Clever way to keep viruses from being executed under Windows 7

Source: Internet
Author: User

Often hear some "more professional" IT staff said, "Users installed anti-virus software also forget, but a little anti-virus concept is not, think this will not be poisoned?"

To not be poisoned, more importantly, to further understand the operation of the virus, as well as the security of anti-virus software. Here, hope for the general Enterprise computer users, can provide some adequate "anti-virus concept." You may not be able to "guarantee" anything, but at least you can have a skeleton understanding of what happened to the computer!

Delicate and fragile boot process

The computer must be turned on first, from the power to the operating system to complete the load, which is commonly known as the "power-on program." Since most viruses will try to make themselves part of the "Boot program" (for parasitic and infected), you need to know what steps the entire program has:

1. Power on, if the hardware is normal then proceed to the next step

2. BIOS (Basic input/output system) perform routine boot check and then take over the boot program with a preset storage device

3. According to the industry recognized specifications, the preset boot device (usually the hard disk drive) started the software boot program, loading the operating system's core, driver ...

4. After the operating system core load, can also be based on the settings, loading the user specified a variety of resident programs (anti-virus software, im software ...)

Each of these boot programs, from this step to the next step, will leave a "hook point." For example, the BIOS system on the motherboard to carry out the storage media boot program, it will be from a fixed location to execute the boot command, where is the fixed position? We don't need to know, but this position is definitely a public specification.

So, the person who writes the operating system knows the storage media to boot the position, the person who writes the disk maintenance program also knows, writes the tool program the person to know, but writes the virus the person ... Of course, so there is the so-called "boot-type virus."

However, the modern "boot virus" is very rare, mainly because after the boot, the operating system is very large and complex, this kind of virus is difficult in such a complex boot condition can be normal operation. Most viruses at the moment are mostly chosen to be destroyed in the operating system piece.

The possibility of not powering up ...

Whether it's windows, Mac OS, Linux, or BSD, the initial loading of the operating system is made up of sophisticated sequential steps, one loop after another. The operating system usually has to set the processor mode of operation, load the system core, driver and drawing interface, then load the resident program, and finally the right to use the user. If this series of "delicate" but also "fragile" the process of a little mistake, the system can not load, users will say "Ah my computer hung/when the machine/Can't open/die ... Various statements are:

There's something wrong with the driver.

There's something wrong with the core program.

There is a problem storing the OS core program disk

There was a problem with the resident program of the user

As long as there is a minor error, the operating system may not load properly--fortunately this situation does not happen often.

So far, the above concept sounds simple?

Please introduce the concept of "memory"

No matter which operating system, the user can execute various application software after the boot program completes. For example, you can execute browser, document processing program, movie playback program ..., the specific behavior is to use the mouse in the application icon, press two consecutive mouse left button, yes, is so easy.

Just what most people often forget is that there is a very important "component" in the computer called "Memory". When the user presses the power and executes the boot process, one of the most important steps of the program is to load the operating system's core "from storage media into memory."

After the core of the operating system is loaded into memory, it is as delicate and brittle as the developer's design to maintain the normal operation of its own core and user applications. In addition, because the program is "human" written, if the person writing the program "write" (whether intentionally or unintentionally), the application may cause the operating system core program is destroyed and caused by the machine.

What about the virus?

The virus would like to have the following capabilities:

Resident in memory, pretending to be part of the operating system

In the process of camouflage, it is best to let no one, no software found

Try not to interfere with the operation of the original program to avoid being detected.

To attach oneself (a virus) to someone else (another computer) in every way possible.

If necessary, you can do something useful (or playful) to the author, including stealing a capital, causing damage ...

More knowledge of executable files

Well, if the virus is going to hide itself in memory, first it has to let you "execute" it.

The question is, who is going to execute the virus innocently--if the virus's forehead says, "I'm a virus, come on, come on, execute me," Will you touch it? Definitely not!

Therefore, the writer of the virus will find ways and means to make the user unknowingly execute, in order to achieve the purpose of "infection".

Therefore, "executable file", is the majority of viruses "parasitic" the main goal.

The so-called executable file, is what we call "program", "Software", usually this kind of software is also a (or several) files constitute. As has been said before, software is loaded into memory to be executed and used by the user, so the author of the software uses development tools to compile "original program" into "executable file" and then ship it to the user so that the user can execute it.

Previously, executables had only fixed several formats: the extension was. COM,. Exe. BAT, these are executable files. In the Windows 7 era, this has not changed. However, Windows later introduced a number of "relatively rare" executable file formats. Say. A DLL is a "Dynamic link library" and is an executable file that "must be attached to the main program";. SCR is a screen saver, it is also a special function of the executable file;. MSI (Windows Installer Package) is commonly found in "Setup", but ... It is also an executable file; some narrative files, like. VBS,. JS ..., they are also executable files.

Here is a list of extensions for executable files, and you should be careful when you see such extensions, and the harmful things can be hidden in them.

Execution is the most dangerous thing.

The problem is that Windows presets hide the extensions of the files that it recognizes, so, to be honest, you don't know what you're doing.

That's okay, guys. Just imagine: When you press the left mouse button on an icon, you must be doing something.

What to do--you must remember: This is the "Red Flag" signal that our "users must pay attention to". If there is one thing you must be alert to, the other thing is this except for the "someone asks you the password" thing.

So, you must remember:

"Be careful what you do." ”

It's as simple as that.

Because, a lot of viruses will be attached to the executable file, you "poison the first execution." Not only that, but before the poisoned computers are not cleaned up, they are constantly infecting files in the computer, sending virus letters, or infecting other files on the server ... And such viruses also modify system settings, making it difficult for users to "even find the wrong" cleanup-sometimes almost impossible.

So, sometimes, a poisoned computer has to be a whole reload, because all executables are infected and cannot be recovered.

The internet is "the Gate of Hell"

But I'm afraid there's something really out of the way--that's the web!

When you use a browser to connect to any Web page, honestly ... The gate of Hell is open. Because Web pages can make you do a lot of things, perform many functions--and most of them are automatic and you don't know it. Normal web pages will not, of course, get you poisoned ... However, the abnormal page is actually quite a few miles!

In fact, you know, the browser itself is a "performer", which is itself a tool designed to perform various functions. Not only that, the operating system still has the so-called "compatibility" problem, but the browser itself is designed to be called "Cross-platform", the best of all browsers have the same ability, so that Web developers can write a function--so that all users around the world can use ──gosh! The realization of the world's great harmony is nothing more than this. However, this also makes web virus writers have an opportunity ... Is there any way to make these virus writers more convenient? It's a cross-platform virus, of course!

Web-like viruses have many forms, some use the so-called "narrative" (JavaScript) constantly bouncing annoying windows, and some will secretly put the virus into your computer, and some will directly perform some bloody action ... And to be honest, this kind of problem is more troublesome than executable poisoning because the user simply cannot know.

Therefore, antivirus software (or so-called Internet security) is extremely important in this case.

Methods that do not allow the virus to be executed

So, can only rely on the user's careful to prevent the virus from the traffic? We systematically think about what we can do under each link, and the following are some common "anti-blocking methods" listed:

Every program has to go through some kind of authentication.

In order not to allow the user to perform the dirty things that should not be done, the operating system manufacturer stipulates that "every program you perform must be examined by it". Oh, you think it's funny? No, that's what the iphone is--although it's not meant to be anti-virus, the system is quite secure--because all software shelves are approved by Apple.

Each program (as long as it is found to be dangerous) has to be approved by the user.

There is a UAC under Windows VISTA/7, as long as you judge your program is dangerous will jump out to you "OK", which will make the virus "more difficult to silently infect you", but the average person has not been the benefit, may be gas to turn off this function first. But in all fairness, it is also convenient to be anti-virus, which is a certain degree of necessary evil.

Install antivirus software.

Antivirus software "supposedly" can block executable viruses, and firewall software "supposedly" can block attacks from inside and outside the Internet, and you don't say "I don't do dirty stuff I don't have to install antivirus software"--preferably, you'd better not surf the Internet. Some network worms simply use the so-called "holes" to drill directly into your computer's memory, and then your network is automatically paralyzed. Even if you do not do anything, there will be the possibility of poisoning. So be sure to use antivirus software--whether it's a free version or a paid version.

Execute any "executable" thing you have to pay more attention to

It is true that many people are executing the procedure--and passing it to the virus, which is the most lethal problem-

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.