I often hear some "professional" IT staff say, "even if the user installs anti-virus software, there is no concept of anti-virus at all. Do you think this will not cause viruses ?"
To avoid viruses, it is more important to have a better understanding of the operating principles of viruses and the preservation of antivirus software. Here, we hope that computer users in general enterprises can provide enough anti-virus concepts ". Maybe you cannot "guarantee" anything, but at least you can have a brief understanding of what happens on the computer!
Exquisite and fragile boot program
To use a computer, you have to turn on the machine first, from power on to the operating system load, this is commonly known as the "boot program ". Because most viruses will try to make themselves part of the "Boot Program" (so that they can be parasitic and infected), you must first know the steps of this program:
1. Power on. If the hardware works properly, proceed to the next step.
2. BIOS (Basic Input/Output System) performs a routine Boot Check and takes over the boot program with a preset storage device
3. According to industry-recognized specifications, the preset boot device (usually a hard drive) starts the software boot program and loads the core and driver of the operating system in sequence ......
4. After the core of the operating system is loaded, various resident programs (anti-virus software, IM software, etc.) specified by the user can be loaded according to the settings ......)
In each of the above boot procedures, a "Hook Point" will be left when this step is switched to the next step ". For example, the BIOS system on the motherboard needs to execute the boot program for storing media. It will execute the boot command from a fixed position. Where is the fixed position? We do not need to know, but this location must be a public specification.
Therefore, the people who write the OS know the location where the storage media is started, the people who write the disk maintenance program, the people who write the tool program, and the people who write the virus ...... Of course, we also know that there is a so-called "launch model virus ".
However, the "launch model virus" is rare in the modern era, mainly because the loaded operating systems are very large and complex after the boot, it is difficult for such viruses to operate normally under such complicated boot conditions. Most of the current viruses are damaged by the operating system.
The possibility of failure to boot ......
Whether it is Windows, Mac OS, Linux or BSD, the initial loading of the operating system is composed of exquisite sequential steps. The operating system usually needs to set the operating mode of the processor, load the system core, driver and drawing interface, load the resident program, and finally give the user the right to use. If this series of "exquisite" but "fragile" processes make a small mistake, the system cannot be loaded, the user will say, "Ah, my computer has crashed/cannot be turned on/died ...... All kinds of arguments are different:
● The driver has a problem.
● Problems with the core program
● An error occurred while storing the disk of the OS core program.
● The user's resident program has encountered a problem.
As long as there is a small error, the operating system may not be loaded properly-fortunately, this situation does not often happen.
So far, the above concepts seem very simple?
Please introduce the "Memory" Concept
Regardless of the operating system, the user can execute various applications after the boot program is completed. For example, you can execute browsers, file processing programs, and video playing programs ......, The specific action is to move the mouse over the application icon and press the left mouse button twice in a row. Yes, that's easy ".
What people often forget is that a computer has an important "component" called "Memory ". When the user presses the power to run the boot program, an important step of this program is to load the core of the operating system from the storage media to the memory ".
After the core of the operating system is loaded into the memory, according to the design of the Development vendor, the core of the operating system and the normal operation of the user application will be constantly maintained. This process is also exquisite and fragile. In addition, because the program is written by "people", if it is written by "people" (whether intentionally or unintentionally ), applications may cause the core program of the operating system to be damaged, resulting in a crash.
What about viruses?
The virus wants to have the following capabilities:
● Resident in the memory, disguise yourself as a part of the operating system
● In the process of disguise, it is best to make no one or any software discover it
● Do not interfere with the operation of the original program as much as possible, so as not to be noticed by yourself
● Try your best to attach yourself (viruses) to others (other computers)
● If necessary, you can do something useful (or fun) to the author, including stealing assets and causing damages ......
Multiple executable files
Well, if the virus wants to hide itself into the memory, it must first let you "execute" it.
The problem is, which one will perform the virus silly-if the virus says "I am a virus, come here, execute me" on the forehead, will you touch it? Definitely not!
Therefore, the writers of viruses will try their best to let users execute it without knowing it, so as to achieve the goal of "infection.
Therefore, "executable files" have become the main targets of most viruses "Parasitic.
The so-called executable files are what we call "programs" and "software". Usually such software is composed of one (or several) file. As mentioned above, software must be loaded into the memory before it can be executed and used by users, therefore, the author of the software will use development tools to compile the "original program" into "executable files", and then deliver the files to the user so that the user can execute them.
In the past, the executable files had only fixed formats:. COM,. EXE, And. BAT extensions, all of which were executable files. This remains unchanged in the Windows 7 era. However, Windows later introduced many "rare" executable file formats. For example,. DLL is a "Dynamic Link Library", which is also an executable file that "must be attached to the main program";. SCR is
Screen Saver, which is also an executable file with special features;. MSI (Windows Installer Package) is usually seen in "Installer", ...... It is also an executable file; some narration files, such as. VBS,. JS ......, They are also executable files. Execution is the most dangerous thing.
The problem is that Windows presets hide the file extensions it recognizes, so to be honest, you don't know what you actually execute.
It doesn't matter either. You just need to think: When you press the left mouse button twice on an icon-what are you sure you want to execute.
When executing something -- you must remember: This is our "Red Flag" signal that users must pay attention ". If you need to be alert about anything, you can do the other thing except "someone asks you the password.
Therefore, you must remember:
"Be careful when executing something ."
That's simple.
Because many viruses are attached to executable files, and you are "poisoned when executed ". Not only that, until the computer infected with viruses is cleared, they will constantly infect the computer files, send virus letters, or infect other files on the server ...... In addition, these viruses modify system settings to make it difficult for users to clean up even if they are not correct-sometimes almost impossible.
Therefore, sometimes the computer that has been poisoned must be reinstalled, because all executable files are infected and cannot be recovered.
The Internet is also the gate of hell"
However, I'm afraid there is something really hard to defend against-that is, web pages!
When you use a browser to connect to any webpage, honestly ...... The portal to hell opens. Because web pages allow you to do a lot of things and perform many functions-and most of them are automated, but you don't know. Of course, normal Web pages won't affect you, or make you poisoned ...... However, there are still many abnormal webpages!
As a matter of fact, you must know that the browser itself is a "performer" and it is designed as a tool to "execute various functions. In addition, the operating system still has the so-called "compatibility" problem, but the browser itself is designed as the so-called "cross-platform". It is best that all browsers have the same capabilities, so that web developers can write a function -- so that all users in the world can use it -- gosh! The implementation of World Datong is nothing more than this. However, this also gives webpage virus writers the opportunity ...... Is there any way to make these virus writers easier? Of course, it's a cross-platform universal virus!
There are many forms of webpage viruses. Some will use the so-called "narration" (JavaScript) to continuously bounce annoying windows, and some will secretly plug the virus into your computer, some will directly execute some damn actions ...... To be honest, this type of problem is more troublesome than Executable File poisoning because users cannot know it at all.
Therefore, anti-virus software (or Internet Security) is very important in this case.
Methods To prevent viruses from being executed
So, can we prevent virus congestion only with the user's caution? We systematically think about what we can do in every step. Below are some common "anti-blocking methods:
● Each program must undergo some authentication.
To prevent the user from executing anything that should not be executed, the operating system vendor stipulates that "every program you run must be checked for it ". What do you think is funny? No, the iphone is like this-although it is not intended to be anti-virus, the closed system is quite safe-because all software is installed on the Apple core.
● Each program (as long as it is identified as dangerous) must be executed with the user's consent
There is a UAC under Windows Vista/7, as long as you judge that your program is dangerous, it will jump out and ask you to "OK", this will make the virus "more difficult to infect you silently ", it's just that the average person hasn't benefited from it, so it's possible to turn it off first. But in all fairness, it is necessary to prevent viruses and make it easier.
● Install anti-virus software
Anti-Virus Software "should" Defend against blocking Executable File viruses, while firewall software "should" Defend against attacks from inside and outside the Internet, and don't say, "I don't need to install anti-virus software to execute all the dirty stuff." It's best that you don't want to access the Internet. Some Network Worms simply exploit the so-called "vulnerabilities" to drill into the memory of your computer, and then your online network will be paralyzed automatically. Even if you do not do anything, you may be poisoned. Therefore, you must use anti-virus software, whether it is the free version or the paid version.
● You pay more attention to executing anything that is "executable ".
Indeed, a lot of people execute programs in disorder-and execute the virus by the way, which is the most lethal problem-why? Because this is what you run on your own, the virus will be able to do whatever you want. It will replace the system registration file and hide it in the depths of the computer's hard disk, infect important files ...... What are the results? The result is "re-installation, and re-installation", so this is not necessarily the "only principle", but it is indeed the most important principle that the general user should know.