Wednesday, April 3, 2013

Anti-virus programs

    For protection against viruses it is possible to use the general means of protection of information, such as information duplication, creation of backup copies, access differentiation. Differentiation of access allows not only to prevent unauthorized use of information, but also to protect data from harmful actions of viruses, at the expense of restriction of access to files.

   For reduction of probability of infection of the computer by a virus it is possible to use preventive measures. For example, to refuse use of portable devices during the work, to be disconnected as from local computer networks, and global networks (in particular, Internet), to refuse e-mail use and so forth. However, as we understands, it isn't real.

   One of the most convenient methods of protection against computer viruses is use of specialized programs. Let's consider the main types of anti-virus programs.

   Programs detectors allow to find the files infected with any known virus. These programs make only computer inspection on existence of viruses. These programs can't treat.

   Programs doctors allow not only to find the files infected with a known virus, but also to make their treatment. At treatment of the infected files the program doctor deletes a virus body from the file, i.e. restores the file in that condition in which it was to infection with a virus.

    Programs auditors work as follows. At the first start they remember data on a condition of programs and system areas of a disk of the computer into which loading sectors, tables of placement of files, the root catalog enter. It is supposed that at this moment of the program and system areas of disks aren't infected. Then at the subsequent checks of the computer of the program auditors compare a condition of files and system areas of a disk to the initial. If there were changes, characteristic for virus actions, they report about it to the user.

    Version of these programs are doctors-auditors. They represent a combination of auditors and doctors, i.e. they can not only find changes in files and system areas of disks, but also in case of changes automatically to return them to an initial condition.

    Programs filters, constantly being in memory of the computer, watch actions which are carried out on the computer. At emergence of the actions indicating existence of viruses, they report about it to the user. It is possible to refer change of files to these actions with the CATFISH and EXE expansion, removal from attribute "only for reading" files, direct recording on a disk, disk formatting, installation "resident" (constantly being in random access memory) programs.

    At emergence of such actions, on the screen of the computer the message on is displayed what action is requested, and what program wishes it to execute. The user can or allow performance of this action, or forbid it.

    Programs filters have one big advantage in comparison with other programs. It is that these programs allow to find many viruses at the earliest stage when the virus didn't manage to breed yet and to spoil something. Thereby it is possible to minimize losses from a virus.

   Programs vaccines are the programs preventing infection of files. The essence of action of these programs is that they change files in a special way. And it isn't reflected in work, but the virus perceives these files as infected and doesn't take root into them. Now the given type of programs practically isn't used.

    There are some main methods of search of viruses which are applied by anti-virus programs. Them treat:
  • scanning;
  • heuristic analysis;
  • detection of changes on a disk;
  • continuous supervision.
   Scanning - the most traditional method of search of viruses which consists in search of codes of known viruses. Programs which work at a scanning basis, are called as polyphagues.

   Polyphagues can find only already known and previously the studied viruses. Therefore programs scanners don't protect the computer from penetration of new unknown viruses.

   The heuristic analysis is used for search of being ciphered and polymorphic viruses. The heuristic analyzer allows to find earlier unknown viruses though their treatment thus happens impossible.

    Detection of changes. Infecting the computer, the virus does changes on a hard disk: changes files or loading records (for example, at files the size, date and creation time can change). Anti-virus programs auditors find such changes and report about it to the user.

   However the programs using this technology, have a shortcoming. It consists what not all changes on the computer are caused by virus invasion.

   Continuous supervision is used by programs, poluchivkshy the name resident monitors. Resident monitors are programs which constantly are in memory of the computer and trace all suspicious actions, carried-out other programs.

    In spite of the fact that consequences of action of computer viruses can be very tragic (before information elimination on the computer), you shouldn't be afraid of them extremely strongly. Modern anti-virus programs almost always can neutralize them

No comments:

Post a Comment