One of the conditions for safe work in the information system is the user's compliance with a number of rules that have been tested in practice and have shown their high efficiency. There are several of them:
- Use of software products obtained by legal official means. The likelihood of a virus in a pirated copy is many times higher than in officially obtained software.
- Duplication of information. First of all, it is necessary to save the distribution media of the software. In this case, writing to media that allow this operation should be blocked, if possible. Special care should be taken to preserve working information. It is preferable to regularly create copies of work files on removable machine storage media with write protection. Either the entire file is copied, or only the changes you make. The latter option is applicable, for example, when working with databases.
- Regular system software updates. The operating system must be regularly updated and all security patches from Microsoft and other vendors must be installed to address existing software vulnerabilities.
- Restricting user access to operating system settings and system data. To ensure the stable operation of the system, it is quite often required to limit the capabilities of users, which can be done either using the built-in Windows tools or using specialized programs designed to control access to the computer.
In corporate networks, it is possible to apply group policies in the Windows domain network.
- For the most efficient use of network resources, it is necessary to impose restrictions on the access of authorized users to internal and external network resources and block the access of unauthorized users.
- Regular use of antivirus tools. Before starting work, it is advisable to run scanners and audit programs. The anti-virus databases must be regularly updated. In addition, it is necessary to carry out anti-virus control of network traffic.
- Protection against network intrusions is provided by the use of software and hardware, including: the use of firewalls, intrusion detection / prevention systems IDS / IPS (Intrusion Detection / Prevention System), implementation of VPN (Virtual Private Network) technologies.
- Application of means of authentication and cryptography - use of passwords (simple / complex / non-repeatable) and encryption methods. It is not recommended to use the same password on different resources and disclose information about passwords. When writing a password on sites, you should be especially careful not to allow your password to be entered on a fraudulent twin site.
- Special care should be taken when using new (unknown) removable media and new files. New removable media must be checked for boot and file viruses, and received files for file viruses. When working in distributed systems or in systems of shared use, it is advisable to check new removable media and files entered into the system on computers specially designated for this purpose that are not connected to the local network. Only after a comprehensive anti-virus scan of disks and files can they be transferred to system users.
- When working with documents and tables received (for example, by e-mail), it is advisable to prohibit the execution of macros by means of built-in text and spreadsheet editors (MS Word, MS Excel), until the complete scan of these files is completed.
- If you do not intend to write information to external media, then you must block the execution of this operation, for example, by programmatically disabling the USB ports.
- When working with shared resources in open networks (for example, the Internet), use only trusted network resources that do not contain malicious content. Do not trust all information that comes to your computer - emails, links to Web sites, messages to Internet pagers. It is strongly discouraged to open files and links coming from an unknown source.
Constant adherence to these recommendations can significantly reduce the likelihood of infection with software viruses and protect the user from irrecoverable loss of information. However, even with scrupulous implementation of all prevention rules, the possibility of infecting a PC with computer viruses cannot be completely ruled out, therefore, methods and means of countering malware must be constantly improved and maintained in working order.
Antivirus information protection
The massive distribution of malicious software, the severity of the consequences of its impact on information systems and networks have necessitated the development and use of special antivirus tools and methods of their application.
It should be noted that there are no anti-virus tools that guarantee the detection of all possible virus programs.
Antivirus tools are used to solve the following tasks:
- detection of malware in information systems;
- blocking the work of malware;
- elimination of the consequences of exposure to malware.
It is advisable to detect malware at the stage of its introduction into the system, or at least before it begins to carry out destructive actions. If such software or its activity is detected, it is necessary to immediately stop the operation of the virus program in order to minimize the damage from its impact on the system.
Elimination of the consequences of exposure to viruses is carried out in two directions:
- removal of viruses;
- restoration (if necessary) of files, memory areas.
The procedure for removing detected malicious code from an infected system must be performed very carefully. Viruses and Trojans often take special actions to hide the fact of their presence in the system, or are embedded in it so deeply that the task of destroying it becomes rather nontrivial.
System recovery depends on the type of virus, as well as on the time of its detection in relation to the beginning of destructive actions. In the event that a virus program is already running in the system and its activity involves changing or deleting data, restoring information (especially if it is not duplicated) may be impracticable. a certain sequence and combination, forming methods of protection against malware.
The following methods of detecting viruses are known, which are actively used by modern antivirus tools:
- scanning;
- detection of changes;
- heuristic analysis;
- the use of resident watchmen;
- use of software and hardware protection against viruses.
Scanning- one of the simplest methods of detecting viruses, carried out by a scanner program that scans files in search of an identifying part of the virus - signatures... A signature is understood as a unique sequence of bytes belonging to a specific virus and not found in other programs.
The program detects the presence of already known viruses for which a signature has been defined. For antivirus programs that use the scanning method to be effective, it is necessary to regularly update information about new viruses.
Method change detection based on the use of auditor programs that monitor changes in files and disk sectors on the computer. Any virus in some way changes the data system on the disk. For example, the boot sector may change, a new executable file may appear or an existing one may change, etc.
As a rule, anti-virus program-auditors determine and store in special files images of the master boot record, boot sectors of logical disks, characteristics of all monitored files, directories and numbers of defective disk clusters. Periodically, the auditor checks the current state of the disk areas and the file system, compares it with the previous state, and immediately reports any suspicious changes.
The main advantage of the method is the ability to detect viruses of all types, as well as new unknown viruses.
This method also has disadvantages. It is impossible to detect a virus in files that enter the system already infected with the help of auditor programs. Viruses will only be detected after multiplying in the system.
Heuristic analysis, like the change detection method, allows you to identify unknown viruses, but does not require preliminary collection, processing and storage of information about the file system.
Heuristic analysis in antivirus programs is based on signatures and a heuristic algorithm, designed to improve the ability of scanners to apply signatures and recognize modified versions of viruses in cases where the code of an unknown program does not completely match the signature, but more general signs of a virus are clearly expressed in a suspicious program, or his behavioral model. If such codes are found, a message about possible infection is displayed. After receiving such messages, you must carefully check the allegedly infected files and boot sectors with all available anti-virus tools.
The disadvantage of this method is a large number of false positives by antivirus tools in cases where a legal program contains fragments of code that perform actions and / or sequences typical of some viruses.
Method using resident watchmen based on the use of programs that are constantly in the RAM of the device (computer) and monitor all actions performed by other programs. If a program performs suspicious actions typical of viruses (access to boot sectors for writing, placing resident modules in RAM, attempts to intercept interrupts, etc.), the resident watchdog issues a message to the user.
The use of antivirus programs with a resident watchdog reduces the likelihood of viruses running on the computer, but it should be borne in mind that the constant use of RAM resources for resident programs reduces the amount of memory available for other programs.
Today, one of the most reliable mechanisms for protecting information systems and networks are software and hardware, as a rule, include not only anti-virus systems, but also provide additional services. This topic is discussed in detail in the section "Software and hardware for ensuring the security of information networks".
Organization of computer security and information protection
Information is one of the most valuable resources of any company, therefore ensuring the protection of information is one of the most important and priority tasks.
The security of an information system is a property that consists in the ability of a system to ensure its normal functioning, that is, to ensure the integrity and secrecy of information. To ensure the integrity and confidentiality of information, it is necessary to protect information from accidental destruction or unauthorized access to it.
Integrity means the impossibility of unauthorized or accidental destruction, as well as modification of information. Under the confidentiality of information - the impossibility of leakage and unauthorized seizure of stored, transmitted or received information.
The following sources of threats to the security of information systems are known:
In turn, anthropogenic sources of threats are divided:
There are many possible directions of information leakage and ways of unauthorized access to it in systems and networks:
To ensure the security of information systems, information protection systems are used, which are a set of organizational and technological measures, software and hardware tools and legal norms aimed at countering sources of threats to information security.
An integrated approach integrates threat mitigation techniques to create a systems security architecture. It should be noted that any information protection system is not completely secure. You always have to choose between the level of protection and the efficiency of information systems.
The means of protecting IP information from the actions of subjects include:
Means of protecting information from unauthorized access
Gaining access to the resources of the information system involves the implementation of three procedures: identification, authentication and authorization.Identification is the assignment of unique names and codes (identifiers) to a user (object or subject of resources).
Authentication - establishing the identity of the user who submitted the identifier or verifying that the person or device that provided the identifier is indeed who it claims to be. The most common way to authenticate is to assign a password to the user and store it on the computer.
Authorization - checking the authority or checking the user's right to access specific resources and perform certain operations on them. Authorization is carried out in order to differentiate access rights to network and computer resources.
Information protection in computer networks
Local networks of enterprises are very often connected to the Internet. To protect local networks of companies, as a rule, firewalls are used - firewalls. A screen (firewall) is an access control tool that allows you to divide the network into two parts (the border runs between the local network and the Internet) and form a set of rules that determine the conditions for the passage of packets from one part to another. Screens can be implemented both in hardware and software.Cryptographic information protection
To ensure the secrecy of information, its encryption or cryptography is used. For encryption, an algorithm or device is used that implements a specific algorithm. The encryption is controlled by a variable key code.The encrypted information can only be retrieved using a key. Cryptography is a very effective technique that increases the security of data transmission over computer networks and when exchanging information between remote computers.
Electronic digital signature
To exclude the possibility of modifying the original message or replacing this message with others, it is necessary to send the message along with an electronic signature. An electronic digital signature is a sequence of characters obtained as a result of cryptographic transformation of the original message using a private key and allows you to determine the integrity of the message and its identity with the author using the public key.In other words, a message encrypted with a private key is called an electronic digital signature. The sender transmits the unencrypted message in its original form along with a digital signature. The recipient uses the public key to decrypt the message's character set from the digital signature and compares it to the unencrypted message's character set.
With a complete match of characters, it can be argued that the received message is not modified and belongs to its author.
Information protection from computer viruses
A computer virus is a small malicious program that can independently create copies of itself and inject them into programs (executable files), documents, boot sectors of storage media and spread through communication channels.Depending on the habitat, the main types of computer viruses are:
Removable media and telecommunications systems can be sources of virus infection. The most effective and popular antivirus programs include: Kaspersky Anti-Virus 7.0, AVAST, Norton AntiVirus and many others.
To infect the system with a virus, it is necessary to have communication channels with other computers. Moreover, the more of them and the less protected they are, the higher the likelihood of infection. Thus, the architecture of the anti-virus protection system strongly depends on the function of the computer in question, namely on the communication channels it has with the outside world. Since it was precisely for these characteristics that the division of the network into segments was introduced above, it is convenient to highlight the corresponding levels of anti-virus protection:
- Mail server protection level
- Gateway security level
In this classification, each mail server can be simultaneously installed programs that implement the protection level of workstations and network servers and programs related to the protection level of mail servers 2 This is because the mail server, in addition to performing the functions of processing mail, is also an ordinary computer on the network. It usually refers to servers, not workstations, since most server mailers require a server operating system to be installed. The situation is similar with gateways - software the level of workstations and network servers; and the level of protection of gateways.
Protection level of workstations and network servers
The level of protection for workstations and network servers is the most extensive. It covers all computers on the local network and serves as the very last stronghold on the path of malware penetration. Even if somewhere in the anti-virus protection system there was a puncture and one machine nevertheless turned out to be infected, the anti-virus programs installed on the other computers should prevent the further spread of the epidemic over the network. At this level, anti-virus complexes are used to protect workstations and network servers.
Protection of workstations and network servers is primarily responsible for the cleanliness of the file system of each of the computers on the network. Consequently, it must necessarily contain a constant scan as a mechanism to prevent viruses from infecting the system, an on-demand scan - a procedure for thoroughly revising the machine in question and neutralizing malicious programs that have penetrated it, and a module for keeping virus signatures up to date. Additionally, for workstations, a requirement is imposed on the presence of procedures for checking mail messages.
In terms of anti-virus protection, the workstations considered here differ from home computers in the first place. antivirus security policy that is accepted by the organization that owns the network and is binding on all users. A common practice is the introduction of a separate position of the system administrator, who is obliged to monitor the state of computer equipment. At the same time, other users often do not have the right to access a number of programs critical for the functioning of the network, even if they are installed on their computer. Antivirus security software is one of those.
The presence of tens, hundreds, and sometimes thousands of computers united into one local network requires considerable expenses for the administration of each of them. In order to be able to do this for a relatively small group of administrators, various special programs and utilities are used for centralized remote management. With their help, the administrator can simultaneously manage and configure programs on remote computers and other network elements subordinate to him without getting up from behind his computer.
Consequently, an additional requirement is imposed on the anti-virus complex for protecting workstations and network servers - the presence in its composition of a software tool for remote centralized management of local applications.
Mail protection level
Email protection is the second step in network anti-virus protection. It serves to reduce the load and increase the reliability of the protection system for workstations and network servers. Additionally, anti-virus scanning of mail, namely outgoing mail, in the event of a single virus incident within the network, will serve as a barrier to the spread of this virus to other external computers. The protection system of this level uses a complex to protect mail systems.
In general, a mail server is a computer on which a mail processing program is installed and is running successfully. The mail server belongs to the server group, not to workstations. This is due to the fact that its main purpose is to ensure the operation of the mail system, and not in solving local applied problems. Thus, the mail server is actually a repository of information (emails) for other network users.
Mail program or message forwarding agent 3 In the literature, the English term MTA is sometimes used - an abbreviation from English. Mail Transfer Agent carries out the transfer of emails from one computer to another. This usually happens in the following sequence: the sender's computer, which is located on the internal network, contacts the mail program on the server and forwards the letter to it. Further, the mail server extracts the recipient's address from the letter and makes further redirection - to the Internet or back to the local network to another user from it. The reverse forwarding happens in a similar way: the server receives a letter from the outside, addressed to a user who has a mailbox on it. After that, through his mail agent, the user is notified that a new message has appeared in his mailbox. If he wants to receive it, the mail agent contacts the server and copies the message files to the user's machine. Thus, a queue of not yet sent and not yet received letters is formed on the server, and incoming correspondence is fully or partially stored.
Therefore, anti-virus scanning should include both scanning of all streams passing through the mailer and the storage of emails.
Therefore, an anti-virus package for protecting mail should contain:
- Real-time anti-virus scanning of correspondence passing through the mail system
- Real-time anti-virus scanning of files requested by users from their mailboxes
- On-demand anti-virus scan for mail format files stored on the server, namely information in user mailboxes
- Tool for updating anti-virus databases
Gateway security level
In most cases, gateway-level anti-virus protection plays a supporting role in the overall anti-virus security system of the network. This is because the task of such an antivirus complex is only to check information coming from outside for the presence of malicious programs. However, even if a virus penetrates the gateway, it will not be able to infect any computer: it will be intercepted by the antivirus on the local machine, and in the case of an infected mail message, it will be stopped on the mail server.
However, such a scenario is realized only if the network anti-virus protection system is working properly and without interruption, in particular at the level of protection of workstations and network servers. In practice, failures are common. Moreover, the larger the local network, the more likely it is that such an incident can happen. Despite the fact that the distributed protection system of workstations and network servers will in any case prevent such a virus from spreading further along the network and it will be localized on one infected machine, this is still not very good, because very important documents can also be stored on it. and in the absence of gateway protection, the virus can, for example, perform unauthorized mailing or allow an attacker to steal confidential information.
Therefore, the anti-virus protection of the gateway can significantly increase the reliability of the anti-virus protection in general.
Additionally, in the event of a virus outbreak on the Internet, it is the gateway protection system that will react and notify the administrator first, which will allow him to promptly take measures to increase the level of protection, for example, to carry out an urgent emergency update of the anti-virus databases or even disconnect certain especially important or secret computers from the network.
By definition, a gateway is a computer with an installed program that implements a mechanism for transferring data from one network to another. Usually, this means the transition from a local network to the Internet, and all computers on the network, with rare justified exceptions, communicate with the Internet only through a gateway.
The main functionality of the gateway is to transfer requests from one segment to another. For example, if an internal user needs to download information from an external website, he sends a request to the gateway, which, based on this data, requests a remote web server, receives the required information from it, and transmits it to the user. The gateway can also work in the opposite direction - when the website is inside the local network, and the request comes from an external user. In the case of corporate e-mail, the mail server acts as the user.
Similarly to mail protection, at the gateway protection level, an anti-virus complex is used to protect the gateways. He is responsible only for checking the data passing through it, and the complex for protecting network servers is responsible for the cleanliness of the file system. Therefore, a software package for protecting gateways should contain only filters for flows passing through it. This is usually HTTP 4 HTTP (from the English Hypertext Transfer Protocol) is a standard that defines an algorithm for transferring information in various formats. This is the most widely used protocol today, FTP 5 FTP (from the English. File Transfer Protocol) defines the mechanism for transferring files in computer networks. FTP is one of the oldest protocols, it was proposed in 1971, while HTTP only in 1990 and SMTP 6 SMTP (Simple Mail Transfer Protocol) is a network protocol for transferring electronic messages.
Plan:
Introduction …………………………………………………………………….… ..3
Scanners ………………………………………………………….… 6
CRC scanners ……………………………………………… ..… ..7
Blockers …………………………………………………… ..8
Immunizers ………………………………. ………………….… 9
The concept of anti-virus information protection ... ... ... ... ... ... 5
Classification of antivirus programs …………………… ... …… .6
The main functions of the most common antiviruses ... ..10
Dr. Web ……………………………………… ...… 10
Kaspersky Anti-Virus …………………………………… ... 10
Antiviral Toolkit Pro ……………………………… 12
Norton AntiVirus 2000 ………………………………………… 13
Conclusion ……………………………………………………………………… .15
List of used literature …………………………………………… ... 16
Introduction.
Information security means are a set of engineering, electrical, electronic, optical and other devices and devices, devices and technical systems, as well as other proprietary elements used to solve various problems of information protection, including preventing leakage and ensuring the security of the protected information.
In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:
Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They either prevent physical penetration, or, if the penetration did take place, access to information, including by masking it. The first part of the problem is solved by locks, window bars, watchmen, security alarms, etc. The second is by noise generators, power filters, scanning radios and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost;
Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware);
Mixed hardware / software implements the same functions as hardware and software separately and has intermediate properties;
Organizational means consist of organizational and technical (preparation of rooms with computers, laying of a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly respond to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.
In my work, I will consider one of the information security software - anti-virus programs. So, the purpose of my work is to analyze antivirus information protection tools. Achievement of this goal is mediated by the solution of the following tasks:
Study of the concept of anti-virus information protection;
Consideration of the classification of anti-virus information protection tools;
Familiarization with the main functions of the most popular antiviruses.
The concept of anti-virus information protection.
Antivirus program (antivirus) - a program for detecting computer viruses, as well as unwanted (considered malicious) programs in general, and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system with malicious code (for example , by vaccination).
Antivirus software consists of routines that try to detect, prevent, and remove computer viruses and other malicious software.
Classification of antivirus programs.
Antivirus programs are most effective in the fight against computer viruses. However, I would like to note right away that there are no antiviruses that guarantee one hundred percent protection against viruses, and statements about the existence of such systems can be regarded as either unfair advertising or unprofessionalism. Such systems do not exist, since you can always offer a counter-algorithm of a virus invisible to this antivirus for any anti-virus algorithm (the opposite, fortunately, is also true: you can always create an anti-virus for any virus algorithm).
The most popular and effective antivirus programs are virus scanners (other names: phage, polyphage, doctor program). They are followed by CRC scanners in terms of efficiency and popularity (also: auditor, checksumer, integrity checker). Often times, both of these methods are combined into one universal anti-virus program, which significantly increases its power. Various types of blockers and immunizers are also used.
2.1 Scanners.
The principle of operation of antivirus scanners is based on scanning files, sectors and system memory and searching them for known and new (unknown to the scanner) viruses. So-called “masks” are used to search for known viruses. A virus mask is a certain constant sequence of code specific to that particular virus. If the virus does not contain a permanent mask, or the length of this mask is not long enough, then other methods are used. An example of such a method is an algorithmic language that describes all possible variants of the code that may be encountered when infected with this type of virus. This approach is used by some antiviruses to detect polymorphic viruses. Scanners can also be divided into two categories - “general-purpose” and “specialized”. Universal scanners are designed to search for and neutralize all types of viruses, regardless of the operating system in which the scanner is designed to work. Specialized scanners are designed to neutralize a limited number of viruses or only one class of them, for example, macro viruses. Specialized scanners designed only for macro viruses are often the most convenient and reliable solution for protecting document management systems in MS Word and MS Excel.
Scanners are also divided into "resident" (monitors, watchmen), which perform scanning "on the fly", and "non-resident", which scan the system only on demand. As a rule, "memory resident" scanners provide more reliable system protection, since they immediately react to a virus appearance, while a "non-memory resident" scanner is able to recognize a virus only during its next launch. On the other hand, a resident scanner can slow down your computer somewhat, including due to possible false positives.
The advantages of all types of scanners include their versatility, the disadvantages are the relatively low speed of scanning for viruses. The following programs are most widespread in Russia: AVP - Kaspersky, Dr. Weber - Danilov, Norton Antivirus from Semantic.
2.2 CRC- scanners.
The principle of operation of CRC scanners is based on the calculation of CRC-sums (checksums) for files / system sectors present on the disk. These CRC-sums are then saved in the anti-virus database, as well as some other information: file lengths, dates of their last modification, etc. On subsequent startup, the CRC scanners compare the data contained in the database with the actual calculated values. If the information about a file recorded in the database does not match the real values, then CRC scanners signal that the file has been modified or infected with a virus. CRC scanners that use anti-stealth algorithms are quite a powerful weapon against viruses: almost 100% of viruses are detected almost immediately after they appear on the computer. However, this type of antivirus has an inherent flaw that significantly reduces their effectiveness. This disadvantage is that CRC scanners are not able to catch a virus at the moment it appears in the system, and they do it only after a while, after the virus has spread through the computer. CRC scanners cannot detect a virus in new files (in e-mail, on floppy disks, in files restored from a backup, or when unpacking files from an archive), because their databases lack information about these files. Moreover, periodically there are viruses that use this "weakness" of CRC scanners, infect only newly created files and thus remain invisible to them. The most used programs of this kind in Russia are ADINF and AVP Inspector.
2.3 Blockers.
Anti-virus blockers are memory resident programs that intercept "virus-dangerous" situations and notify the user about it. Virus-threatening calls include calls to open for writing to executable files, writing to boot sectors of disks or the MBR of a hard drive, attempts by programs to remain resident, etc., that is, calls that are typical for viruses at times of replication. Sometimes some blocker functions are implemented in resident scanners.
The advantages of blockers include their ability to detect and stop a virus at the earliest stage of its reproduction, which, by the way, is very useful in cases when a well-known virus constantly “creeps out from nowhere”. The disadvantages include the existence of ways to bypass the protection of blockers and a large number of false positives, which, apparently, was the reason for the almost complete refusal of users from this kind of antivirus programs (for example, no blocker for Windows95 / NT is known - there is no demand, no supply ).
It should also be noted such direction of anti-virus tools as anti-virus blockers, made in the form of computer hardware components ("hardware"). The most common is the built-in BIOS write protection in the MBR of the hard drive. However, as in the case of software blockers, such protection can be easily bypassed by direct writing to the ports of the disk controller, and launching the DOS utility FDISK immediately triggers a “false positive” of the protection.
There are several more universal hardware blockers, but to the disadvantages listed above, there are also compatibility problems with standard computer configurations and difficulties in installing and configuring them. All this makes hardware blockers extremely unpopular compared to other types of anti-virus protection.
2.4 Immunizers.
Immunizers are programs that write codes into other programs that report an infection. They usually write these codes at the end of files (like a file virus) and check for changes each time they run the file. They have only one drawback, but it is lethal: the absolute inability to report infection with the stealth virus. Therefore, such immunizers, as well as blockers, are practically not used at the present time. In addition, many programs developed recently check themselves for integrity and may mistake the codes embedded in them for viruses and refuse to work.
The main functions of the most common antiviruses.
Dr. Web.
Dr. Web is an old and deservedly popular antivirus in Russia that has been helping users in the fight against viruses for several years. New versions of the program (DrWeb32) run in several operating systems, protecting users from more than 17,000 viruses.
The set of functions is quite standard for antivirus - scanning of files (including those compressed by special programs and archived), memory, boot sectors of hard drives and floppy disks. Trojans, as a rule, cannot be cured, but removed. Unfortunately, email formats are not scanned, so immediately after receiving an e-mail, you cannot find out if there is a virus in the attachment. The attachment will have to be saved to disk and checked separately. However, the "Spider Guard" resident monitor supplied with the program allows you to solve this problem "on the fly".
Dr. Web is one of the first programs to implement heuristic analysis, which can detect viruses that are not included in the anti-virus database. The analyzer detects virus-like instructions in the program and marks such a program as suspicious. The anti-virus database is updated via the Internet at the click of a button. The free version of the program does not perform heuristic analysis and does not disinfect files.
Kaspersky Anti-Virus.
The Inspector monitors all changes in your computer and, if unauthorized changes in files or in the system registry are detected, it allows you to restore the contents of the disk and remove malicious codes. The Inspector does not require updates to the anti-virus database: integrity control is carried out based on the removal of original file fingerprints (CRC-sums) and their subsequent comparison with the modified files. Unlike other auditors, Inspector supports all the most popular executable file formats.
The heuristic analyzer makes it possible to protect your computer even from unknown viruses.
The background virus interceptor Monitor, which is constantly present in the computer's memory, performs anti-virus scanning of all files immediately at the time of their launch, creation or copying, which allows you to control all file operations and prevent infection with even the most technologically advanced viruses.
Anti-virus email filtering prevents viruses from entering your computer. The Mail Checker plug-in not only removes viruses from the email body, but also completely restores the original contents of emails. Comprehensive mail scanning does not allow a virus to hide in any of the elements of an email by scanning all sections of incoming and outgoing messages, including attached files (including archived and packed) and other messages of any nesting level.
Antivirus scanner Scanner allows you to perform a full-scale scan of all contents of local and network drives on demand.
The script virus interceptor Script Checker provides anti-virus scanning of all running scripts before they are executed.
Support for archived and compressed files provides the ability to remove malicious code from an infected compressed file.
Isolation of Infected Objects provides isolation of infected and suspicious objects and then moving them to a specially organized directory for further analysis and recovery.
Automation of anti-virus protection allows you to create a schedule and order of operation of program components; automatically download and connect new anti-virus database updates via the Internet; send alerts about detected virus attacks by e-mail, etc.
Antiviral Toolkit Pro.
Antiviral Toolkit Pro is a Russian product that has earned popularity abroad and in Russia due to its widest capabilities and high reliability. There are versions of the program for most popular operating systems, the anti-virus database contains about 34,000 viruses.
There are several delivery options - AVP Lite, AVP Gold, AVP Platinum. The most complete version comes with three products - a scanner, a resident monitor and a control center. The scanner allows you to scan files and memory for viruses and Trojans. At the same time, packed programs, archives, mail databases (Outlook folders, etc.) are scanned and heuristic analysis is performed to search for new viruses that have not been entered into the database. The monitor "on the fly" scans each file that it opens for viruses and warns of a virus threat, while blocking access to the infected file. The Control Center allows scheduled anti-virus scanning and database updates via the Internet. The demo version lacks the ability to disinfect infected objects, scan packed and archived files, or heuristic analysis.
Norton AntiVirus 2000.
Norton AntiVirus is based on another popular product, the AtGuard (@guard) personal firewall from WRQ Soft. As a result of the application of Symantec's technological power to it, the result is an integrated product with significantly expanded functionality. The core of the system is still the firewall. It works very effectively without configuration, practically not interfering with everyday use of the network, but blocking attempts to restart or "hang up" the computer, gain access to files and printers, and establish a connection with Trojans on the computer.
Norton AntiVirus is the only firewall we've reviewed that delivers 100% of this protection method. Filtration of all types of packets traveling over the network is carried out, incl. service (ICMP), firewall rules can take into account which application is working with the network, what kind of data is transmitted and to which computer, at what time of day it happens.
In order to preserve sensitive data, the firewall can block the sending of an e-mail address, such as a browser, to web servers, and it is also possible to block cookies. The confidential information filter warns of an attempt to send unencrypted information to the network that the user has entered and marked as confidential.
Active content on web pages (Java applets, scripts, etc.) can also be blocked by Norton AntiVirus - a content filter can strip unsafe elements from the text of web pages before they reach the browser.
As an additional service that is not directly related to security issues, Norton AntiVirus offers a very convenient filter for advertising banners (these annoying images are simply cut from the page, which makes it load faster), as well as a parental control system. By prohibiting visits to certain categories of sites and the launch of certain types of Internet applications, you can be quite calm about the content of the network that is available to children.
In addition to the firewall capabilities, Norton AntiVirus offers the user the protection of Norton Antivirus. This popular antivirus application with regularly updated antivirus databases allows you to reliably detect viruses at the very early stages of their appearance. All files downloaded from the network, files attached to e-mail, and active elements of web pages are scanned for viruses. In addition, Norton Antivirus has an antivirus scanner and monitor that provide system-wide antivirus protection without being tied to network access.
Conclusion:
Getting acquainted with the literature, I achieved my goal and made the following conclusions:
Protection information and information security (2)
Abstract >> Informatics... protection information(legal protection information, technical protection information, protection economic information etc.). Organizational methods protection information and protection information in Russia have the following properties: Methods and funds protection information ...
Antivirus program (antivirus) is a program for detecting computer viruses, as well as unwanted (considered malicious) programs in general, and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system with malicious code (for example , by vaccination);
there are no antiviruses that guarantee one hundred percent protection against viruses;
The most popular and effective antivirus programs are virus scanners (other names: phage, polyphage, doctor program). They are followed by CRC scanners in terms of efficiency and popularity (also: auditor, checksumer, integrity checker). Often times, both of these methods are combined into one universal anti-virus program, which significantly increases its power. Various types of blockers and immunizers are also used.
...
