The best computer protection against viruses. Classification by type of antivirus protection used

Malicious code.

Antivirus software target platforms

In addition to the OS for desktop computers and laptops, there are also platforms for mobile devices, such as Windows Mobile Symbian Apple iOS, BlackBerry, Android, Windows Phone 7, etc. Users of devices running these OSs are also at risk of becoming infected with malware software, so some antivirus software developers release products for such devices.

Classification of antivirus products

According to the anti-virus protection technologies used:

• Classic antivirus products(products that use only signature detection methods, products that use only proactive anti-virus protection technologies);
• Combined products (products that use both signature-based and proactive protection methods)

By product functionality:

• Antivirus products (products that provide only antivirus protection)
• Combination products (products that provide more than just protection against malware, but also spam filtering, encryption and data backup and other functions)

By target platforms:

• Antivirus products for Windows operating systems
• Anti-virus products for *NIX operating systems (this family includes BSD, Linux, etc.)
• Antivirus products for the MacOS family of operating systems
• Anti-virus products for mobile platforms (Windows Mobile, Symbian, iOS, BlackBerry, Android, Windows Phone 7, etc.)

Antivirus products for corporate users can also be classified by protection objects:

• Antivirus products to protect workstations
• Antivirus products to protect file and terminal servers
• Antivirus products to protect email and Internet gateways
• Antivirus products to protect virtualization servers
• etc.

Antiviruses for websites

They can be divided into several types:

• Server - installed on a web server. The search for viruses, in this case, occurs in the files of the entire server.
• Script or CMS component that performs searches malicious code, directly in the site files.
• SaaS service is a centralized management system that allows you to manage files, databases, settings and components of web resources on VDS and DS remotely.

Special antiviruses

In November 2014, the international human rights organization Amnesty International released Detect, an anti-virus program designed to detect malware distributed by government agencies to spy on civil activists and political opponents. The antivirus performs a deeper scan of the hard drive than conventional antiviruses.

False antiviruses

In 2009, the active spread of false antiviruses began - software that is not antivirus (that is, does not have real functionality to counter malware), but pretends to be one. In fact, false antiviruses can be either programs to deceive users and make a profit in the form of payments for “curing the system of viruses,” or ordinary malicious software. IN present moment this distribution has been suspended.

Antivirus operation

Speaking about Microsoft systems, you should know that an antivirus usually operates according to the following scheme:

• Search the antivirus software database for virus signatures.
• if an infected code is found in memory (RAM and/or permanent), the “quarantine” process is launched and the process is blocked.
• a registered program usually removes the virus; an unregistered program asks for registration and leaves the system vulnerable.

Antivirus databases

To use antiviruses you need constant updates so-called antivirus databases. They provide information about viruses - how to find and neutralize them. Since viruses are written frequently, constant monitoring of virus activity on the network is necessary. For this purpose, there are special networks that collect relevant information. After collecting this information, the harmfulness of the virus is analyzed, its code and behavior are analyzed, and then ways to combat it are established. Most often, viruses are launched along with the operating system. In this case, you can simply delete the virus startup lines from the registry, and that’s it. simple case the process may end. More complex viruses use the ability to infect files. For example, there are cases where even some anti-virus programs, being infected, themselves became the cause of infection of other clean programs and files. Therefore, more modern antiviruses have the ability to protect their files from changes and check their integrity using a special algorithm. Thus, viruses have become more complex, as have the ways to combat them. Now you can see viruses that no longer occupy tens of kilobytes, but hundreds, and sometimes can be a couple of megabytes in size. Typically, such viruses are written in higher-level programming languages, so they are easier to stop. But there is still a threat from viruses written in low-level machine code like assembly language. Complex viruses infect the operating system, after which it becomes vulnerable and inoperable.

Write a review about the article "Antivirus program"

Notes

An excerpt characterizing the Antivirus program

The old Prince Nikolai Andreich Bolkonsky in December 1805 received a letter from Prince Vasily, informing him of his arrival with his son. (“I’m going on an inspection, and, of course, it’s not a 100-mile detour for me to visit you, dear benefactor,” he wrote, “and my Anatole is seeing me off and going to the army; and I hope that you will allow him to personally express to you the deep respect that he, imitating his father, has for you.")
“There’s no need to take Marie out: the suitors are coming to us themselves,” the little princess said carelessly when she heard about this.
Prince Nikolai Andreich winced and said nothing.
Two weeks after receiving the letter, in the evening, Prince Vasily’s people arrived ahead, and the next day he and his son arrived.
Old Bolkonsky always had a low opinion of the character of Prince Vasily, and even more so in lately, when Prince Vasily in the new reigns under Paul and Alexander went far in rank and honor. Now, from the hints of the letter and the little princess, he understood what was the matter, and the low opinion of Prince Vasily turned in the soul of Prince Nikolai Andreich into a feeling of malevolent contempt. He snorted constantly when talking about him. On the day Prince Vasily arrived, Prince Nikolai Andreich was especially dissatisfied and out of sorts. Was it because he was out of sorts that Prince Vasily was coming, or because he was especially dissatisfied with the arrival of Prince Vasily because he was out of sorts; but he was not in a good mood, and Tikhon in the morning advised the architect not to come in with a report to the prince.
“Can you hear how he walks,” said Tikhon, drawing the architect’s attention to the sounds of the prince’s steps. - He steps on his entire heel - we already know...
However, as usual, at 9 o'clock the prince went out for a walk in his velvet fur coat with a sable collar and the same hat. It snowed the day before. The path along which Prince Nikolai Andreich walked to the greenhouse was cleared, traces of a broom were visible in the scattered snow, and a shovel was stuck into the loose mound of snow that ran on both sides of the path. The prince walked through the greenhouses, through the courtyards and buildings, frowning and silent.
- Is it possible to ride in a sleigh? - he asked the venerable man who accompanied him to the house, similar in face and manners to the owner and manager.
- The snow is deep, your Excellency. I already ordered it to be scattered according to the plan.
The prince bowed his head and walked up to the porch. “Thank you, Lord,” thought the manager, “a cloud has passed!”
“It was difficult to get through, your Excellency,” added the manager. - How did you hear, your Excellency, that the minister will come to your Excellency?
The prince turned to the manager and stared at him with frowning eyes.
- What? Minister? Which minister? Who ordered? – he spoke in his shrill, harsh voice. “They didn’t clear it for the princess, my daughter, but for the minister!” I have no ministers!
- Your Excellency, I thought...
- You thought! - the prince shouted, pronouncing the words more and more hastily and incoherently. – You thought... Robbers! scoundrels! “I will teach you to believe,” and, raising a stick, he swung it at Alpatych and would have hit him if the manager had not involuntarily deviated from the blow. - I thought so! Scoundrels! – he shouted hastily. But, despite the fact that Alpatych, himself frightened by his audacity to dodge the blow, approached the prince, obediently lowering his bald head in front of him, or maybe that’s why the prince continued to shout: “scoundrels! throw up the road! He didn’t pick up his stick another time and ran into the rooms.
Before dinner, the princess and M lle Bourienne, who knew that the prince was out of sorts, stood waiting for him: M lle Bourienne with a beaming face that said: “I don’t know anything, I’m the same as always,” and Princess Marya - pale, frightened, with downcast eyes. The hardest thing for Princess Marya was that she knew that in these cases she had to act like m lle Bourime, but she could not do it. It seemed to her: “If I act as if I don’t notice, he will think that I have no sympathy for him; I’ll make it look like I’m boring and out of sorts, he’ll say (as it happened) that I’m hanging my nose,” etc.
The prince looked at his daughter's frightened face and snorted.
“Dr... or stupid!...” he said.
“And that one is gone! They were already gossiping about her too,” he thought about the little princess, who was not in the dining room.
-Where is the princess? – he asked. - Hiding?...
“She’s not entirely healthy,” said Mlle Bourienne, smiling cheerfully, “she won’t come out.” This is so understandable in her situation.
- Hm! hmm! ugh! ugh! - said the prince and sat down at the table.
The plate did not seem clean to him; he pointed to the spot and threw it. Tikhon picked it up and handed it to the barman. The little princess was not unwell; but she was so insurmountably afraid of the prince that, having heard how out of sorts he was, she decided not to go out.
“I’m afraid for the child,” she said to m lle Bourienne, “God knows what can happen from fright.”
In general, the little princess lived in Bald Mountains constantly under a feeling of fear and antipathy towards the old prince, which she was not aware of, because fear was so dominant that she could not feel it. There was also antipathy on the part of the prince, but it was drowned out by contempt. The princess, having settled down in the Bald Mountains, especially fell in love with m lle Bourienne, spent her days with her, asked her to spend the night with her, and often talked to her about her father-in-law and judged him.
“Il nous arrive du monde, mon prince,” said M lle Bourienne, unrolling a white napkin with her pink hands. “Son excellence le prince Kouraguine avec son fils, a ce que j"ai entendu dire? [His Excellency Prince Kuragin with his son, how much have I heard?],” she said questioningly.
“Hm... this boy of excellence... I assigned him to the college,” the prince said offended. - Why son, I can’t understand. Princess Lizaveta Karlovna and Princess Marya may know; I don’t know why he’s bringing this son here. I don't need it. – And he looked at his blushing daughter.
- Unwell, or what? Out of fear of the minister, as that idiot Alpatych said today.
- No, mon pere. [father.]
No matter how unsuccessfully M lle Bourienne found herself on the subject of conversation, she did not stop and chatted about greenhouses, about the beauty of a new blossoming flower, and the prince softened after the soup.

Let's start reviewing the material this section from familiarization with the principles of building anti-virus software. Many people believe that an antivirus program is an antidote to all diseases, and by running an antivirus program or monitor, you can be absolutely sure of their reliability. This point of view is fundamentally wrong. The fact is that an antivirus is also a program, even if written by a high-class professional. But this program is able to recognize and destroy only known viruses. In other words, an antivirus against a specific virus can be written only if the programmer has at least one copy of this virus.

Therefore, there is an endless “war” between the authors of viruses and antiviruses. And although there are many more virus creators, their opponents have an advantage! The point is that there is large number viruses whose algorithm is practically copied from the algorithm of other viruses. As a rule, such variations are created by unprofessional programmers who, for some reason, decided to write a virus. To combat such “copies”, a new weapon has been invented - heuristic analyzers. With their help, the antivirus is able to find similar analogues of known viruses, informing the user that his computer seems to have a virus. Naturally, the reliability of the heuristic analyzer is not 100%, but still its efficiency is greater than 0.5. Thus, in this information war, as, indeed, in any other, the strongest survive. Viruses that are not recognized by anti-virus detectors can only be written by experienced and highly qualified programmers.

To organize effective anti-virus protection, it is necessary to have an appropriate anti-virus tool. Despite all the variety of modern antivirus software products, the principles of their operation are the same. The main functions of modern antiviruses include:

– scanning memory and disk contents according to a schedule;

– scanning the computer memory, as well as recorded and readable files V real mode time using a resident module;

– selective scanning of files with changed attributes (size, modification date, checksum etc.);

– scanning archive files;

– recognition of behavior characteristic of computer viruses;

– remote installation, setting up and administering anti-virus programs from the system administrator console; notifying the system administrator about events related to virus attacks by email, pager, etc.;

– forced check of connected to corporate network computers, initiated system administrator;

– remote update anti-virus software and databases with information about viruses, including automatic update virus databases via the Internet;

– filtering Internet traffic to detect viruses in programs and documents transmitted via SMTP, FTP, HTTP protocols;

– identification of potentially dangerous Java applets and ActiveX modules;

– functioning on various server and client platforms, as well as in heterogeneous corporate networks;

– maintaining protocols containing information about events related to anti-virus protection.

Due to the fact that one of the main characteristics of modern virus attacks is their high speed of spread and the high frequency of new attacks, modern anti-virus software needs to be updated as often as possible, thereby improving the quality of protection. It is necessary to take into account all relevant current moment time virus threats. But the presence of anti-virus software is a mandatory, but not sufficient condition for repelling a virus attack. It is not enough to have a means at your disposal; you should also think about its methods. correct use. Virus protection should be part of a security policy that is understood and followed by all users of the system. Currently, a typical corporate computer network of a domestic customer includes tens and hundreds of workstations, dozens of servers, a variety of active and passive telecommunications equipment and, as a rule, has a very complex structure (Fig. 36).

The cost of maintaining such a network grows catastrophically along with the increase in the number of connected workstations. Now everyone is talking about how, under these conditions, it is possible to reduce the total cost of owning or operating an enterprise’s computer infrastructure. Obviously, the costs of anti-virus protection of the corporate network are not last point in the list of general expenses of the enterprise. However, there is a fundamental possibility of optimizing and reducing these costs by using special solutions, allowing you to centrally manage anti-virus protection of a corporate network in real scale time. It is necessary that such solutions allow enterprise network administrators to monitor all virus penetration points from a single management console and, using client-server technology, to effectively manage all anti-virus tools from various manufacturers present in the corporate network.

This anti-virus protection strategy allows you to block all possible entry points for viruses, such as:

– penetration of viruses into workstations when infected files from portable sources (floppy disks, CDs, Zip, Jazz, Floptical, etc.) are used on the workstation;

– infection with viruses using free infected software obtained from the Internet via the Web or FTP and stored on the local workstation;

– penetration of viruses when infected remote or remote workstations are connected to the corporate network mobile users;

– infection with viruses remote server connected to the corporate network and exchanging infected data with corporate servers of file applications and databases;

– distribution of email containing attachments Excel files and Word infected with macro viruses.

However, it was precisely the requirement for comprehensive centralized management that became a stumbling block for successful creation effective comprehensive anti-virus protection systems for corporate networks in domestic companies, which ultimately led to such a widespread penetration of computer viruses into the Internet/intranet. The use of local anti-virus solutions in a corporate network is necessary, but not sufficient for the effective implementation of anti-virus protection of an enterprise. The current situation requires the immediate intervention of relevant officials and the adoption of decisions aimed at ensuring and creating enterprise anti-virus protection systems. According to many experts, anti-virus protection systems must meet the requirements given in table. 3.5

The best way to deal with a virus attack is to prevent it. To solve this problem you need:

– configure anti-virus software accordingly;

– use only licensed software;

– limit the set of programs that the user can install on the system;

– eliminate known vulnerabilities in the software used;

– control the use of storage devices floppy disks and CD-ROMs;

– develop an email processing policy;

– develop a security policy for applications that process documents with interpreted languages.

To properly configure your antivirus software, you must make the following antivirus settings:

– scanning in real time, in the background or similar, must be enabled;

– when the system starts, you need to scan the memory, boot sector and system files;

– update virus databases in a timely manner;

– it is advisable to scan files of all types or, at a minimum, COM and EXE files, as well as files such as VBS, SHS, OCX;

– set up an audit of all actions of anti-virus programs.

Since software derived from unknown source, may be a Trojan or infected with a virus, you must use only licensed software.

The set of programs that a user can install on a system is limited because these programs can be infected with viruses or cause other attacks to succeed. Particular attention should be paid to various services Internet and, first of all, to messaging programs such as IRC, ICQ, Microsoft Chat (they can transfer files and serve as a source of infection for the system).

To eliminate known “holes” in the software used, databases that are usually published on Internet mailing lists, as well as on special sites, can be used as a source of information about vulnerabilities.

All information contained on floppy disks and CDs must be scanned for viruses before it is handled by computer system users.

Due to the fact that email messages are one of the most popular and quick ways to combat the spread of viruses, every organization should have an email policy in place. To protect against the penetration of viruses through email messages, each user of the system must:

– never immediately open an email attachment in a message that comes to him, but save it in a certain “quarantine” directory;

- never open mail attachments, which were not requested or notified by the sender (even when the sender is known, the message may contain a virus; if the sender is unknown, it is best to delete the message with the attachment);

– before opening an attachment, be sure to check it using anti-virus software;

– if after completing all these procedures there are still doubts, you should contact the sender and find out from him information about the attachment sent;

– eliminate possible vulnerabilities in client email software.

If a user or organization uses applications that process documents with interpreted languages ​​(for example, a family of products Microsoft Office), then the procedure for working with these documents should also be reflected in the security policy.

Let's take a closer look at how antivirus programs work and what types of these programs there are.

Typically, virus analysis consists of isolating signatures in them and then searching for them in potential targets of a virus attack. Thus, just a few years ago it was enough to catch a virus, study its code (for professionals this was usually a matter of a few minutes) and extract a signature. But virus technologies did not stand still. New viruses were developed, and after them new anti-virus software products.

There are quite a lot of antivirus products. And since in each specific case you need to choose an antivirus kit based on the general concept information security organization and the needs of a specific user, the main types are briefly described below antivirus agents.

There are the following standard programs protection (Table 3.6):

– detectors (scanner);

– phages (polyphages) (scanner/cleaner, scanner/remover);

– auditors;

– watchman;

– special vaccines;

– blockers.

Table 3.6. Standard antivirus programs

In most cases, a virus that has infected a computer will be detected by already developed detector programs. They check whether the files on the user-specified drive have a specific this virus byte sequence. When a virus is detected, the program displays a corresponding message on the screen. The purpose of the detector is only to detect the virus. Either another antivirus program or a system programmer will have to deal with it.

Among the detectors, we can highlight heuristic code analyzers - a set of routines that analyze the code of executable files, memory or boot sectors to detect different types of computer viruses in it. Let's consider the universal circuit of such a code analyzer. Acting in accordance with this scheme, the code analyzer is able to use as efficiently as possible all the information collected for the object under test.

The heuristic approach consists of trying to propose a perhaps suboptimal but quick solution to extremely complex (or even intractable) problems based on increasingly reliable assumptions.

The basic idea of ​​this approach is that the heuristic first considers the behavior of the program and then compares it with that characteristic of a malicious attack, such as the behavior of a Trojan horse. Establishing a pattern of behavior and making decisions regarding it can be done using several mechanisms. In order to identify and determine everything possible actions programs use two approaches:

– scanning;

– emulation.

The scanning approach involves searching for “behavioral patterns”, for example, the most typical low level methods opening files. Or the procedure for scanning a regular executable file looks at all the places where a program opens another file, and determines what kind of files it opens and what it writes to them.

The second method for determining behavior is emulation. This approach is somewhat more complicated. The program is passed through Windows emulator or a Macintosh or Word macro emulator to see what it will do. However, questions arise because in this case a lot depends on the quirks of the viruses. For example, if a virus is programmed to format your hard drive February 25 at 10 a.m. morning, and when emulating this virus on the simulator, the date is set to February 24, then the virus will not yet show its intentions.

The trick to fast recognition is to combine the two approaches and get the most detailed catalog behavioral patterns in the shortest possible time. To check whether a file is infected with a virus, specialists can use various options artificial intelligence - expert systems and neural networks.

The disadvantage of the heuristic approach is precisely its heuristic nature. There is always the possibility that an extremely suspicious file is actually completely harmless. However, Symantec's latest heuristic engine, called Bloodhound, can detect up to 80% of unknown executable viruses and up to 90% of unknown macro viruses.

It is also worth noting that detector programs are not very universal, since they can only detect known viruses. Some such programs can be given a special sequence of bytes characteristic of a virus, and they will be able to detect files infected by it: for example, NotronAntiVims or an AVP scanner can do this.

The Aidstest program is outdated and is now practically not used. The most widely used programs are DrWeb and AVP. Thanks to their latest detectors, they can detect any viruses: both the oldest and the newly emerging ones. We also need to mention the ADinf detector. This antivirus program detects all viruses that do not change the length of files, invisible viruses, and many others. Thus, these three programs provide powerful protection against viruses. All these programs can be entered into the AUTOEXEC.BAT file, then when the computer boots, a check for virus infection will be carried out automatically. By the way, in the West they also prefer to use Russian programs such as DrWeb and AVP.

A few years ago, detectors almost lost their position to programs called polyphages, but today they are returning to the computer market.

For those who use only licensed software, there is no need to waste time treating virus-infected files. It is easier to restore an infected program from the distribution kit. But due to the fact that even in many fairly large organizations they very often use not licensed, but “pirated” products (possibly already infected with a virus), clean detectors (scanners) will not soon be able to compete with phages.

Phages (polyphages) (scanner/cleaner, scaner/remover) are programs that can not only detect, but also destroy viruses, that is, treat “sick” programs (a polyphage can destroy many viruses). Polyphages also include such an old program as Aidstest, which detects and neutralizes about 2000 viruses.

The basic principle of operation of a traditional phage is simple and no secret. For each virus, by analyzing its code, methods of infecting files, etc., a certain sequence of bytes characteristic only of it is isolated. This sequence is called the signature of this virus. In the simplest case, searching for viruses comes down to searching for their signatures (this is how any detector works). Modern phages use other methods of searching for viruses.

After detecting a virus in the body of the program (or the boot sector, which also, however, contains the boot program), the phage neutralizes it. To do this, developers of antivirus products carefully study the work of each specific virus: what it spoils, how it spoils it, where it hides what it spoils (if it hides, of course). In most cases, the phage is able to safely remove the virus and restore the functionality of damaged programs. But it is necessary to understand well that this is not always possible.

Programs called auditors monitor possible routes of infection. The ingenuity of malware authors is limited by certain limits, based on what is possible in principle. These frameworks are well known and therefore viruses are still not omnipotent. If you take control of all conceivable directions of a virus attack on your computer, you can be almost completely safe. Of the audit programs that can be purchased in Russia, you should pay attention to the ADinf program already mentioned above.

Watchmen are small resident programs that reside permanently in the computer's memory and monitor operations that they consider suspicious. An example of a watchdog program is the VSAFE software product, which was included with some versions of MS DOS.

Since both viruses and regular programs perform the same operations, it is impossible to even single out a class of exclusively “viral” operations. As a result, the watchman is either forced to not control anything and passively observe what is happening, or to “ring” for every suspicious operation. Therefore, it is advisable to use watchdog programs actually minimum level control (for example, tracking changes in boot sectors). Some modern BIOSes have such watchdog functions, although this is not so simple. This BIOS function may conflict with some operating systems, and sometimes may not work at all.

Special vaccines are designed to process files and boot sectors. Vaccines are either passive or active. An active vaccine, “infecting” a file, like a virus, protects it from any changes and in some cases is capable of not only detecting the fact of infection, but also curing the file. Passive vaccines are used only to prevent infection of files by certain viruses that use simple signs of infection - “strange” time or date of creation, certain character strings, etc.

Currently, vaccination is not widely used. Thoughtless vaccination of everything and everyone can cause entire epidemics of non-existent viral diseases. So, for several years in the territory former USSR A terrible epidemic of the terrible TIME virus was raging. Hundreds of absolutely healthy programs processed by the ANTI-KOT antivirus program fell victim to this virus.

Let's give an example from practice. Currently, there are quite a few viruses that prevent files from being re-infected by some kind of “black mark” with which they mark the infected program. There are, for example, viruses that set the file creation time seconds field to 62. Quite a long time ago, a virus appeared that added five bytes to all infected files - MsDos. There are no normal files containing such a character string at the end, so the virus used this sign as an indicator of file infection. Vaccinating files against such a virus is not at all difficult. It is enough to add the above-mentioned character string to the end - and you are not afraid of infection with such a virus. Another scary thing is that some anti-virus programs, having encountered an ill-fated line at the end of a file, begin to immediately treat it. There is practically no chance that after such “treatment” a “disabled” person will work normally.

Another type of antivirus programs are virus blockers. They help limit the spread of the epidemic until the virus is destroyed. Almost all resident viruses determine the fact of their presence in the machine’s memory by causing some kind of software interrupt with “tricky” parameters. If you write a simple resident program that will simulate the presence of a virus in the computer’s memory, correctly “responding” to a certain password, then the virus will most likely consider this machine already infected.

Even if some files on the computer contain virus code, when using the blocker, all other files will not be infected. For such a program to work normally, it is necessary to launch the blocker before all other programs, for example, in the CONFIG.SYS file. But if the virus managed to infect COMMAND. COM or starts from the boot sector, then the antivirus blocker will not help.

It is very important to use alternative antivirus solutions. The antivirus scanners themselves and the protection settings in various applications do not provide adequate protection against malware. Antivirus scanners must be constantly updated, although rapidly spreading viruses can outpace these upgrades.

The only way avoid exposure to malicious software - block suspicious files on the firewall or email gateway. Many organizations now block all incoming attached files that have the following potentially dangerous extensions: EXE, CORN, SCR, NTA, NTO, ASF, CHM, SHS, PIE Others install even stricter filters, blocking files with the extensions ADE, ADP, BAS , BAT, CMD, CNT, CPL, CRT, CSS, HIP, INF, INS, ISP, JS, JSE, INK, MDB, MDE, MSC, MSI, MSP, MST, PCD, REG, SET, SHB, URI, VB , VBE, VBS, WSC, WSF, WSH.

One of the key questions that will face the detection systems industry over the coming years is whether customers will continue to buy these systems as stand-alone products or whether they will soon begin purchasing them bundled with network equipment such as routers, switches or local area devices. networks. The answer has not yet been found, but there is no doubt that detection systems network attacks, used today primarily by large organizations such as banks and federal agencies, will eventually find their way to a broader cross-section of corporate users.

When your computer is infected with a virus, it is important to detect it. To do this you need to know about main signs of viruses:

Termination of operation or incorrect operation of previously successfully functioning programs:
- slow work computer
- inability to load the operating system
- disappearance of files and directories or corruption of their contents
- changing the date and time of file modification
- changing file sizes
- unexpected significant increase in the number of files on the disk
- significant reduction in the size of the free RAM
- displaying unexpected messages or images on the screen
- submission of unforeseen sound signals
- frequent freezes and crashes in the computer

To protect against viruses you can use:

v general information protection tools, which are also useful as insurance against physical damage to disks, malfunctioning programs or erroneous user actions;

v preventive measures to reduce the likelihood of contracting the virus;

v specialized programs for protection against viruses.

General means information protection useful not only for protecting against viruses:

1. copying information - creating copies of files and system areas disks;
2. access control prevents unauthorized use of information, in particular, protection against changes to programs and data by viruses, malfunctioning programs and erroneous user actions.

Preventive measures

v Do not use questionable disks or other storage media

v Restrict access to program files by making them read-only when possible

v When working on a network, if possible, do not call programs from the memory of other computers.

v Store programs and data in disk archives and in various subdirectories of the hard drive.

v Do not copy programs for own needs from random copies.

v Be sure to have an antivirus program

Specialized programs for virus protection

Antivirus programs allow you to protect, detect and remove computer viruses. All specialized programs for virus protection can be divided into several types:

Ø detectors,

Ø doctors (phages),

Ø auditors,

Ø doctor-inspectors,

Ø filters and vaccines (immunizers).

DETECTOR PROGRAMS allow you to detect files infected with one of several known viruses. These programs check whether the files on specified by the user disk, a combination of bytes specific to a given virus. When it is detected in any file, a corresponding message is displayed on the screen. Many detectors have modes for curing or destroying infected files.

It should be emphasized that detector programs can only detect viruses that are “known” to them. Some detector programs can be configured for new types of viruses; they only need to indicate the byte combinations inherent in these viruses. However, it is impossible to develop such a program that could detect any previously unknown virus.

Thus, the fact that a program is not recognized by detectors as infected does not mean that it is healthy - it may contain some new virus or a slightly modified version of an old virus, unknown to detector programs.

Most detector programs have a “doctor” function, i.e. they attempt to return infected files or disk areas to their original state. Those files that could not be recovered are usually rendered inoperative or deleted.

Dr.Web the program was created in 1994 by I. A. Danilov and belongs to the class of doctor detectors, has a so-called “heuristic analyzer” - an algorithm that allows you to detect unknown viruses. "Healing web", as translated from English name program, became the response of domestic programmers to the invasion of self-modifying mutant viruses. The latter, when multiplying, modify their body so that not a single characteristic chain of bytes that was present in the original version of the virus remains.

This program is supported by the fact that a large license (for 2000 computers) was acquired by the Main Directorate of Information Resources under the President of the Russian Federation, and the second largest buyer of the “web” was Inkombank.

Aidstest - the program was invented in 1988 by D.N. Lozinsky and is a detector doctor. The Aidstest program is designed to fix programs infected with ordinary (non-polymorphic) viruses that do not change their code. This limitation is due to the fact that this program searches for viruses using identification codes. But at the same time, a very high speed of checking files is achieved.

AUDITORS have two stages of work. First, they remember information about the state of programs and system areas of disks (the boot sector and the sector with the hard disk partition table). It is assumed that at this moment programs and system disk areas are not infected. After this, using the auditor program, you can compare the state of programs and system disk areas with the original state at any time. Any discrepancies detected are reported to the user.

ADinf (Advanced Diskinfoscope) belongs to the class of audit programs. Thisthe program was created by D. Yu. Mostov in 1991.

Antivirus has high speed work, is able to successfully resist viruses located in memory. It allows you to control the disk by reading it sector by sector through the BIOS and without using DOS system interrupts, which can be intercepted by a virus.

To cure infected files, the ADinf Cure Module is used, which is not included in the ADinf package and is supplied separately. The principle of operation of the module is to save a small database describing controlled files. Working together, these programs can detect and remove about 97% of file viruses and 100% of viruses in boot sector. For example, the sensational SatanBug virus was easily detected, and files infected with it were automatically restored. Moreover, even those users who purchased ADinf and ADinf Cure Module several months before the appearance of this virus were able to get rid of it without difficulty.

AVP (Anti-Virus Protection) the program combines a detector, a doctor, and an auditor, and even has some resident filter functions (prohibiting writing to files with the READ ONLY attribute). An anti-virus kit, which is an extended version of the famous anti-virus kit "Doctor Kaspersky". While the program is running, it tests for unknown viruses. Also included is a resident program that tracks suspicious activities, performed on a computer, and allowing you to view the memory card. A special set of utilities helps to detect new viruses and understand them.

The antivirus can treat both known and unknown viruses, and the user himself can inform the program about how to treat the latter. In addition, AVP can treat self-modifying and Stealth viruses.

Norton Antivirus - antivirus package refers to “set it and forget it” type of tools. All necessary configuration parameters and scheduled activities (checking the disk, checking new and modified programs, running the Windows Auto-Protect utility, checking the boot sector of drive A: before rebooting) are installed by default. The disk scanning program is available for DOS and Windows. Among others, Norton AntiVirus detects and destroys even polymorphic viruses, and also successfully responds to virus-like activity and fights unknown viruses.

FILTERS or WATCHMAN or MONITORS, which are located resident in the computer’s RAM and intercept those calls to the operating system that are used by viruses to reproduce and cause harm, and report them to the user. The user can allow or deny the corresponding operation.

Some filter programs do not “catch” suspicious actions, but check the programs called for execution for viruses. This causes your computer to slow down.

However, the advantages of using filter programs are very significant - they allow you to detect many viruses at a very early stage, when the virus has not yet had time to multiply and spoil anything. This way you can reduce losses from the virus to a minimum.

VACCINES, or IMMUNIZERS, modify programs and disks in such a way that this does not affect the operation of the programs, but the virus against which the vaccination is performed considers these programs or disks to be already infected. These programs are extremely ineffective. Monitor potentially dangerous operations, giving the user an appropriate request to allow/prohibit the operation.

Flaws antivirus programs

Ø None of the existing antivirus technologies can provide full protection from viruses.

Ø The antivirus program takes away some of the computing power system resources, loading CPU And hard drive. This can be especially noticeable on weak computers. The background slowdown can be up to 380%.

Ø Antivirus programs can see a threat where there is none (false positives).

Ø Antivirus programs download updates from the Internet, thereby wasting bandwidth.

Ø Various methods encryption and malware packaging make even known viruses undetectable by antivirus software. Detecting these "disguised" viruses requires a powerful decompression engine that can decrypt files before scanning them. However, many antivirus programs do not have this feature and, as a result, it is often impossible to detect encrypted viruses.

There are a large number of paid and free antivirus programs. The following popular ones can be distinguished trademarks:

So, what is an antivirus? For some reason, many people believe that an antivirus can detect any virus, that is, by running an antivirus program, you can be absolutely sure of their reliability. This point of view is not entirely correct.

The fact is that an antivirus is also a program, of course written by a professional. But these programs are able to recognize and destroy only known viruses. That is, an antivirus against a specific virus can be written only if the programmer has at least one copy of this virus. So there is this endless war between the authors of viruses and antiviruses, although for some reason there are always more of the former in our country than the latter.

But the creators of antiviruses also have an advantage! The fact is that there are a large number of viruses, the algorithm of which is practically copied from the algorithm of other viruses. As a rule, such variations are created by unprofessional programmers who, for some reason, decided to write a virus. To combat such “copies”, a new weapon has been invented - heuristic analyzers. With their help, the antivirus is able to find similar analogues of known viruses, informing the user that he seems to have a virus. Naturally, the reliability of the heuristic analyzer is not 100%, but still its efficiency is greater than 0.5.

Thus, in this information war, as, indeed, in any other, the strongest remain. Viruses that are not recognized by antivirus detectors can only be written by the most experienced and qualified programmers.

1. Search malware priority task. In order for the program to cope with it better than other alternatives (even paid ones), we equipped it with 5 engines at once. Among them, the cloud 360 Cloud deserves special attention, removing unnecessary load from the system, Bitdefender, popular in the world, and the System Repair algorithm for restoring damaged data.
   This interaction allows 360 Total Security quickly find, contain and destroy any threat to your data.
2. Cleaning hard drives and the registry from junk files. Special add-ons allow you to find programs that you have not used for a long time. A powerful free antivirus starts a disk and registry scan with one click, after which the system boots and runs much faster.
3. Another reason to download powerful antivirus free updates. All subsequent versions will be available to our users under the same conditions as FREEWARE now. This means that, unlike licensed software, which requires annual investment, our

Antivirus programs: list best antiviruses below will help you keep your computer and digital life safe and sound.

Although this review focused on antiviruses for computers on Windows platform, many of them are also available on Apple Mac, smartphones and tablets. Depending on the needs of a particular user, he may purchase some products with less functionality at a lower price.

Antivirus programs: list of the best

Kaspersky Total Security 2016

Last Total version Security from Kaspersky Lab is available on PC and Mac, as well as on mobile devices on Android and iOS. In addition to powerful antivirus and anti-malware protection, this package offers features backup data and encryption, password manager and system cleanup function. Available free technical support by phone and chat.

Webroot Internet Security Complete 2016

Webroot Internet Security Complete 2016 offers comprehensive antivirus protection, system optimization, and remote control capabilities. Other offers are 25 GB disk space V cloud storage, device tracking, password manager and webcam spy protection. Available on PC, Mac and popular mobile devices.

Norton Security Deluxe

Price: RUB 1,799 (up to five devices)
norton.com

Norton Security Deluxe has protection against viruses and spyware, personal data and network transactions. Norton promises 100% virus protection, free support, an easy-to-use web dashboard where you can keep an eye on all your devices. The application is available on PC, Mac and mobile devices.

Avast Pro Antivirus 2016

Avast Pro Antivirus 2016 places suspicious files downloaded by the user in a “sandbox” until it is sure of their safety. In addition to the highest level of anti-virus protection, resistance to malware and spyware, protection is provided to connected peripheral devices such as printers and network drives. There is also a password keeper function safe work in the browser, intuitive interface. Avast Pro Antivirus 2016 is available on Windows.

McAfee 2016 Total Protection

McAfee 2016 Total Protection can be installed on Windows and Mac, Android and iOS. The package offers high level protection against viruses, spyware and malware, identity manager. The latter allows you to quickly and securely log into user accounts on websites. The package can be installed on an unlimited number of devices.

Bitdefender Total Security 2016

Price: $58.47 (up to three devices)
bitdefender.com

Bitdefender Total Security 2016 is only available on PCs and has little impact on the speed of the system on which it is installed. In addition to the usual set of antivirus, protection against malware and spyware, the application package has powerful tools against phishing and suspicious behavior on social networks. Bitdefender also protects computers from flash drives with dangerous content.