Computer Virus features

Computer viruses generally have the following features:
1. computer Virus procedural (executable) computer viruses, like other legal programs, are executable programs, but they are not a complete program, but parasitic on other executable programs, therefore, it enjoys the power available to all programs. When a virus is running, it competes with valid programs for control of the system. Computer viruses are contagious and destructive only when they run in a computer. That is to say, the control of the computer CPU is a key issue. If the computer runs under normal program control without running a virus program, the computer is always reliable. On this computer, you can view the name of the virus file, the computer virus code, print the virus code, or even copy the virus program, but it will not be infected with the virus. Anti-Virus technicians work in such environments all day long. Although their computers also contain various computer virus code, the computer does not run virus programs and the entire system is safe. On the contrary, once a computer virus runs on a computer, a virus program and a normal system program in the same computer, or a virus and other virus programs compete for control of the system will often cause a system crash, computer paralysis. Anti-virus technology requires obtaining the control right of the computer system in advance to identify the code and behavior of computer viruses and prevent them from obtaining control of the system. The advantage and disadvantage of anti-virus technology lies in this aspect. A good antivirus system should not only reliably identify the code of known computer viruses, but also prevent them from running or bypassing their control over the system (to enable the safety belt virus to run the infected program ), it should also identify the behavior of unknown computer viruses in the system to prevent them from infecting and damaging the system.
2. Computer Viruses
Infectious is the basic feature of viruses. In the biological world, viruses spread from one organism to another. Under appropriate conditions, it can produce mass reproduction, allowing infected organisms to exhibit illness or even death. Similarly, computer viruses spread from infected computers to uninfected computers through various channels. In some cases, computer viruses may cause computer malfunction or even paralysis. Unlike bioviruses, computer viruses are a piece of manually compiled computer program code that can be executed once entered into a computer well, it will search for other procedures or storage media that meet the infectious conditions, determine the target, and then insert its own code into it to achieve the goal of self-propagation. As long as a computer is infected, if it is not processed in time, the virus will spread quickly on the computer, and a large number of files (generally executable files) will be infected. Infected files have become a new source of infection, and data is exchanged with other machines or accessed through the network, the virus will continue to infect.
Normal computer programs generally do not forcibly connect their own code to other programs. But the virus can force its own code to spread to a program that is not infected that meets its infectious conditions. Computer viruses can infect other computers through various possible channels, such as floppy disks and computer networks. When you find a virus on a machine, the floppy disk that you used on this computer is often infected with the virus, other computers connected to the machine may also be infected with the virus. Infectious or not is the most important condition for determining whether a program is a computer virus.
Virus programs can infect and spread viruses by modifying disk sector information or file content and embedding itself into it. The embedded program is called the Host Program.
3. Computer Virus Latent
A well-developed computer virus program will not attack immediately after entering the system. It can be hidden in legal files within weeks, months, or even years to infect other systems, instead of being discovered, the better the latent activity, the longer the system will exist, and the larger the virus scope will be.
The first manifestation of latent performance is that virus programs cannot be checked out without special detection programs. Therefore, viruses can be kept in a disk or tape for a few days or even a few years. Once the time is ripe, if we get the opportunity to run, we have to multiply, spread, and continue to harm us. The second manifestation of the latent nature refers to the fact that computer viruses often have a trigger mechanism internally. When the trigger conditions are not met, computer viruses do not cause any damage except for the virus. Once the trigger conditions are met, some of them display information, graphics, or special identifiers on the screen, and others destroy the system, such as formatting disks, deleting disk files, encrypting data files, locking the keyboard, and deadlock.
4. Computer Virus triggering
A virus, due to an event or numeric value, induces the virus to be infected or attacked. In order to conceal itself, the virus must dive down and do less action. If they do not move at all and remain latent, the virus will not be infected or damaged, and the damage will be lost. A virus must be concealed and lethal. It must be trigger-able. The virus trigger mechanism is used to control the frequency of infection and destruction. Viruses have predefined trigger conditions, which may be time, date, file type, or certain data. When a virus is running, the trigger mechanism checks whether the specified conditions are met. If the conditions are met, the system starts the infection or damage action to infect or attack the virus. If the conditions are not met, the virus continues to lurk.
5. Computer Viruses
All computer viruses are executable programs, and these executable programs must run. Therefore, for the system, all computer viruses share a common hazard, that is, to reduce the efficiency of computer systems and occupy system resources, the specific situation depends on the virus programs that invade the system.
At the same time, the destruction of computer viruses depends mainly on the purpose of the computer virus designer. If the purpose of the virus designer is to completely damage the normal operation of the system, the consequences of such a virus against computer systems are unimaginable. It can destroy part of the system's data or destroy all the data and make it unrecoverable. However, not all viruses cause severe damage to the system. Sometimes there are several viruses that do not have much damage to each other, which can lead to system crashes and other major consequences.
6. Attack Initiative
Virus attacks on the system are active and are not transferred by human will. That is to say, to a certain extent, no matter how strict protection measures are taken by computer systems, it is impossible to completely eliminate virus attacks against the system, protection measures are at best a preventive measure.
7. virus targeting
Computer viruses are targeted at specific computers and specific operating systems. For example, for 1 bm pc and compatible machines, for Macintosh of App1e, and for UNIX operating systems. For example, the ball virus is targeted at DOS operating systems on IBM PCs and compatible hosts.
8. Non-authorization of Viruses
The virus is executed without authorization. Generally, a normal program is called by the user, and then the system allocates resources to complete the tasks handed over by the user. Its purpose is visible and transparent to users. The virus has all the features of a normal program. It is hidden in a normal program. When a user calls a normal program, the system's Control Right is stolen and executed before the normal program, the action and purpose of the virus are unknown to the user and are not permitted by the user.
9. Concealment of Viruses
Viruses are generally short and concise programs with high programming skills. It is usually attached to a normal program or the disk is relatively hidden, and some appear in the form of implicit files. The purpose is to prevent users from discovering its existence. Without code analysis, virus programs are not easy to distinguish from normal programs. Generally, a computer virus program can infect a large number of programs in a short period of time after obtaining control of the system without protection measures. In addition, after being infected, the computer system can still run normally, so that the user does not feel any exceptions, as if nothing had happened in the computer. Imagine that if the computer cannot run normally immediately after the virus is transmitted to the computer, it will not be able to continue its transmission. It is precisely because of its concealment that computer viruses spread and wander around millions of computers in the world without being noticed by users.
Most of the virus code is designed very short to hide it. Generally, the virus is several hundred or 1 KB, while the PC can Access DOS Files at a speed of several hundred KB per second, therefore, the virus can immediately attach a few hundred bytes to a normal program, making it very difficult to detect.
Computer viruses are concealed in two aspects:
First, the concealment of infection. Most viruses are extremely fast during transmission, and generally do not have external performance and are not easy to be detected. Let's imagine that if a computer virus shows a message on the screen every time it is infected with a new program, "I am a virus program, I want to do something bad ", then computer viruses have long been under control. It is true that some viruses are "very brave to expose themselves" and sometimes show some patterns or information on the screen, or play a piece of music. At this time, many copies of the virus exist in the computer. Many computer users have no idea about computer viruses, let alone their psychological vigilance. They saw the novelty of Screen Display and sound effects and thought they were from computer systems, without realizing that these viruses were damaging computer systems and creating disasters.
Second, the concealment of virus programs. Common virus programs are caught in normal programs and are difficult to detect. Once a virus attack occurs, computer systems are often damaged to varying degrees. In most cases, virus-infected computers can still maintain some of their functions. The whole computer cannot be started as soon as it is infected with viruses, or once a program is infected with viruses, it is damaged and cannot run. In this case, the virus will not spread to the world. Computer Virus design is also here. After a normal program is infected with computer viruses, its original functions are basically not affected, and the virus code is attached to it to survive, so that more replicas can be transmitted continuously, compete with normal programs for system control and disk space, constantly damaging the system, resulting in paralysis of the entire system. The virus code is well-designed and short.
10. Virus vigilance
This feature provides some good idea with a shortcut to create new viruses.
According to the analysis of the computer virus structure, the damage part of the infection reflects the designer's design philosophy and purpose. However, this can be arbitrarily changed by others who have mastered the original principle in their personal attempt, thus, a new computer virus (also known as a variant) is derived from the original version ). This is the adequacy of computer viruses. This virus variant may cause more serious consequences than the original version.
11. Parasitic (dependent) of Viruses)
Virus programs are embedded into the host Program and rely on the execution of the Host Program to survive. This is the parasitic nature of computer viruses. After a virus program invades the Host Program, it generally modifies the Host Program. Once the Host Program is executed, the virus program is activated to perform self-replication and propagation.
12. unpredictability of Viruses
From the aspect of virus detection, the virus is still unpredictable. Different types of viruses have different codes, but some operations are common (such as resident memory and change interruption ). Some people use this commonality to create programs that claim to be able to query all viruses. This type of program can indeed detect some new viruses. However, due to the wide variety of software, some normal programs also use virus-like operations and even some virus technologies. Using this method to detect viruses will inevitably cause a large number of false positives. In addition, the virus production technology is constantly improving, and the virus is always ahead of the anti-virus software. The new generation of computer viruses are even invisible to some basic features.