Often hear some "comparative professional" IT staff, said, "Users installed anti-virus software also forget, but a little anti-virus concept is not, thought this will not be poisoned?"
If you want to not poison, more importantly, to learn more about how the virus works, as well as the preservation of antivirus software. Here, hope for the general Enterprise computer users, can provide some adequate "anti-virus concept." You may not be able to "guarantee" anything, but at least you can have a summary of what happens to a computer!
Delicate and fragile boot program
The computer must be turned on first, from the power supply until the operating system loaded, which is commonly known as the "boot program." Since most viruses try to make themselves part of the "Boot program" (so that they are parasitic and infected), you need to know what the whole program is going to be:
1. Power on, if the hardware is OK, proceed to the next step
2. The BIOS (basic input/output system) performs a routine boot check and then takes over the boot program with a preset storage device
3. In accordance with industry-accepted specifications, the default boot device (usually a hard disk drive) to start the software boot program, sequentially load the operating system core, driver ...
4. After the core of the operating system is loaded, you can also load the various resident programs specified by the user (anti-virus software, im software ...) according to the settings.
Each of these boot programs, from this step to the next step, will leave a "hook point." For example, the BIOS system on the motherboard to carry out the storage media boot program, it will be from a fixed location to execute the power-on command, where is the fixed location? We generally do not need to know, but this position is definitely the public specifications.
So, the person who writes the operating system knows the location of the storage media boot, the person who writes the disk maintenance program knows, the person who writes the tool program knows, and the person who writes the virus ... Of course, there are so-called "boot-type viruses".
However, the modern "boot-type virus" is very rare, mainly because after the boot, the loading of the operating system are quite large and complex, this kind of virus is difficult to operate in such a complex boot situation. Most of the current viruses, most of which are selected in the operating system this piece of destruction.
The possibility of not booting is ...
Whether it's windows, Mac OS, Linux or BSD, the start-up of the operating system is made up of sophisticated sequential steps, one ring after another. The operating system typically has to set the processor's operating mode, load the system core, drivers, and drawing interfaces, then load the resident program, and finally give the user the right to use it. If this series of "delicate" but also "fragile" process made a little mistake, the system load can not, the user will say "Ah my computer hangs/when the machine/can't open/dead ..." All kinds of statements:
There is a problem with the driver
The core program is out of the question.
There is a problem with the disk that stores the OS core program
A problem with the resident program of the user
As long as there is a small link error, the operating system may not load properly-fortunately this situation does not occur frequently.
At this end, the above concept sounds simple.
Please introduce the concept of "memory"
No matter which operating system, and so on, the user can execute various application software after the boot program is completed. For example, you can perform a browser, a document handler, a movie playback program ..., the specific behavior is to use the mouse in the application's icon, double-click the left mouse button, yes, it is so "easy."
Just what most people often forget is that there is a very important "component" in the computer called "Memory". When the user presses the power and executes the boot program, one of the important steps of the program is to load the operating system's core "from the storage media into memory".
After the core of the operating system is loaded into memory, the process is as delicate and fragile as the developer's design, which constantly maintains its own core and user application's normal operation. In addition, because the program is written by "person", if the person who writes the program "writes" (whether intentionally or unintentionally), the application may cause the operating system core program to be destroyed and lead to the machine.
What about the virus?
The virus will want to have the following abilities:
Reside in memory and disguise yourself as part of the operating system
In the process of disguise, it is best to let no one, no software found
Try not to interfere with the operation of the original program, lest you be aware
Try to attach yourself (a virus) to someone else (another computer) in as many ways as possible.
If necessary, you can do something useful (or fun) for the author, including stealing a capital, causing damage ...
More knowledge of executable files
Well, if the virus is going to hide itself in memory, first it has to let you "execute" it.
The question is, who would be foolish to execute the virus-if the virus's forehead says "I'm a virus, come on Oh, come and execute Me", will you touch it?
Therefore, the virus writers will find ways and deliberately to let users unknowingly implement, in order to achieve the purpose of "infection."
Therefore, the "executable", is the majority of the virus "parasitic" the main goal.
The so-called executable file is what we call "program", "software", usually such software is also a (or a few) file composition. As already mentioned, the software is loaded into memory to be executed and used by the user, so the author of the software uses the development tool to compile the "original program" into "executable", which is then shipped to the user to be executed by the user.
Previously, executables were fixed in several formats: the extension is. COM,. Exe. BAT, these are executable files. By the time of Windows 7, this has not changed. However, Windows later introduced a number of "rare" executable file formats. Say. DLL is a "Dynamic link library", it is also a "must be attached to the main program" under the executable file;. SCR is a screen saver, it is also a special function of the executable file;. The MSI (Windows Installer package) is usually seen in "installers", but ... It is also an executable file, and some narrative files, like. VBS,. JS ..., they are executable files.
Here is a list of extensions to the executable file, which you should be careful to see, and harmful things can hide in.
Execution is the most dangerous thing.
The problem is that Windows presets hide the extension of the file it recognizes, so, honestly, you don't know exactly what you're doing.
That's okay, everyone, just imagine: when you press the left mouse button on an icon--you must be doing something.
What to do--you must remember: This is the "Red Flag" signal that we "users must pay attention to". If there is something you have to be alert to, there is one other thing besides "someone asked your password".
So, you must remember:
"Be careful when you do something." ”
It's so simple.
Because, a lot of viruses will be attached to executable files, you "poisoning the implementation of". Not only that, the poisoned computers are not clean, they will continue to infect the files in the computer, or send a virus letter, or infect other files on the server ... And such viruses also modify the system settings, making it difficult for users to "even find the wrong" cleanup-sometimes almost impossible.
So, sometimes, a poisoned computer has to be a complete reload, because all executables are infected and unable to recover.
The internet is "the Gate of Hell"
But, I'm afraid there is something really impossible--that's the web!
When you use a browser to connect any page, to be honest ... The gates of hell are open. Because the Web page allows you to do a lot of things, perform many functions--and mostly automatically and you don't know. The normal web page certainly does not complete you, or lets you poison ... However, the abnormal page is actually a lot of miles!
In fact, you know, the browser itself is a "performer", which is itself designed to be "used to perform various functions". Not only that, the operating system has so-called "compatibility" issues, but the browser itself is designed to be so-called "cross-platform", the best all browsers can have the same ability, so that Web developers can write a function--so that all users around the world can use ──gosh! There is no such thing as the realization of world Datong. However, this also lets the Web virus writer have the opportunity ... What is the way to make these virus writers more convenient? Of course, is to write a cross-platform universal virus!
Web viruses form a lot of forms, some will use the so-called "narrative" (JavaScript) constantly bouncing annoying windows, some will secretly put the virus into your computer, and some will directly perform some damn action ... And frankly, this kind of problem is more troublesome than executable poison, because the user simply can't know.
So, antivirus software (or so-called Internet Security) is an exception in this case.
Methods that do not allow the virus to be executed
So, can only rely on the user's careful to prevent the traffic of the virus? We systematically think about what we can do under each link, below are some common "anti-blocking methods" listed:
Every program has to undergo some sort of certification.
In order to keep the user from performing the dirty things that shouldn't be done, the operating system vendor specifies that "every program you execute is checked for it". Oh, you think it's funny? No, that's what the iphone is--although it's not meant to be anti-virus, the closed system is quite secure-because all software shelves are subject to Apple's approval.
Each program (as long as it is considered dangerous) must be used by the user to agree to execute
Windows VISTA/7 under a UAC, as long as you determine that your program is dangerous will jump out to you "OK", this will make the virus "more difficult to infect you silently", but the average person has not been the benefit, may be gas to first turn off this function. But to be fair, it is necessary to be anti-virus and convenient, which is a certain degree of evil.
Install the anti-virus software
Anti-virus software "supposedly" can block the executable virus, and firewall software "supposedly" can prevent attacks from inside and outside the Internet, and you don't say "I do not mess dirty things I do not install anti-virus software"--preferably, you do not want to surf the Internet. Some network worms simply use the so-called "loophole" to drill directly into your computer's memory, and your network is automatically paralyzed. Even if you do nothing, there will be a possibility of poisoning. So be sure to use anti-virus software--whether it's free or paid version.
You have to pay more attention to any "executable" thing.
Indeed, it is the most lethal problem that many people execute the procedure-and incidentally, the virus-
A way to keep viruses from being executed under Windows 7