often hear some "more professional" IT staff said, "Users installed anti-virus software is no problem, but a little anti-virus concept is not, I think this will not Poisoning?"
If you don't want to be poisoned, it's more important to learn more about how the virus works and how to protect it. Here, I hope that for the computer users of general enterprises, we can provide some "anti-virus concepts" that are sufficient. Maybe you can't "guarantee" anything, but at least you can have a general understanding of what's happening on your computer!
Smart and fragile boot program
The computer must be turned on first, from open The power is always loaded until the operating system is loaded. This is commonly known as the "boot program." Since most viruses try to make themselves part of the "boot program" (for parasitism and infection), you must first know what steps the entire program has:
1. Power on, if everything is normal, then Next step
2. BiOS (Basic Input/Output System) performs routine boot check and then takes over the boot program with the default storage device
3. According to industry-recognized specifications, The boot device (usually the hard disk drive) starts the software boot process, and loads the core and driver of the operating system in sequence...
4. After the kernel of the operating system is loaded, it can also be loaded according to the settings. The various resident programs specified by the person (antivirus software, IM software...)
In each of the above startup programs, moving from this step to the next step will leave a "hook point". For example, the BiOS system on the motherboard should execute the boot program of the storage medium. It will execute the boot command from a fixed location. Where is this fixed location? We don't need to know it, but this location is definitely a public specification.
So, the person who writes the operating system knows where the storage media is powered on. The person who writes the disk maintenance program also knows that the person who writes the tool program knows, and the person who writes the virus... of course, I know, so there is The so-called "boot-type virus."
However, this kind of "boot-up virus" is very rare, mainly because the operating system loaded after booting is quite large and complicated, and it is difficult for such viruses to be able to be operated under such complicated boot conditions. working normally. Most of the current viruses are mostly destroyed in the operating system.
There is no possibility of booting up...
Whether it is Windows, Mac OS, Linux or BSD, the initial loading of the operating system consists of delicate sequential steps, one after the other. A ring. The operating system usually has to set the operating mode of the processor, load the system core, driver and drawing interface, then load the resident program, and finally hand over the usage rights to the user. If this series of "exquisite" but also "fragile" process has a little mistake, the system can not load, the user will say "ah, this computer is hung up /crashed /can not open /died... All kinds of arguments are different:
● The driver has a problem
● The core program has a problem
● The disk that stores the OS core program has a problem
● The user's resident program has a problem
As long as there is a small link error, the operating system may not load properly - fortunately this situation does not happen often.
So far, the above concepts seem to be very simple?
Please introduce the concept of "memory"
No matter which operating system, after the boot process is completed, the user will You can execute a variety of application software. For example, you can execute a browser, a word processor, a movie player... The specific behavior is to use the mouse on the icon of the application, press the left mouse button twice, yes, It’s such an "easy".
It’s just what most people often forget: there’s a computer An important "component" is called "memory." When the user presses the power supply and executes the boot process, an important step of the program is to load the core of the operating system "from the storage medium into the memory." >
After the kernel of the operating system is loaded into the memory, according to the design of the developer, it will constantly maintain the normal operation of its core and user applications. This process is as delicate and fragile. In addition, because the program is "People" wrote that if the person who wrote the program "scrambled" (whether intentional or unintentional), the application may cause the operating system core program to be destroyed and cause a crash.
As for the virus? ?
The virus will want to have the following capabilities:
● Resident in memory, disguising yourself as part of the operating system
● In the process of camouflage, most So that no one, any software can find it
● Try not to interfere with the operation of the original program, so as not to be aware of it
● Use your own methods to put yourself (virus) Attached to someone else (other computer)
● If necessary, you can do something useful (or fun) for the author, including stealing money and causing damage...
Executable files
> Well, if the virus wants to hide itself in memory, first it has to let you "execute" it.
The question is, who will be stupid to execute the virus - if the virus says on the forehead" I am a virus, come and do it, and execute me." Then will you touch it? It will not be!
So, the writer of the virus will try to find out and let the user know what to do. In the sense of execution, in order to achieve the purpose of "infection".
So, "executable file", has become the main target of most viruses "parasitic".
The so-called executable file is what we call "program", "software", usually such software is also composed of one (or several) files. As mentioned above, the software has to be loaded into the memory to be executed and used by the user. Therefore, the author of the software will use the development tool to compile the "original program" into an "executable file" and then ship it to the user. Users can perform it.
Previously, executable files were only fixed in several formats: the extensions were .COM, .EXE, .BAT, which are executable files. In the Windows 7 era, this has not changed. However, Windows later introduced a number of "rare" executable file formats. For example, .DLL is a "dynamic link library", it is also an executable file that must be attached to the main program; SCR is a screen saver, it is also a special function executable file; MSI (Windows Installer Package) is usually found in the "installer", but ... it is also an executable file; some narrative files, such as .VBS, .JS..., are also executable files.
There is a list of extensions for "executable files". Be careful when you see such extensions, and harmful things may be hidden in them.
Execution is the most dangerous thing
The problem is that Windows defaults to hide the extension of the file it recognizes, so, to be honest, you don't know what you are doing.
It doesn't matter, you just have to imagine: when you double-click the left mouse button on an icon - you must be doing something.
When doing something - you must remember: This is the "Red Flag" signal that users "must pay attention to". If there is something you must be alert to, besides the "someone asks you for a password", the other thing is this.
So, you must remember:
"Be careful when performing a trick."
It's that simple.
Because many viruses will be attached to the executable file, you will be poisoned as soon as you execute it. Not only that, but before the poisoned computers are cleaned, they will continue to infect the files on the computer, send out virus letters, or infect other files on the server... and the virus will modify the system settings to allow users The clean-up work of "even if it is found to be wrong" has become difficult - sometimes almost impossible.
So, sometimes, a poisoned computer has to be reloaded completely, because all executable files are infected and cannot be recovered.
Internet is the "gate of hell"
But, I am afraid there is something really hard to prevent - that is the web page!
When you use the browser to connect to any A web page, to be honest... the door to hell is open. Because web pages allow you to do a lot of things, perform a lot of functions -- and mostly auto and you don't know. Normal web pages certainly won't make you or poison you... But the abnormal webpages are actually quite awkward!
In fact, you must know that the browser itself is an "executor" It is itself a tool designed to "use a variety of functions." Not only that, but the operating system still has the so-called "compatibility" problem, but the browser itself is designed to be called "cross-platform". It is best that all browsers have the same capabilities so that web developers can write A feature -- that can be used by all users around the world -- gosh! Reality of the world is no different. However, this also gives web virus writers a chance to do it... Is there any way to make these virus writers more trouble-free? Of course, write a cross-platform universal virus!
Page class There are many forms of viruses, some of which use the so-called "narration" (JavaScript) to constantly bounce annoying windows, some will secretly put the virus on your computer, and some will directly perform some damn actions... and honestly This kind of problem is more troublesome than executable file poisoning because the user simply can't know.
So, anti-virus software (or so-called Internet Security) is extremely important in this case.
The method of not letting the virus be executed
So, can we prevent the flow of the virus by the user's care? We systematically think about it, under each link, we What can be done, there are some common "anti-blocking methods" enumeration:
● Each program must undergo some kind of authentication
In order not to let the user execute it, it should not be executed. The dirty things, so the operating system vendor stipulates that "every program you perform must be checked." Oh, do you think it's funny? No, the iPhone is like this - although it doesn't mean to be anti-virus, but the closed system is quite safe - because all software shelves are subject to Apple approval.
● Every program (as long as it is considered dangerous) users must agree to execute
Windows Vista/7 has a UAC, just judge your program is dangerous and jump Come out and ask you to "ok", this will make the virus "more difficult to infect you", but the average person has not been affected by it, may be angry to turn off this feature first. But to be fair, it is necessary to prevent poisoning. This is also a necessary evil.
● Install anti-virus software
Anti-virus software should be able to prevent executable file viruses, and firewall software should "protect against attacks from inside and outside the Internet, and you don't say" I don't mess with dirty things. I don't need anti-virus software." Best of all, you better not go online. Some network worms simply use the so-called "vulnerabilities" to drill directly into the memory of your computer, and then your network connection is automatically paralyzed. Even if you don't do anything, you will have the possibility of poisoning. So be sure to use anti-virus software - whether it's a free version or a paid version.
● Execute any "executable" things, you pay more attention to it
Several, many people mess with the program - and carry it to the virus, which is the most lethal problem - ─ Why? Because this is “you do it yourself”, so the virus can definitely do whatever it wants, it will replace the system registration file, stealth into the depths of the computer hard drive, infect all kinds of important files... The result is "light reloading, heavy death", so this is not necessarily the "single principle", but it is indeed the most important principle that the average user should know.
In Windows 7, why does ADSL automatically disconnect when it is idle for a while?
The power management features that come with the Win7 system are believed to be known to use power p
Multimedia Entertainment Center Windows Media Center (WMC) is a multimedia application that provides
Todays Xiaobian found a more interesting Win7 trick, changing the less-used Library icon button on t
Win7 system score appears "can not measure video playback performance" solution
Using the script task to complete the win7 automatic dialing
Windows 7 Tips: 6 Problems with XP Mode
Why do black screens and solutions when starting Windows 7
Remove 100MB hidden partition created by Windows 7
HP QC does not work properly under Windows 7
Experts put common software into Win7 taskbar
Practical Powershell commands for Windows 7 systems
What if the Win7 audio service is not running?
Let Win 7 fly Reasonable use of Win7 features
How to prohibit win10 automatic update driver
Win7 enable internet connection sharing error null how to do?
Win7 boot prompt password has expired processing skills
In addition to Thunder look MMCSS will also let Windows 7 card
Windows8 Ctrl+Shift can't switch input method how to do
DIY batch file Registry modification takes effect immediately
Windows8 installation full map tour and Win8 installation tutorial! (7)