Computer Virus
Computer viruses are a destructive program that can replicate itself and proliferation through the network, transmission. Virus code is very small, usually attached to other documents or procedures at the end, so they can easily hide in the system. Ability to self-replicating virus on the network so that it can spread infection to other documents and procedures, once the virus spread to the network very difficult to track down.
In 1987, computer viruses spread in the United States, and the first computer virus "small ball" at the end of the year spread to our country. Since then, has found a virus imported and domestic. So far, computer viruses has risen to more than 20,000 kinds; which can attack more than 90% of micro-computer.
1. The characteristics of computer viruses
(1) the basic characteristics of
(a) infection: a computer virus as a program that can replicate itself to other normal procedures or systems of certain components, such as the disk part of the guide. This is the basic characteristic of the virus program. With the increasingly extensive network developme
nt, computer viruses can be widely disseminated through the network in a short time.
(b) latent: hidden in the infected system the virus does not immediately attack; the contrary, in its pre-attack, the need for a certain period of time or have certain conditions. Within the incubation period, it does not show any disruption of operations, making it difficult to find the virus and the virus can continue to spread. Once a virus outbreak, it can cause serious damage.
(c) can be triggered: Once certain conditions, the virus began to attack. This feature can be triggered is called. Take advantage of this characteristic, we can control its transmission range and frequency of attacks. Conditions may trigger the virus is the default date, time, file type or frequency of the computer to start.
(d) damage: the damage caused by computer viruses are a wide range of - it not only undermines the computer system, delete files, change data, but also occupied system resources, such as disruption of the machine running. Its destruction of the designer's attempt to show.
(2) general characteristics
(a) Express Impact: In 1984, Dr. Fred Kordon allowed to use the UNIX operating system XAX11 / 750 computer for virus experiments. In a number of experiments, computer paralyze the average time is 30 minutes, the shortest period of time for 5 minutes. Typically, if the infected computer associated with the Internet, then the virus can be transmitted in a matter of hours thousands of computers.
(b) it is difficult to eliminate: On the one hand, day after day a new virus or its variants; the other hand, some virus may be eliminated in the resurgence of, for example, re-use when an infected floppy disk.
(c) vector characteristics: the spread of the virus can be used as the normal vector information, thus avoiding the system we set up protective measures. In the normal operating system user, the virus stealthily control system. Users may also consider him the system is running normal.
(d) it is difficult to detect: the virus through a variety of ways beyond our control infection, in addition, with the illegal copying and the popularity of pirated software, virus detection more difficult.
(e) to deceive the characteristics of: viruses often hide themselves to avoid being detected.
2. The structure of computer viruses
Computer viruses usually five components - infection Fu, transmission modules, damage module, trigger module and main control module.
(1) infection at
Infection Fu, also known as virus signatures, a number of figures or characters from the ASCII coding constitute. When the normal procedure of transmission of the virus when it left in the program as a virus infection at the signature. Virus infection in a program intended to, it first checks whether there is any infection site; If so, the procedure has been infected, the virus will not spread it further, and if not, on the transmission of it. The majority follow this one-time transmission of the virus. If the virus does not check the site of infection, it may happen repeatedly transmitted, the length of the program would continue to increase, this situation is rare.
(2) transmission module
This is the transmission module boarding procedures. It completed three tasks: search e
xecutable file or document coverage, to check whether the document has infected Fu, transmitted it - if not found to be infected with FU, on the person boarding procedures Writing virus code.
(3) damage module
It is responsible for the designers of the destruction in accordance with the virus code in an attempt to undermine the implementation of mission, including delete files, delete data, formatted floppy disk and hard disk, reducing the efficiency and reduce the use of computer space.
extensive check(4) trigger module
Its mission is to check whether the trigger conditions (for example, the date, time, resources, and transmission time, interrupt call, start number, etc.). If the conditions are ripe, it return "true" value, and damage mediator module damage, otherwise it return "false" value.
(5) the main control module
Its control of the four modules. In addition, it has procedures to ensure that the infected can
continue to work correctly, the accident would not crash happened.
3. Computer Virus Classification
(1) by the parasitic Category
By parasitic, computer viruses can be divided into lead-virus, file virus and mixed virus. * Boot virus: parasites in the disk guide means those parts of a computer virus. It is a common virus, the use of computer systems do not usually check the guide part of the content is correct weaknesses, and retained in memory and monitor system operation, one has the opportunity to infection and destruction. According to the location of parasites in the disk, it can further be divided into the Master Boot Record boot record viruses and paragraph virus. The former master boot hard drive transmission parts, such as "marijuana" virus, "2708" virus, "porch" virus; Record paragraph of transmission of the virus commonly used hard drive Record paragraphs, such as "small ball" virus, "Girl" virus.
(2) by the consequences of classification
From the consequences of watch, computer viruses can be divided into "benign" viruses and "vicious" virus. "Benign" virus would destroy data or programs, but it will not make com
puter systems paralyzed. Initiator of the virus are most mischievous hackers - they created the virus is not in order to undermine the system, but in order to show off their technical capacity; Some hackers use these viruses to disseminate their political thought and ideas, such as "small ball" virus and "Ambulance car "virus. "Vicious" virus would destroy data and systems, resulting in paralysis of the entire computer, such as the CHI virus, "Porch" virus. Once the virus attack, the consequences will be irreparable.
It should be noted that "dangerous" are a common feature of computer viruses. "Benign" viruses are not dangerous, but the risk of the consequences of relatively light. "Virtuous" is a relative concept. In fact, all computer viruses are malignant.
4. Computer virus detection, elimination and prevention
(1) computer virus detection
At present, caused by computer viruses in software and hardware failures cause increasingly serious damage. Most failures happen with the virus. In the computer by the computer virus infection or virus attack, there will be anomalies. Through the observation of these anomalies, you can determine the computer whether the initial infection of computer
viruses. The following anomalies may indicate that the computer virus has infected your computer:
* Procedures for loading longer than usual.
* The size of executable files change.
* Visit to the hard drive longer.
* Print slowly.
* Screen some strange characters and unusual display.
* Some system failures, such as the system can not access the hard disk.
* The actual memory size significantly smaller.
* Abnormal death.
* Program and data mysteriously disappeared.
* Abnormal sound from loudspeakers.
(2) the elimination of computer viruses
(a) the principle of the elimination of the virus
* Prior to the elimination of the virus, backup all important data to prevent loss.
* Use clean (no virus) the system disk to guide the computer, thereby ensuring that the virus program to kill virus-free environment in the run, otherwise the virus will again have disinfection of infected documents.
* To retain the guidance system of the order in the system will not boot recovery.
* Be careful when operating. Repeatedly to check read and write data until the beginning of the operation did not find any errors.
(b) how to eliminate computer viruses?
At present, in order to eliminate computer viruses, artificial methods or tools can be used; but most use the latter method.
If it is found that part of the hard disk boot record has been destroyed, can be used to restore the correct boot record it. If any documents are found to be infected, use the normal document covering the same name it, or delete the file. All of these are artificial.
(c) the prevention of computer viruses
First, we must rely on the law and the fight against computer viruses. Law must be clear that the deliberate creation and dissemination of computer viruses is a crime. China has pr
omulgated and implemented for the protection of information system security requirements. This reflects the work of computer security has embarked on the legal system. Each person should attach importance to computer security issues. Secondly, we need to develop regulations and the implementation of management measures will be "prevention" as the fight against computer viruses transplantation "major measures." Specific measures include the following:
* The use of an important sector of the computer should be "special plane", with external isolation;
* Do not use a source of unknown or unclear whether the infected floppy disks and CD-ROM;
* Used with caution and common utility software;
* Contains important data in the floppy disk set "write-protected." Writing when the person, the temporary elimination of protection, write protection, after re-setting.
* Regular inspection of computer systems and regular backup procedures;
* Use the hard disk boot. If you use a floppy disk, first of all virus-free floppy disk verificatio
n;
* Do not hesitate to lend to others floppy disk. If you have to lend, should first make a backup disk, and also to re-format the disk;
* When buying a new CD-ROM or floppy disk, use the former should first check the virus; * upgrade to the computer equipped with the latest anti-virus software;
* If possible, install on your computer anti-virus software;
* Strictly forbidden to play games on the computer, because the virus often parasitic in the game software;
* Internet-linked computer online or offline should have anti-virus system (firewall);
* When you discover new viruses, timely reporting to the local computer security departments.
Anti-virus software tools can automatically prevent, detect and eliminate computer viruses. Use anti-virus tool is a speedy, efficient and accurate method. At present, there are many excellent
Anti-virus software tools, such as the KILL 2000, KV300, AV95, etc. and Rising. Use anti-vir
us software should upgrade to the latest version, because new viruses are emerging. Computer viruses and anti-struggle between a computer virus will continue.

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。