viruses at the request of users);
network control center (allows you to organize the management of the AVZ corporate network: manage the components of the package, set schedules for launching the scanner, automatic update anti-virus databases, etc.);
additional modules that provide checking of e-mail and Web pages at the time of receipt of information.

The installation of anti-virus packages and their configuration is performed by specialists of the network maintenance department. The "monitor" and "scanner" programs are installed both on the servers and on the PC, with the former configured to be permanently enabled.

If viruses are detected, users are not recommended to engage in "self-healing", as this can lead to loss of information. In such cases, they should hotline" contact the anti-virus protection administrators who take measures to neutralize viruses and prevent further infection.

The next most important methods of anti-virus protection are archiving and backing up information, which makes it possible to prevent the loss of information in the event of viral infection. Archiving consists in periodically copying system areas of machine storage media to external devices. On servers with the most important information archiving should be carried out with a minimum frequency. Backup information is carried out daily in order to protect it from distortion and destruction.

Anti-virus protection of the local network of a large organization is a complex problem that cannot be reduced to a simple installation of anti-virus products. As a rule, the creation of a separate subsystem is required. AT technical terms When solving this problem, special attention should be paid to testing all newly purchased anti-virus software, as well as installing anti-virus packages on mail servers.

About the author: Oleg Sych, head of the anti-virus laboratory of LLC "Ukrainian Anti-Virus Center"; e-mail [email protected]

Related publications


April 29, 2014 Many companies purchase mobile gadgets at their own expense for employees who often go on business trips. Under these conditions, the IT service has an urgent need to control devices that have access to corporate data, but are outside the perimeter of the corporate network.
February 28, 2014 As you know, the world's first mobile virus Cabir appeared ten years ago. It was designed to infect Nokia phones Series 60, the attack consisted of the appearance of the word "Caribe" on the screens of infected phones. Modern viruses for mobile devices are much more dangerous and diverse.
January 28, 2014 According to the principle of their work virtual machines resemble physical ones. Therefore, for cybercriminals who attack corporate networks to steal money or confidential information, both virtual and physical nodes are attractive.
December 30, 2013 Security Solutions endpoints appeared on the market not so long ago, in fact, after the start of mass deployment in companies of local networks. The prototype of these products was a conventional antivirus to protect a personal computer.

One of the conditions for safe work in the information system is the user's compliance with a number of rules that have been tested in practice and have shown their high efficiency. There are several of them:

Use of software products obtained by legal official means. The probability of having a virus in a pirated copy is many times higher than in officially obtained software.
duplication of information. First of all, you need to save the software distribution media. At the same time, writing to media that allows this operation should be blocked, if possible. Special care should be taken to preserve working information. It is preferable to regularly create copies of work files on write-protected removable storage media. Either the entire file is copied, or only the changes being made. Last option applicable, for example, when working with databases.
Regular system software updates. The operating system must be regularly updated and all security patches from Microsoft and other vendors installed to address existing software vulnerabilities.
Restricting user access to operating system settings and system data. To provide stable operation systems quite often need to limit the capabilities of users, which can be done either using the built-in Windows tools, or with the help of specialized programs designed to control access to a computer.
AT corporate networks application possible group policies on a Windows domain network.
For maximum effective use network resources, it is necessary to restrict the access of authorized users to internal and external network resources and block access of unauthorized users.
Regular use of antivirus tools. Before starting work, it is advisable to run scanner programs and auditor programs. Anti-virus databases must be updated regularly. In addition, it is necessary to carry out anti-virus control of network traffic.
Protection against network intrusions is provided by the use of software and hardware, including: the use of firewalls, intrusion detection / prevention systems IDS / IPS (Intrusion Detection / Prevention System), the implementation of VPN technologies ( Virtual Private network).
Use of authentication tools and cryptography - the use of passwords (simple / complex / non-repetitive) and encryption methods. It is not recommended to use the same password on different resources and disclose information about passwords. When writing a password on sites, you should be especially careful not to allow your password to be entered on a fraudulent duplicate site.
Special care should be taken when using new (unknown) removable media and new files. New removable media be sure to be checked for the absence of boot and file viruses, and the received files - for the presence of file viruses. When working in distributed systems or in systems for collective use, it is advisable to check new removable media and files entered into the system on computers specially allocated for this purpose that are not connected to a local network. Only after a comprehensive anti-virus scan of disks and files can they be transferred to users of the system.
When working with documents and tables received (for example, via e-mail) it is advisable to prohibit the execution of macro commands by means built into text and spreadsheet editors (MS Word, MS Excel) until the full scan of these files is completed.
If you do not intend to write information to external media, then you must block this operation, for example, by programmatically disabling USB ports.
When working with shared resources on open networks (for example, the Internet), use only verified network resources that do not contain malicious content. You should not trust all the information that comes to your computer - e-mails, links to Web sites, messages to Internet pagers. It is strictly not recommended to open files and links coming from an unknown source.

Constantly following these recommendations can significantly reduce the likelihood of infection. software viruses and protects the user from irretrievable loss of information. However, even with scrupulous implementation of all prevention rules, the possibility of PC infection with computer viruses cannot be completely excluded, therefore, methods and means of counteracting malware must be constantly improved and maintained in working condition.

Antivirus information protection tools

The massive distribution of malicious software, the severity of the consequences of its impact on information systems and networks have necessitated the development and use of special anti-virus tools and methods of their application.

It should be noted that there are no antivirus tools that guarantee the detection of all possible virus programs.

Antivirus tools are used to solve the following tasks:

detection of malware in information systems;
blocking the operation of malware;
elimination of the consequences of exposure to malware.

It is desirable to detect malware at the stage of its introduction into the system, or at least before it starts performing destructive actions. If such software or its activities are detected, the virus program must be terminated immediately in order to minimize the damage from its impact on the system.

Elimination of the consequences of exposure to viruses is carried out in two directions:

virus removal;
recovery (if necessary) of files, memory areas.

The procedure for deleting detected malicious code from an infected system must be carried out very carefully. Viruses and Trojans often take special steps to hide their presence in a system, or embed themselves so deeply into it that the task of destroying it becomes quite non-trivial.

System recovery depends on the type of virus, as well as on the time of its detection in relation to the onset of destructive actions. In the event that a virus program is already running in the system and its activity involves changing or deleting data, restoring information (especially if it is not duplicated) may be impossible. To combat viruses, software and firmware are used that are used in a certain sequence and combination, forming methods of protection against malware.

The following virus detection methods are widely used by modern antivirus tools:

scanning;
change detection;
heuristic analysis;
use of resident watchmen;
use of software and hardware protection against viruses.

Scanning- one of the simplest methods for detecting viruses, is carried out by a scanner program that scans files in search of the recognizing part of the virus - signatures. A signature is a unique sequence of bytes that belongs to a particular virus and is not found in other programs.

The program detects the presence of already known viruses for which the signature is defined. To effectively use anti-virus programs that use the scanning method, it is necessary to regularly update information about new viruses.

Method change detection is based on the use of auditor programs that monitor changes in files and disk sectors on a computer. Any virus somehow changes the data system on the disk. For example, the boot sector may change, a new executable file may appear, or an existing one may change, and so on.

As a rule, anti-virus auditor programs determine and remember in special files images of the master boot record, boot sectors of logical disks, characteristics of all monitored files, directories, and numbers of bad disk clusters. Periodically, the auditor checks the current state of the disk areas and the file system, compares it with the previous state, and immediately displays messages about all suspicious changes.

The main advantage of the method is the ability to detect viruses of all types, as well as new unknown viruses.

This method also has disadvantages. With the help of audit programs, it is impossible to detect a virus in files that enter the system already infected. Viruses will be detected only after they multiply in the system.

Heuristic analysis, like the change detection method, allows you to detect unknown viruses, but does not require the preliminary collection, processing and storage of information about the file system.

Heuristic analysis in anti-virus programs is based on signatures and a heuristic algorithm, designed to improve the ability of scanner programs to apply signatures and recognize modified versions of viruses in cases where the code of an unknown program does not completely match the signature, but more general signs of a virus are clearly expressed in a suspicious program, or his behavior pattern. If such codes are detected, a message about a possible infection is displayed. After receiving such messages, it is necessary to carefully check the supposedly infected files and boot sectors with all available anti-virus tools.

disadvantage this method is a large number of false positives of anti-virus tools in cases where a legal program contains code fragments that perform actions and / or sequences characteristic of some viruses.

Method use of resident watchmen is based on the use of programs that are constantly in the RAM of the device (computer) and monitor all the actions performed by other programs. If any program performs suspicious actions typical of viruses (access to write to boot sectors, placing resident modules in RAM, attempts to intercept interrupts, etc.), the resident watchman issues a message to the user.

The use of anti-virus programs with a resident watchdog reduces the likelihood of viruses running on the computer, but keep in mind that the constant use of RAM resources for resident programs reduces the amount of memory available to other programs.

To date, one of the most reliable mechanisms for protecting information systems and networks are software and hardware, as a rule, including not only anti-virus systems, but also providing additional service. This topic is discussed in detail in the section "Software and hardware to ensure the security of information networks".

Just about the complex. Programs. Iron. Internet. Windows

Antivirus protection of information and devices. Protection of information in local computer networks, anti-virus protection. Two-tier client-server architecture

Preview:

Slides captions:

Send your good work in the knowledge base is simple. Use the form below

Similar Documents

Antivirus information protection tools

What you need to know about viruses

How to understand that the computer is infected

Free antiviruses

Types of antivirus programs

Steps to help save the system

firewall

Basic firewall functions

How to install protection

The most common antiviruses

Results

Related publications

Antivirus information protection tools