How many known virus threats do you think there are in the world today? It is impossible even approximately to answer this question, because since their appearance, more and more types of dangerous software appear too quickly, and even many organizations professionally dealing with this problem and developers of various protective tools simply do not have time to respond to their distribution. So to speak, today viruses are growing like mushrooms after rain. But what methods of combating computer viruses are used to protect? To understand this complex issue, you first need to understand what these threats are, what they are, and how they affect computers or the data stored on them.
What are computer viruses?
To begin with, let's find out how computer science views viruses and the fight against them. Under the virus is usually takenmean a small program aimed at performing certain actions in order to harm the operating system, files stored on the hard drive, or even some hardware devices. Yes Yes! You heard right. Viruses can affect hardware by taking control of device drivers or related control applications. As the simplest example, we can cite a software applet that at one time focused maximum illumination on outdated monitors with cathode ray tubes at one point on the screen, which led either to its burnout or to complete damage to the monitor itself. But such threats can be called very rare, and the main types of viruses affect file objects more, incapacitating both operating systems and programs.
But among the relatively new threats, those that engage in espionage and theft of confidential or personal information can be called especially dangerous. It's no secret that money from bank cards most often disappears due to the impact of such software applets and negligence or inattention of the owners themselves.
But the viruses themselves can either be made as a stand-alone software applet, or work on the principle of injecting their own malicious codes into existing files, after which such objects become "infected".
General classification of known virus threats
To understand the methods used to combat computer viruses, it is necessaryunderstand what types of threats can be found in the modern computer world. As they say, you need to know the enemy by sight. Despite the fact that viruses may differ from each other, some of them can be combined into groups using common features for this. Modern computer threats are usually classified according to the following criteria:
- operating systems affected by threats;
- algorithms for the functioning of the viruses themselves;
- degree of impact on computer systems (destructiveness).
This subsection contains four main groups of known threats:
But this is only the main division, and in fact many well-known threats at the present stage of development of computer technologies have clearly transformed, and in such a way that it is impossible to attribute them to any one group. So, for example, you can often find network macro viruses or file-boot threats.
File threats are among the most common and got their name because they infiltrate files (most often executable ones) or create infected copies of them, replacing the originals, which causes installed applications to stop working or work incorrectly.
Load objects use slightly different principles and for the most part prescribeown malicious codes either in boot sectors or in the master boot record of the hard drive (Master Boot Record). Accordingly, when such entries are changed, the operating system may stop loading or begin to work incorrectly, since the virus, through the created entry, starts along with the infected OS.
Network threats, as it is already clear, are mainly aimed at self-transferring from one computer to another, using loopholes in the organization of network structures for this, or getting into the system via e-mail (most often due to the carelessness of the user himself, opening attachments of dubious type and content without first checking with anti-virus software).
Finally, macro viruses mainly target office documents and work on the basis of special scripts that are triggered when files are opened in appropriate editors (for example, those written in Visual Basic).
Speaking about computer viruses and the fight against them, it would be naive to believe that modern threats have selectively affected and affect only Windows or legacy DOS systems. And how many threats have already been identified in the same Google Play store that caused irreparable harm to Android systems? For some reason, it is believed that all UNIX-like operating systems, which include Linux, and Android modifications built in its image and likeness, are not affected by virus threats, since they do not have a system registry as such. But after all, to reduce the performance of devices by loadingsystem resources, viruses can too. And this is not about all kinds of spyware that monitors the actions of users, keyloggers, ransomware or applets that steal personal information. Until some time, "apple" systems were considered invulnerable.
But look how many publications have recently appeared that the same iPhones are disabled quite simply by sending a message to the device containing some text that can hardly be called malicious code. Yes, character set. But the fact remains. When opening such a message, the device "dies".
Considering computer viruses and the fight against them, it is worth saying a few words about exactly what principles of work modern threats use. Among the general features by which classification is made in this direction, the following are usually distinguished:
- presence or absence of ste alth camouflage;
- use of non-standard techniques.
It is very easy to understand the division of viruses on a resident basis. Unlike a non-resident virus, when it affects a system, a resident threat leaves a part of the executable code directly in RAM, that is, some of it is always present in the form of components loaded and executable in RAM. By and large, the same macroviruses, in a sense, can also be called resident, but they are active only inthe period of work of a certain editor, in which the documents associated with it are opened.
Ste alth technology, I think, no need to explain. With regard to viruses, this is the same disguise designed to hide in the system, replacing itself with other objects in the form of supposedly uninfected pieces of information. Very often, this also manifests itself in the interception of requests from the operating system to read, write, or overwrite infected objects. For example, the same macro viruses use the popular method of setting bans on disabling macros or calling the corresponding menus for viewing them.
To a certain extent, self-encryption, directly related to polymorphism, can also be attributed to camouflage attributes, only the technique used is to make it as difficult as possible to recognize the threat by protective means by encrypting the body of the original malicious code with the creation of its polymorphic (modified) copies in such a way that all subsequent clones can be completely different from the original object.
Non-standard methods include principles of maximum deep penetration into the core of the system in order to make their detection difficult. Particularly striking examples include the well-known threat "INTERVENTION" and some varieties of the TRUO virus.
Impact on the system
According to their destructive capabilities and the degree of impact on the OS or these threats are divided as follows:
- harmless (not having a significant effect on the operation of a computer system, with the exception ofreducing free disk space or RAM);
- non-dangerous (having the same signs of exposure as the first group, but accompanied by exposure to various visual or sound effects);
- dangerous (the impact of which can lead to serious failures in the operation of the operating system and programs installed in its environment);
- very dangerous (leading to system crash, damage or deletion of important data, information theft, file encryption, etc.).
But if we talk about the fight against viruses, each user must clearly understand that even if the principle of a destructive effect on the system is not found in the malicious code itself or some branch of it, the threat still cannot be considered safe. The main problem is that through the most seemingly harmless joke viruses, more dangerous threats can easily penetrate into a computer system, which, if not detected in time, can cause very serious damage to the system, and the consequences will become irreversible.
Methods for detecting computer viruses and fighting them
The basic concepts and classification of virus threats are more or less clear. Finally, let's move on to identifying possible means of combating computer viruses of all the types presented above. Modern anti-virus software developers use several fundamental principles that allow them to detect a threat in a timely manner, neutralize it (cure an infected object)or painlessly removed from the system if treatment is not possible. Among the variety of methods to combat viruses, the following can be highlighted:
- scanning (signature analysis);
- heuristic (behavioral) analysis;
- Method of resident monitoring and program change tracking;
- vaccination applications;
- use of firmware.
Scanning by comparing signatures is the most primitive and rather inefficient method, since the system check process only compares with already known signatures stored in extensive databases. As is already clear, it will be extremely difficult to identify new threats that are not in such databases.
To deal with viruses in such a situation, more advanced methods are used. Heuristic analysis has become widespread relatively recently. This principle is based on the fact that security software checks the operation of all programs, identifying possible deviations and the presence of signs of creating copies, placing resident commands in RAM, creating entries in boot sectors, etc. In other words, it checks the possible belonging of some wrong running applet to threats based on their non-standard behavior. For the most part, this technique is most effective in detecting new unknown viruses.
As one of the most powerful means of fighting viruses, special resident monitors are often used to track suspiciousapplication actions, as shown in the description of heuristic analysis. But such methods have a narrow focus.
Vaccination of programs means checking the integrity of applications based on comparing the checksums of files. When mismatches are detected, a warning may be issued or some kind of healing utility may be launched. But ste alth threats cannot be detected by such methods.
Finally, the most effective means of fighting viruses are special hardware and software modules installed in slots with shared bus access and allowing you to control absolutely all processes in the system. They are special controllers that track any changes. Their software part is stored in special areas of the hard disk. That is why the virus will no longer be able to make changes to boot records and sectors, configuration files or executable applets.
First signs of infection
As for the methods of dealing with viruses that the user can use on their own, sometimes the presence of threats in the system can be identified by some typical signs:
- system slows down, freezes, randomly reboots or doesn't boot at all;
- for no apparent reason, the load on the central processor, RAM, hard drive or network increases;
- some files disappear, get renamed or get corrupted;
- free disk space is drastically reduced;
- incomprehensible or provocativemessages and advertisements;
- extraneous visual effects appear or beeps sound;
- installed programs do not work correctly or stop working at all;
- files are corrupted (or encrypted) and cannot be opened;
- the system is completely blocked, etc.
The main directions in the neutralization of threats
Now let's see what methods can be used to successfully counter possible threats. To combat viruses of all known and unknown types, special software is usually used, generally called antiviruses. In turn, such software products can also be divided according to some common features. The following types of programs are mainly used:
- antivirus filters and watchman;
- anti-virus detectors and auditors, some of which also combine the capabilities of doctors;
- vaccinator apps.
The first type of protective means is aimed at preventing the penetration of any type of threat into the system that affects the software environment of the computer. But such utilities are unable to prevent an intrusion when a virus accesses the BIOS. The second category is designed to track the presence of viruses in already infected systems based on the algorithms described above. But the third type of software looks very unusual in its own way. Such tools are able to add data about a possible virus infection to the body of programs, due to which any attempts to change them are prevented.
Programs forfighting viruses in already infected systems
If the system has been attacked by a virus, curing it (unless the impact has reached critical proportions) in most cases is quite simple.
As a rule, to fight viruses and "diseases" of the system, special portable scanners are used that do not require installation on a hard disk (for example, KVRT or Dr. Web CureIt!), Or disk applications, based on which you can create bootable media and check the system before the OS boots (for example, Kaspersky Rescue Disk).
Some methods of manual removal of threats
In some cases, users can counter threats on their own. For the most part, such methods of fighting viruses can be attributed to the neutralization of advertising threats that can be installed as separate applications, browsers can be introduced as extensions (add-ons) or panels.
Threats classified as Malware and Hijackers are usually removed by uninstalling applets, extensions and panels, deleting residual entries from the system registry and files on the hard drive, returning the start page with restoring the search engine in browsers, and deleting all possible subscripts that can be contained in the object type field in the browser shortcut properties (the path to the executable file must end with the name of the browser start file and its extension).
But in generalIt can be noted that the fight against viruses is a rather serious and troublesome business. In practice, most of the known virus threats enter the system through the fault of the user himself, who does not follow the recommended precautions. To protect yourself from a possible invasion of threats, you don’t need to do anything particularly difficult. It is enough to pay attention to such moments:
- download and install programs only from official or trusted sources;
- pay special attention to dubious offers to install partner software products;
- do not visit dubious resources on the Internet, ignoring the warnings of anti-virus programs;
- Check before using external connected media (especially flash drives and memory cards);
- scan email attachments before viewing or downloading;
- restrict access to the computer, disks and information stored on them by setting passwords or encrypting content;
- take measures to combat viruses associated with periodic system checks for their possible presence on the computer;
- timely create archive or backup copies of important data;
- when registering several users on the same terminal, be sure to restart the computer when changing the user;
- use the most powerful standard antiviruses;
- perform constant updating of anti-virus databases if such operations are not provided in automatic mode, or they cannot be performed bydue to lack of Internet access.