Author: Fresh sunshine (Http://hi.baidu.com/newcenturysun)
Date: 2007/08/11 (reprinted please keep this statement)
I. Personal Computer Security Status Quo Analysis
1. virus killing anti-virus software is no longer a new thing
Since the orange s in the S, the virus has been frantically infected with antivirus software. The cases of antivirus software being killed are not uncommon. The popular pandatv incense at the beginning of this year and the recently popular avterminator are no exception, their initial actions were to eliminate anti-virus software in various ways, end the process of anti-virus software, delete services, delete drivers, hijack anti-virus software using the IFEO image, and modify the system time so that the anti-virus software would be useless in front of the virus!
2. with the gradual development of the Internet, viruses have gradually changed from independent committing crimes to collective committing crimes, from a single trojan or virus committing crimes to Trojans, viruses, and rogue software committing crimes collectively, and the virus starts to have the update function.
Ever since Weijin and other viruses frantically downloaded the Trojan Horse group from the website, it seems that Pandora's Box in the virus industry has been opened, and countless new viruses have started to adopt this technology. The previous virus was a single crime, nowadays, Trojans are commonly used to actively connect to the Internet and download Trojans, viruses, and rogue software in batches. In addition, viruses have the regular update function on the Internet, and virus writers are updated more frequently, with some updated almost one day. Anti-virus software is weak in defending against so many viruses and rogue software attacks.
3. Anti-Virus auxiliary tools are like antibiotics. Once published, the virus author will immediately list them as targets for virus detection and removal, so that the virus has a new "Drug Resistance"
To make up for the lack of anti-virus software, many folk fans have made some manual anti-virus gadgets for some manual anti-virus needs. These tools have become the eyes of virus writers, they are like antibiotics. Once exposed and widely used, they cannot escape the bad luck of being killed like anti-virus software. Viruses are constantly becoming "resistant"
4. The virus causes full-body resolution to damage the system. It is difficult for Chinese drug addicts to seek help from the Internet.
The virus is no longer simply infected with files. The purpose of Stealing accounts is to completely destroy the system as the fundamental purpose, so as to facilitate the subsequent operations.
Virus is now commonly used in the destruction security mode, Disable windows automatic update, Security Center, System Restore, damage the display of hidden files, disable Registry Editor, disable Task Manager, disable cmd, closing the window related to anti-virus and other means try to completely damage the system, making it difficult for common users to search for the virus solution on the Internet. Senior users are helpless when they do not have any tools at hand.
5. Download through windows vulnerabilities, and then download devices spread through USB flash drives become mainstream
Now the USB flash drive has become a new method for storing data. It is easy to carry and stores a large amount of data, but it also provides a new way to spread viruses. At present, download through windows vulnerabilities, and then spread through a USB flash drive download has gradually become the mainstream. If a person's computer is not updated in time, the system patch is not prepared, and the website with viruses is accessed, the computer is infected with his computer, and then the computer is infected with his USB flash drive, then the USB flash drive becomes a source of transmission, and his home location will become a new home for viruses. In this way, "one person is poisoned, and nine people, friends are poisoned, and the whole school is poisoned, internet-wide poisoning "and other adverse effects.
5. Hackers keep an eye on Anti-Virus forums and blogs of anti-virus fans to obtain the latest virus detection and removal information and new technologies.
Anti-Virus forums have emerged to address endless viruses. A large number of anti-virus enthusiasts have provided assistance to the majority of poisoned users, but this has also become a window for hackers to create viruses to obtain the latest virus technical information.
Hackers keep an eye on the anti-virus Forum. Once a new method is available, they will try to invalidate the new method. Hackers will also learn new anti-virus technologies in the anti-virus forum and apply them to their virus production.
6. Hackers use virus makers to produce viruses in batches
Hackers have created a large number of virus manufacturing machines and are selling on websites. This allows cainiao to create many virus variants in batches in a short time.
In summary, the current method of virus attacks on personal computers shows this mode:
Ii. Personal Computer Security Measures
We hope that the majority of Internet users can effectively prevent computer viruses, reduce the probability of computer viruses, and make their computers a source of virus transmission.
1. anti-virus software, firewall, and system patches must be minimal.
Do not blindly trust some Trojans to choose anti-virus software, such as rising, Jiangmin, Kingsoft, Kabbah, and Norton. Firewall is also essential. Although some people may think that I am a personal user, there is no need to install a firewall and think that it will not be attacked by hackers, you will be wrong, firewalls prevent hacker attacks on the one hand. On the other hand, firewalls are generally used to check the system's external connections, which is a hindrance to the popular trojan downloads, you can immediately block them from accessing external connections to download more viruses. System patches are also required. Do not think that system patches will slow down the system. Currently, most viruses are spread through system vulnerabilities. Therefore, system patches must be used, even if it has an impact on the system speed, it is much lower than the cost of using a virus to intrude into a computer. In addition, the anti-virus software and firewall should be upgraded in a timely manner.
2. Disable automatic playback. Do not double-click or right-click to open the Mobile storage, and do not give the USB flash drive virus a chance.
At present, the virus is mainly transmitted through a USB flash drive, so we must resolutely block this transmission channel. The following provides some methods for your reference.
(1) disable automatic playback: Run "gpedit. run the msc command to find the "manage template" function under "Computer Configuration" and "user configuration" in "group policy, open the "Disable automatic playback" setting in the "System" menu, select "enabled" in its properties, select "All Drives", and then click "OK" to save the settings.
(2) Lock some Registry Permissions: Start-run-enter regedit, expand hkey_current_usersoftwaremicrosoftwindowscurrentversionpolicermountpoints2, right-click this key, and set the Administrator permission to deny.
(3) some third-party USB flash drive virus immunization tools can be used to immunize the system.
For example:Http://update3.dswlab.com/antiautorun.zip
(4) how to open a strange USB flash drive: Do not double-click or right-click a new USB flash drive to open it. The correct way to open it is to click the folder button below the menu bar (search for the button on the right)
Access the USB flash drive from the resource manager on the left
3. Lock time, preventing virus modification time
(1) Set permissions for time modification
In the Start Menu, run gpedit in the run box. msc command, find "Computer Configuration"-"windows Settings"-"Security Settings"-"Local Policy"-"User Privilege assignment" in "Group Policy" to find and change the system time
Delete all users
(2) Use the tool lock time
You can use the timeprotect tool to lock the time and prevent virus modification.
4. Precautions for system reinstallation
Pay attention to the following points when installing the Machine System: Install the anti-virus software firewall before accessing the internet, upgrade the anti-virus software and firewall immediately after accessing the internet, and install system patches.
If the system is reinstalled after the virus is poisoned, install the antivirus software into the system partition. Do not double-click or right-click to open another partition, and then perform the following operations: Double-click my computer, tools, Folder Options, view, click to select "show hidden files or folders" and clear the hooks before "Hide protected operating system files (recommended. When you are prompted to confirm the change, click "yes" and then confirm
Then, click the folder button (search for the button on the right) at the bottom of the menu bar to go to another partition from the resource manager on the left and find whether there is autorun. inf. If you double-click it to open it, check which exe file is pointed to, find it, and delete it.
We sincerely hope that everyone will enhance their awareness of virus prevention, prevent their computer viruses and even become the source of virus transmission.