Windows7 system to prevent virus intrusion (a)

  
        

The disease is from the mouth, saying that a thousand and ten thousand, whether it is poisoned, is not whether you have installed anti-virus software, but the habit of using your computer.

Often I heard some "more professional" IT staff said, "Users have installed anti-virus software, but there is no concept of anti-virus, do you think it will not be poisoned?"

If you don't want to be poisoned, it's more important to learn more about how the virus works and how to protect it. Here, I hope that for the computer users of general enterprises, we can provide some "anti-virus concepts" that are sufficient. Maybe you can't "guarantee" anything, but at least you can have a general understanding of what happens on your computer!

Fine and fragile boot program

The computer must be turned on first, from the power on until the operating system is loaded. This is commonly known as the "boot program". Since most viruses try to make themselves part of the "boot program" (for parasitism and infection), you must first know what steps the entire program has:

1. Power on, if everything is working properly, then Next Step

2. BIOS (Basic Input/Output System) performs routine boot check and then takes over the boot program with the default storage device

3.According to industry-recognized specifications, pre- The boot device (usually the hard disk drive) starts the software boot process, and loads the core of the operating system and the driver in sequence.

4. After the kernel of the operating system is loaded, it can also be loaded according to the settings. The various resident programs specified by the person (anti-virus software, IM software...) In each of the above-mentioned boot programs, moving from this step to the next step will leave a "hook point". For example, the BIOS system on the motherboard should execute the boot process of the storage medium, and it will execute the boot command from a fixed location. Where is this fixed location? We don't need to know most people, but this position is definitely a public specification.

So, the person who writes the operating system knows where the storage media is powered on, and the person who writes the disk maintenance program knows that the person who writes the tool program knows, and the person who writes the virus... of course knows, so there is The so-called "boot-type virus." However, modern "boot-type viruses" are rare, mainly because the operating system loaded after booting is quite large and complex, and it is difficult for such viruses to operate normally under such complicated boot conditions. Most of the current viruses are mostly destroyed in the operating system. The possibility of not booting is...

Whether it is Windows, MacOS, Linux or BSD, the initial loading of the operating system consists of elaborate sequential steps, one after the other. The operating system usually has to set the operating mode of the processor, load the system core, driver and drawing interface, then load the resident program, and finally hand over the usage rights to the user.

If this series of "exquisite" but "fragile" process has a little mistake, the system can not load, the user will say "ah, this computer is hung up /crashed /can not open /Dead... All sorts of sayings: The driver has a problem. The core program has a problem. The disk that stores the OS core program has a problem. The user's resident program has a problem. As long as there is a small link error, It may make the operating system not load properly - fortunately this situation does not happen often. So far, the above concept seems to be very simple? Please introduce the concept of "memory" no matter which operating system, etc. after the boot process is completed The user can execute various application software. For example, you can execute a browser, a word processing program, a movie player, etc. The specific behavior is to use the mouse on the icon of the application, and continuously press the left mouse button twice. Yes, that's the "easy".

It's just what most people often forget: there is a very important "component" in the computer called "memory" When the user presses the power supply and executes the boot process, an important step of the program is to load the core of the operating system from the storage medium into the memory. After the core of the operating system is loaded into the memory, according to the developer's Design, will continue to maintain the normal operation of its core and user applications, this process is equally delicate and fragile. In addition, (computer knowledge network www.pc6c.com) because the program is written by "people", if it is written The program person "scrambles" (either intentionally or unintentionally), the application may cause the operating system kernel program to be destroyed and cause a crash. As for the virus?

The virus will hope that it can have the following Ability: Resident in memory, disguising yourself as part of the operating system camouflage process, preferably


Let no one, any software find out as much as possible not to interfere with the operation of the original program, lest you Be aware of using as many methods as possible to attach yourself (virus) to someone else (other computer), if necessary, Do something useful (or fun) for the author, including stealing money and causing damage...

Executable files are more

good, if the virus wants to hide itself in memory First, it has to let you "execute" it. The question is, who will be stupid to execute the virus - if the virus's forehead says "I am a virus, come and squat, execute me", then you will go Touch it? It will not be! So, the writer of the virus will find ways to let the user unconsciously execute it to achieve the purpose of "infection". Therefore, the "executable file" becomes Most of the main targets of the virus "parasitic".

The so-called executable file is what we call "program", "software", usually this kind of software is also composed of one (or several) files. As mentioned above, the software has to be loaded into the memory to be executed and used by the user. Therefore, the author of the software will use the development tool to compile the "original program" into an "executable file" and then ship it to the user. Allow users to perform it.

Before, the executable file only had several fixed formats: the extensions were .COM, .EXE, .BAT, which are executable files. In the era of Windows 7, this has not changed. However, Windows later introduced a number of "rare" executable file formats. For example, .DLL is a "dynamic link library", it is also an executable file that must be attached to the main program; SCR is a screen saver, it is also a special function executable file; MSI (Windows InstallerPackage) is usually found in the "installer", but ... it is also an executable file; some narrative files, such as .VBS, .JS..., are also executable files.

There is a list of extensions for "executable files". Be careful when you see such extensions, and harmful things may be hidden in them.

Copyright © Windows knowledge All Rights Reserved