10.5. Computer viruses Classification, methods of infection, treatment and prevention, life cycle

A computer virus is a specially written program that can spontaneously join other programs (infect them), create copies of itself and inject them into files, system areas of a computer and other computers combined with it in order to disrupt the normal operation of programs, damage files and directories, and also creating various interferences when working on a computer.

The appearance of viruses in the computer is determined by the following observables:

• decrease in computer performance;

• impossibility and slowdown of the OS boot;

• increase the number of files on the disk;

• replacing file sizes;

• periodic appearance of inappropriate messages on the monitor screen;

• a decrease in the volume of free OP;

• a sharp increase in access time to the hard disk;

• destruction of the file structure;

• light of the drive indicator light when it is not accessed.

The main ways viruses infect computers are usually removable disks (floppy disks and CD-ROMs) and computer networks. An infection of a computer's hard disk can occur if the computer is booted from a floppy disk containing a virus.

According to the type of habitat that viruses have, they are classified into boot, file, system, network, and file - boot (multifunctional).

Boot viruses are embedded in the boot sector of the disk or in the sector that contains the system boot program.

File viruses are placed mainly in executable files with the .COM and .EXE extensions.

System viruses are embedded in system modules and peripheral device drivers, file allocation tables and partition tables.

Network viruses are in computer networks, and file-boot viruses infect boot sectors of disks and application files.

Along the path of infection of the habitat, viruses are divided into resident and non-resident.

Resident viruses when infecting a computer leave their resident part in the PD, which, after infection, intercepts the operating system's circulation to other objects of infection, infiltrates into them and performs its destructive actions that can lead to a shutdown or restart of the computer. Non-resident viruses do not infect computer OP and are active for a limited time.

The peculiarity of the construction of viruses affects their manifestation and functioning.

Logic bomb is a program that is embedded in a large software package. It is harmless until a certain event occurs, after which its logical mechanism is implemented.

Mutant programs, self-reproducing, create copies that are clearly different from the original.

Invisible viruses, or stealth viruses, intercept the operating system's access to the affected files and disk sectors and substitute for themselves uninfected objects. When accessing files, these viruses use quite original algorithms that allow them to “fool” resident antivirus monitors.

Macro viruses use the capabilities of macro languages, which are built into office data processing programs (text editors, spreadsheets).

By degree of impact on the resources of computer systems and networks, or by destructive capabilities, they emit harmless, non-dangerous, dangerous and destructive viruses.

Harmless viruses do not have a pathological effect on the computer. Non-dangerous viruses do not destroy files, but they reduce free disk space, displaying graphic effects. Dangerous viruses often cause significant disruption to the computer. Destructive viruses can lead to erasure of information, complete or partial disruption of the application programs. It is important to keep in mind that any file capable of loading and executing program code is a potential place where a virus can be placed.

продолжение следует...

Продолжение:

Часть 1 10.5. Computer viruses Classification, methods of infection, treatment and prevention, life cycle