Anti-virus monitor. Antivirus Protection of the Cloud

Services

The most common and efficient antivirus programs are antiviruses working on the principle of scanners, monitors and auditors. There are also various kinds of blockers and immunizers.

1. Anti-virus scanners

Scanners able to detect a fixed set of known computer viruses In system memory, files and sectors, followed by the removal of most of them.

Scanners are searching for viruses using the so-called "masks" - a constant sequence of code inherent in a specific virus. If the virus does not have a permanent mask, then other methods are used to determine such viruses (polymorphic viruses), for example, a description of all possible options Program code of virus algorithmic language.

Many popular scanners: Doctor Web, Kaspersky Anti-Virus, Norton Antivirus, McAfee, Panda AntiVirus, Antivir Personal Edition and others use heuristic scanning mode.

Heuristic scanning - This is the method of searching for viruses, which allows you to define unknown viruses program, but the number of false responses of the antivirus program increases (messages about the viruses found in files, where they are actually no).

Many anti-virus scanners can be attributed to the so-called anti-virus tablets – special programsfocused on the search for a particular type or family of viruses, such as Trojanov, Macrovirus, etc. (for example Anti-Trojan, Trojan Remover). It should be noted that the use of special scanners calculated only on macrorsuruses is sometimes more reliable and convenient antivirus solution to protect MS Excel and Word format.

Disadvantages of scanners: They cover only part of well-known computer viruses and require constant updates via Internet antivirus bases. Given the rate of appearance of new viruses and their short life cycle, it is necessary to update the anti-virus bases for the use of scanners at least one or twice a week. If this is not done, the effectiveness of the scanners is significantly reduced.

2. Antivirus monitors

Monitors - This is a kind of scanners that, constantly in the memory of the computer, monitor virus-like situations produced with disk and memory, i.e. Perform continuous monitoring of the processes performed by the computer.

An example of such antiviruses can be the Kaspersky Anti-Virus or Spider Guard program.

Disadvantages of monitors: They can conflict with another software. Like scanners, the effectiveness of monitors depends on the frequency of updating the antivirus bases. In addition, the use of monitors does not give 100% protection, because There are viruses capable of deceiving and bypassing monitor protection.

3. Anti-virus auditors

Auditors - These are programs that work on the principle of checksum counts (CRC-sums) for stored on disk of files and system sectors.

An example of such an antivirus may be the AdInf32 program that counts the checksums and is saved in the database of any antivirus program. The auditors are capable of timely detect infected files on a computer with almost any antivirus, not allowing the critical situation.

Advantages of the auditor: High check speed system files.

Disadvantages of the auditor: The program must be running constantly while the computer is turned on.

4. Anti-virus blockers

Blockers - These are programs that track and intercept dangerous situations, such as opening or closing the executed files. By the way, the marked events are characteristic of viruses at the moments of their reproduction.

The advantages of blockigurs: They are able to detect the virus at the initial stage of its distribution.

Disadvantages of blockers: false responses, some viruses can circulate blocker protection.

How to find and download on the Internet Any files Raitman M. A.

Antivirus monitor

The anti-virus monitor scans the files to which occurs during operation on the computer. By default, it is configured in such a way that when a virus is detected, it blocks access to an infected file and displays a dialog box (Fig. 11.5), notifying about the detected threat.

This dialog box also offers options for action with an infected file. This file can be moved to the storage, open the folder with this file or ignore the threat. The last option should be used only if you are exactly sure that the program is wrong, and the file is not an infected malware.

From the book Protection of your computer Author Yaremchuk Sergey Akimovich

SpywareBlaster Monitor Unlike Ad-Aware SE version of Personal, SpywareBlaster is not a scanner, but a monitor that provides real-time protection. Using SpywareBlaster you can protect web browsers Internet Explorer. (version 6.0 and higher) and Mozilla Firefox., as well as prohibit the browser to open unreliable sites, with

From book Computer and Health Author Balovsyk Nadezhda Vasilyevna

The correct monitor is one of the main components of the computer - this is a monitor, when buying which you need to be particularly attentive, as it depends on it the good vision and safety of work. For recently one of the negative characteristics of monitors

From the book we collect the computer with your own hands Author Vatamanyuk Alexander Ivanovich

Monitor Monitor is a device that serves to display text and graphics information coming from the video card. Today is the most common two types of monitors: with an electron beam tube (electrical monitors) and liquid crystal (LCD monitors).

From the book 200. best programs For the Internet. Popular tutorial by Krainsky I.

The monitor monitor is rarely broken and, as a rule, as a result of natural aging. Most often, kinescopes are suffering or input power circuits. The monitor is not always the time-consuming process and at home. For example, LCD displays independently

From the book of a domestic video card video driver in Adobe Premiere. Pro CS3. Author Dniprov Alexander G.

Anti-virus plugin for browser OTDR. Web Manufacturer: St. Petersburg Anti-Virus Laboratory I. Danilova (www.drweb.ru) .Tatatus: FREE Capture for download: http://info.drweb.com/show/2652. Distribution distribution: 180 Kbytes.dated plugin ( has a REG file) is designed for

From the book Pinnacle Studio 11 Author Chirtik Alexander Anatolyevich

The Premiere Pro program monitor contains a variety of components - windows, palettes, toolbars, so for convenience, it is recommended to use a monitor with a large diagonal size and, therefore, high resolution. This does not mean mandatory

From the book Tutorial work on the computer Author Kolisnichenko Denis Nikolaevich

The monitor for working with Pinnacle Studio 11 will need a monitor with a resolution of at least 1024? 768 (in contrast to the previous version for which the minimum resolution is 800? 600). With a smaller resolution on the edges of the program window, stripes will be visible.

From the book the newest tutorial of the computer Author Beluncov Valery

3.2. How to connect the monitor first you need to connect the stand to the monitor. Do not rush, take the instruction, everything is drawn there. Then you need to connect the monitor to the computer. If you have a regular CRT monitor, it connects to the VGA-connector of the video card. If you have an LCD monitor, then

From the book of the Internet - easy and simple! Author Alexandrov Egor

Monitor To ensure that the user can see the result of the computer, you need a device for outputting information. IN modern computers It usually is a monitor, although others can exist (printer, plotter, etc.). Almost all the information with which

From the book How to find and download any files on the Internet Author Raitman M. A.

The monitor is generally not saved on health. If your vision is expensive, then you will not post money for the purchase of a high-quality monitor (Fig. 2.2), otherwise it can do it much more expensive. Fig. 2.2. Monitor. Site care is now adapted to the resolution of 800x600, but it became

From the book Ubuntu 10. Quick Start Guide Author Kolisnichenko D. N.

Anti-virus package AVG FREE Recently, the work of most malicious programs is aimed at receiving money. If earlier, viruses prevailed among malicious programs, performing various destructive functions, now mass epidemics are mainly

From the book undocumented and little-known Windows XP capabilities Author Klimenko Roman Alexandrovich

20.2. The system monitor is similar, for the Top command in GNOME there is also a graphic analogue. True, the system of system monitor (system | administration) is much wider than that console Team top. On the System tab (Fig. 20.4), general information about the system is displayed:

From the book digital photo. Tricks and effects Author Gursky Yuri Anatolyevich

System monitor after entering into command line Run the perfmonon.msc commands The Microsoft Management Console refers to the contents of the HKEY_CURRENT_USERSoftwareMicrosoftSystemMonitor and HKEY_LOCAL_MACHINESoftware and HKEY_LOCAL_MACHINESoftware and HKEY_LOCAL_MACHINESFTVERSIONFLIB, whose parameters will be considered a little later. After input

From the book How to tame a computer in a few hours by Remene Irina

3.7. The monitor and its configuration for the one who is busy digital photography, even if a lover, the monitor is of particular importance. After all, how else to evaluate the quality of the digital photograph, if not on the computer screen? Consequently, the monitor must transmit an image

From the book of the author

Calibrating the monitor for calibrating the monitor is the utility Calibration of the screen colors (Fig. 3.12). You can run it, passing through countless links from the Personalization window, but it's easier to click on the Start button, in the line Find programs and the main menu files to dial

From the book of the author

The monitor externally resembles a TV. Therefore, the dimensions of the monitor are also the same as in ordinary TVs, the diagonal length is determined in inches - 15, 17, 19, 21 (by the way, one inch is 2.54 cm). As well as a DVD player without a TV - just a box and

Anti-virus monitors

There is still a whole class antivirus softwarewhich are constantly in the computer's memory and track all suspicious actions performed by other programs. Such programs are called antivirus monitors or watchdis.

The monitor automatically checks all launched programs created opening and saved documents, program files and documents received via the Internet or copied to hDD from a floppy disk and a CD. Anti-virus monitor will inform the user if any program tries to perform a potentially dangerous action.

The set of one of the most advanced DOCTOR WEB scanners developed by Igor Danylov (http: // www. Drweb. RU) includes a Spider Guard watchman performing the functions of the anti-virus monitor.

Detect changes

When the virus infects the computer, it changes the contents hard diskFor example, adds its code to the program or document file, adds a call to the Virus program to the Autoexec file. Bat, cheating boot sectorCreates a satellite file. Such changes, however, do not make "disembodied" viruses who do not live on the disk, but in the memory of the OS processes.

Anti-virus programs called disk auditors do not perform search for viruses by signatures. They remember the previously characteristics of all areas of the disk that are attacked by the virus, and then periodically check them (the name of the program-audit is called). The auditor can find changes made by a famous or unknown virus.

As examples of the auditors of the disk, the Advanced DiskInfoscope program (ADINF), developed in Dialognauk CJSC (http: // www. Dials. EN, http: // www. Adinf. RU) and AVP Inspector Auditor Production of Caspper Lab "(http: // www. Kaspersky. RU).

Together with ADINF, the Adinf Cure Module (AdinFext) module is used, which uses previously collected information about files to restore them after the defeat by unknown viruses. The AVP Inspector auditor also has an attending module that can remove viruses.

Protection embedded in computer BIOS

IN system fees Computers also embed the simplest means of protection against viruses. These tools allow you to control all access to the main boot record. hard disks, as well as to the boot sectors of the disks and diskettes. If any program tries to change the contents of the boot sectors, the protection is triggered and the user receives the appropriate warning.

However, this defense is not very reliable. There are viruses (for example, Tchechn. 1912 and 1914) who are trying to disable antivirus BIOS control, changing some cells in non-volatile memory (CMOS memory) of the computer.

Exists class of anti-virus software that constantly found in random access memory Computer , I. track all suspicious steps performed by other programs .

Such programs are called filters , resident monitors or watchmen.

Filter programs , also referred to as resident wrappers and resident monitors , constantly in RAM and intercepted the given interruptions to control suspicious actions . At the same time, they can block "dangerous" actions or give a request to the user.

Actions to be controlled may be as follows:

modification of the main boot record (MBR) and boot records of logical disks and gmd,

recording at an absolute address,

low-level disk formatting,

leaving the RAM of the resident module and others.

Like I. auditors , filters often are "obsessive" and create certain inconveniences in the user.

Resident Monitor tell the user if any program is trying:

change loading hard sector disk or diskette, executable file;

leave the residency module in the RAM, etc.

Resident Monitors monitors the following operations. :

recording, updating program files and system system areas;

disk formatting;

resident placement of programs in RAM .

This displays a request for permission or prohibit this action.

The principle of operation of these programs is based on interception of the corresponding interrupt vectors.

Most resident monitors allow you to automatically check all launched programs for infection with known viruses, i.e. Perform functions scanner . Such a check will occupy some time and the process of loading the program will slow down, but you will be sure that the famous viruses will not be able to activate on your computer.

To the advantage of this class programs compared to detector programs can be attributed universality in relation to both the famous and unknown viruses, while detectors are written under the specific programmer known at the moment..

This is especially true now when many mutant viruses have appeared that have no permanent code.

However, filters program cannot track:

viruses that appeal directly to Bios.,

as well as Boot viruses, activating even before the launch of the antivirus, in the initial stage of loading DOS..

In the same time, resident monitors have a lot of flaws that make this class of programs available for use .

Many programs that do not even contain viruses can perform actions that residency monitors react.

For example, ordinary the Label command changes the data in the boot sector and triggers the monitor.

Therefore, the user will be able to constantly interrupt the annoying messages of the antivirus. In addition, the user will have to decide each time, whether this trigger is caused by a virus or not. As practice shows, sooner or later, the user turns off the resident monitor.

Disadvantage of resident monitors Also is that they must be constantly loaded into the RAM and, therefore, reduce the amount of memory available to other programs.

As part operating system MS-DOS already has a VSAFE resident anti-virus monitor.

When installing some residence antivirus monitors Conflicts can arise with other resident programs that use the same interrupts that simply stop working.

Classification.

Classify antivirus products You can immediately at several features, such as: used anti-virus protection technologies, product functionality, target platforms.

According to used anti-virus protection technologies:

Classic anti-virus products (products applying only detection method)
Proactive anti-virus protection products (products applying only proactive anti-virus protection technologies);
Combined products (products using both classic, signature protection methods and proactive)

According to the functionality of the products:

Anti-virus products (products providing anti-virus protection only)
Combined products (products providing not only protection against malware, but also spam filtering, encryption and backup data and other functions)

By target platforms:

Anti-virus products for Windows OS
Anti-virus products for the OS * NIX family (this family includes BSD, Linux et al.)
Anti-virus products for the MacOS family
Anti-virus products for mobile platforms ( Windows Mobile, Symbian, iOS, BlackBerry, Android, Windows Phone 7, etc.)

Anti-virus products for corporate users can also be classified by security objects:

Anti-virus products to protect workstations
Anti-virus products to protect file and terminal servers
Anti-virus products for the protection of postal and online gateways
Anti-virus products to protect virtualization servers
etc.

Characteristics of antivirus programs.

Anti-virus programs are divided into: detectors, doctors programs, audit programs, filter programs, vaccine programs.

Detectors programs provide the search and detection of viruses in RAM and on external media, and when detected, it is detected by the appropriate message. Disquires universal and specialized detectors.

Universal detectors in their work use the invariance of files by counting and comparing with the reference amount. The lack of universal detectors is associated with the impossibility of determining the reasons for the distortion of the files.

Specialized detectors search for known viruses by their signature (repeating code of code). The lack of such detectors is that they are unable to detect all known viruses.

The detector that allows you to detect several viruses is called a polywector.

The disadvantage of such antivirus about grams is that they can find only those viruses that are known to developers of such programs.

Doctor's programs (phages), not only find the files infected with viruses, but also "treat" them, i.e. Delete the virus program from the file, returning files to the initial state. At the beginning of his work, the phages are looking for viruses in RAM, destroying them, and only then go to "treatment" files. Among the phages, polyphags are isolated, i.e. Doctor programs designed to search and destroy a large number of viruses.

Given that new viruses are constantly emerging, the detector programs and doctors are quickly observed, and regular updates of their versions are required.

The program-auditors relate to the most reliable means of protection against viruses. The auditors remember the original state of the programs, directories and system regions of the disc when the computer is not infected with the virus, and then periodically or at the request of the user compare the current status with the source. Detected changes are displayed on the video monitor screen. As a rule, the comparison of states produce immediately after loading the operating system. When compared, the file length, cyclic control code (checksum of the file), the date and time of modification, other parameters are checked.

The audit programs have sufficiently developed algorithms, detect stealth viruses and may even distinguish changes in the version of the program being checked from changes made by the virus.

Filter programs (Storam) are small resident programs designed to detect suspicious actions when operating a computer characteristic of viruses. Such actions may be:

Attempts to correct files with COM and EXE extensions;

Changing file attributes;

Direct record to disk at an absolute address;

When you try to make the specified actions "Watchman" sends the user a message N offers to prohibit or resolve the appropriate action. Filter programs are very useful, as they can detect the virus at the earliest stage of its existence to reproduction. However, they do not "treat" files and discs. To destroy viruses, you need to apply other programs, such as phages. The disadvantages of watchman programs include their "annoying" (for example, they constantly issue a warning about any attempt to copy the executable file), as well as possible conflicts with other software.

Vaccines (immunizers) are resident programs that prevent infection of files. Vaccines are used if there are no doctors programs, "attending" this virus. Vaccination is possible only from famous viruses. The vaccine modifies the program or disc in such a way that this is not reflected in their work, and the virus will perceive them infected and therefore will not be implemented. Currently, vaccine programs have limited use.

A significant disadvantage of such programs is their limited opportunities to prevent infection from a large number of varied viruses.

Examples of antivirus software

When choosing an anti-virus program, it is necessary to take into account not only the percentage of viruses detection, but also the ability to detect new viruses, the number of viruses in the anti-virus database, the frequency of its update, the presence of additional functions.

Currently, a serious antivirus should be able to recognize at least 25,000 viruses. This does not mean that they are all "on the will." In fact, most of them or have already ceased to exist or are in laboratories and do not apply. You can actually meet 200-300 viruses, and only a few dozen of them represent the danger.

There are many antivirus programs. Consider the most famous of them.

Norton Antivirus 4.0 and 5.0 (manufacturer: "Symantec").

One of the most famous and popular antiviruses. The percentage of virus recognition is very high (close to 100%). The program uses a mechanism that allows you to recognize new unknown viruses.

In the Norton AntiVirus program interface, there is a LiveUpdate feature that allows you to click on the same button to update via the Web both the program and the set of virus signatures. The Wiring Master issues detailed information about the virus detected, and also provides you with the ability to choose: delete the virus or automatically mode, or more carefully by step by step procedure, which allows you to see each of the actions performed during the removal process.

Anti-virus databases are updated very often (sometimes updates appear several times a week). There is a resident monitor.

The disadvantage of this program is the complexity of the setting (although the basic settings change is practically not required).

Dr Solomon "S AntiVirus (Manufacturer:" Dr Solomon "S Software").

Considered one of the most the best antivirusov (Evgeny Kaspersky somehow said that this is the only competitor to his AVP). Almost 100% of well-known and new viruses detects. A large number of functions, scanner, monitor, heuristics and everything you need to successfully confront viruses.

McAfee VirusScan (manufacturer: "McAfee Associates").

This is one of the most famous antivirus packages. Very well removes viruses, but VirusScan is worse than other packages, things are dealt with new varieties of file viruses. It is easily and quickly installed using default settings, but it can be configured at its own discretion. You can scan all files or only software, distribute or not distribute the scanning procedure to compressed files. It has many features to work with the Internet.

.Dr.Web (manufacturer: "Science dialogue")

Popular domestic antivirus. Well recognizes viruses, but in its base they are much less than other antivirus programs.

AntiViral Toolkit Pro (Manufacturer: Kaspersky Lab).

This antivirus is recognized worldwide as one of the most reliable. Despite the simplicity of use, it has all the necessary arsenal to combat viruses. The heuristic mechanism, redundant scanning, scanning archives and packaged files is not a complete list of its capabilities.

Kaspersky Lab closely monitors the appearance of new viruses and timely releases the updates of antivirus bases. There is a resident monitor to monitor executable files.