Novikov A

Novikov A.O.

National Research Irkutsk State Technical University

The Most Wide-spread Malicious Programs and the Best Virus and Spyware Protection

Unfortunately, the mainstream using of personal computers leaded to instance of virus quines, which damage computer’s work by destroying file system of disks and by injuring the information on computers. If a computer virus infilter to one computer, it will be able to spread on other computers. I would like to review the most dangerous of them and also to study the most effective methods of work and protection of them.

The computer virus is a program which can produce its shadow copy (and this copy may not be the same with original program) and place them to the area networks or/and files, system area of a computer and other operated objects. Moreover, copies save the capability to further spread.

The definition of “computer virus” is a historically significant question, because it is difficult to define a virus and to characterize qualities, which proper only to viruses, but not to other program system. Vice versa, defining a virus just as a program possessed certain properties, immediately we can find a virus, which does not have these properties.

Also there is the category of viruses, which use the mutation engine of a code. They are so named “polymorphic virus”. This virus use the encryption engine and the mutation engine. As a result, embed virus will be differ from the original, because one of the part will be changed and the other part will de encoded on the key. This key will be generated for this copy of the virus. It will compound a problem of malware detection essentially.

Polymorphic viruses are deep-laid viruses, which do not have patterns, i. e. they do not have non-alterable code area. In most cases two samples of one polymorphic virus will not have coincidences at all. We can find polymorphism in different types of viruses, such as file, load and macro virus.

Stealth viruses can hide their presence in the system and escape from antivirus program. These viruses can listen for an operating system’s question for reading/record of infected files. Moreover, they also can disinfect a file temporary or replace themselves with virusfree sections emulating cleanliness of infected files. If these viruses use stealth algorithm they can hide themselves in the system fully or partially.

The most popular method in macro viruses’ work is call restriction of on-view menu. One of the first files stealth viruses was the virus Frodo. The first load stealth virus was the virus Brain.

Viruses enter to a computer with infected files or the other objects (boot sector of a disk) and do not adjust on a process of entering (as contrasted with worms). Consequently the opportunities of entering define with possibilities of infection and there is no point to group viruses to lifecycle phase.

A worm (Internet worm) is a malicious program, which gets disseminated on network circuit and which can overcome security system of computer network itself and can create and reraise its copies (which may be not similar with the original).

By contrast with viruses, worms are own programs. The main specific feature of them is capability to self-replication. But at the same time they are able to independent expansion on network circuit. To accent this feature we can use the term “Internet worm”.

Worm’s lifecycle phase consists of several stages:

1. system penetration

2. enabling

3. searching the object to infect

4. initializing of copies

5. expansion of copies

Trojan Horse (Trojan) is a malicious program, which runs unauthorized transmission of computer management to off-site user and moves to deleting, modding, logging and passing information to the third person.

1. Trojan remote troubleshooting utilities are utilities of hidden control, which allow to get and to send files, to start or del them, to output messages, to cancel information and to reboot. On start Trojan setups itself in system and then spies upon the system. At the same time, a user will not get any massage about operations of Trojan in the system. As a result “the user” of this Trojan program cannot know about its presence in the system while his computer is open for remote assistance.

2. Trojan-spies act out espionage for the user of the infected computer, for example, keyboard command, screenshots, a list of active apps and user’s operations are saved in a file and are sent to a computer trespasser from time to time. This information is used for information pilfering from different online payments and bank accounts.

3. Adwares inline an advertisement to the main useful program and can act as Trojan.

Trojans change information of system registry of operating system. This system registry contains all information about a computer and installed software. For their cancelling it is necessary to reset a system registry, because the component, which resets the system registry, is a part of modern operating system.

We can use the next methods and resources for protection from computer viruses:

- common methods and resources of protection;

- particularized programs for protection from computer viruses;

- preventive actions, which allow to restrict a probability of virus infection.

Common resources of protection the information are useful not only for protection from viruses. They are used as a preventer from physical spoilage of disks, malfunction of programs or mistakes of a user.

There are two main groups of these resources:

- replications of information – are used for creating copies of files and system area of a disk

- access control – prevent data abuse, particularly, secure protection of changing programs and information by viruses, malfunction of programs or mistakes of a user.

There are several types of particularized programs for checking and protection of viruses. Such programs are called antivirus programs. Virtually all antivirus programs secure automatic restoration of infected programs and boot sectors. Antivirus programs use different methods of checking viruses.

The main methods of checking computer viruses are the next:

- template matching technique

- heuristic analysis

- antivirus monitoring

- error control method

- antivirus embedding to BIOS of a computer

Timely detection of infected files and disks, full purge of detected viruses on each computer allow to avoid spreading of malware outbreak to the other computers. There are not absolutely reliable programs, which assure to detect and purge any viruses. One of the important methods of controlling with computer viruses is early prophylaxis. To restrict probability of virus infliction and provide safe storage of information on disks it is necessary to do the next measures:

- to use only licensed software;

- to tool up your computer modern antivirus programs, such as Avast, Kaspersky, Dr.Web and update them constantly;

- before reading the information from other data storage devices to scan these devices for malware, using antivirus programs;

- in the mail to your computer archived files to scan them just after their archive extraction on hard disk, limiting the checking area with new files;

- at times to scan hard disks for malware, using antivirus programs on detachable disks tor testing files, storage and system disk areas. Also you should load operating system from detachable disks preliminary;

- always protect your data storage devices from writing if you will not write information on them, when you work on other computers.

Reference list:

1. A.V. Mikhailov. Computer viruses and their control. Ed. DMK Press, 2011.-104 p .: ill.

2. Information security and data protection: textbook / V.I. Gluhih; Irkutsk Technical University. - Irkutsk: Publishing House of the Irkutsk Technical University, 2012. - 244 p.

3. Electronic resource. Access: http: //www.voloshin- sb.ru/Portals/0/Download/Secur-IS-4grade/Lec-07.pdf.