Anti-virus information protection tools. Antivirus protection tools

Information security tools

test

1. Protection of information from unauthorized access. Antivirus products information protection

The task of protecting information stored in computer systems ah, from unauthorized access (NAD), is very relevant. To solve this problem, a whole range of tools is used, including technical, software and hardware tools and administrative measures for protecting information.

Unauthorized access to information is the unplanned access, processing, copying, use of various viruses, including those that destroy software products, as well as modification or destruction of information in violation of established access control rules.

An information security system is an organized set of special legislative and other regulations, bodies, services, methods, measures and means that ensure the security of information from internal and external threats.

There are three main areas in protecting information from unauthorized access:

The first is focused on preventing the intruder from accessing the computing environment and is based on special technical means user identification;

The second is related to the protection of the computing environment and is based on the creation of a special software on information protection;

The third direction is related to the use special means protecting information from unauthorized access

A means of protecting information from unauthorized access is a technical, cryptographic, software and other means designed to protect information, the means in which it is implemented, as well as a means of monitoring the effectiveness of information protection.

Information security means are divided into:

1. Physical - various engineering means and structures that impede or exclude physical penetration (or access) of offenders to protection facilities and to material media confidential information:

2. Hardware - mechanical, electrical, electronic and other devices designed to protect information from leakage, disclosure, modification, destruction, as well as counteracting technical intelligence means:

3. Software - special programs for computers that implement the functions of protecting information from unauthorized access, familiarization, copying, modification, destruction and blocking.

4. Cryptographic - technical and software means of data encryption, based on the use of a variety of mathematical and algorithmic methods.

5. Combined - combined implementation of hardware and software and cryptographic methods of information protection.

Various software methods significantly expand the ability to ensure the security of stored information.

Among the standard protective equipment personal computer The most widespread are:

Tools for protecting computing resources that use password identification and limit access to unauthorized users;

Application various methods encryption that does not depend on the context of information;

Copy protection tools for commercial software products;

Protection against computer viruses;

Creation of archives.

Computer virus- a program capable of spontaneously injecting itself and introducing copies of itself into other programs, files, system areas of the computer and into computer networks, in order to create all kinds of interference with work on the computer

Basic measures to protect against viruses: equipping your computer with an anti-virus program, constantly updating anti-virus databases, archival copies of valuable information.

Antivirus program (antivirus) is a program for detecting computer viruses, as well as unwanted (considered malicious) programs in general and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system with malicious code ( for example, through vaccination).

Antivirus software consists of routines that attempt to detect, prevent, and remove computer viruses and other malicious software.

Antivirus software typically uses two distinct methods:

scanning files to search for known viruses that match the definition in anti-virus databases

detection of suspicious behavior of any program, similar to the behavior of an infected program.

The main methods for detecting computer viruses include the following:

method of comparison with the standard;

heuristic analysis;

antivirus monitoring;

change detection method;

embedding antiviruses into Computer BIOS etc.

Method of comparison with the standard. The simplest detection method is to use so-called masks to search for known viruses. The mask of a virus is some constant sequence of code specific to this particular virus. The anti-virus program sequentially views (scans) the scanned files in search of masks of known viruses. Anti-virus scanners can only find already known viruses for which a mask has been defined. If the virus does not contain a permanent mask or the length of this mask is not long enough, then other methods are used. The use of simple scanners does not protect your computer from the penetration of new viruses. For encrypting and polymorphic viruses that can completely change their code when infected new program or boot sector, it is impossible to allocate a mask, so antivirus scanners they are not detected.

Heuristic analysis. In order to reproduce, a computer virus must perform some specific actions: copying into memory, writing to sectors, etc. The heuristic analyzer (which is part of the anti-virus kernel) contains a list of such actions and checks programs and boot sectors of disks and floppy disks, trying to detect code typical of viruses in them. A heuristic analyzer can detect, for example, that the program being tested installs a resident module in memory or writes data to the program's executable file. Having detected an infected file, the analyzer usually displays a message on the monitor screen and makes an entry in its own or system log. Depending on the settings, the antivirus can also send a message about a detected virus to the network administrator. Heuristic analysis allows you to detect previously unknown viruses. Almost all modern antivirus programs implement their own heuristic analysis methods.

Antivirus monitoring. The essence this method consists in the fact that an anti-virus program is constantly located in the computer’s memory, monitoring all suspicious actions performed by other programs. Anti-virus monitoring allows you to scan all launched programs, created, opened and saved documents, program files and documents received via the Internet or copied to hard drive from a floppy disk or CD. The antivirus monitor will notify the user if any program attempts to perform a potentially dangerous action.

Change detection method. When implementing this method, anti-virus programs, called disk auditors, first remember the characteristics of all areas of the disk that may be attacked, and then periodically check them. When infecting a computer, the virus changes the content hard drive: for example, it adds its code to a program or document file, adds a call to a virus program to the AUTOEXEC.BAT file, changes the boot sector, creates a satellite file. By comparing the characteristic values ​​of disk areas, an antivirus program can detect changes made by both known and unknown viruses.

Embedding antiviruses into the computer's BIOS. IN motherboards Computers are equipped with the simplest means of protection against viruses. These tools allow you to control all calls to the main boot entry hard drives, as well as to the boot sectors of disks and floppy disks. If any program tries to change the contents of boot sectors, protection is triggered and the user receives a corresponding warning. However, this protection is not very reliable. There are known viruses that try to disable BIOS anti-virus control by changing some cells in the non-volatile memory (CMOS memory) of the computer.

Here are the results of a survey conducted by WEBCITY Business Network last quarter. More than 7,000 people took part in the survey (Internet). Survey results:

antivirus information program formatting

The best antivirus for home and office in 2010

Automated workplace warehouse manager of a trading company

information base warehouse Much attention is currently being paid to the formation of principles for constructing information security mechanisms (IP)...

Features of personal computer protection are determined by the specifics of their use. Standardity architectural principles building personal computer hardware and software...

Information protection in automated data processing systems: development, results, prospects

The ideological basis for the set of guidance documents is the “Fund Protection Concept” computer technology and automated systems against unauthorized access to information." The concept "sets out a system of views, basic principles...

Complex systems information security

Methods and means of information protection include organizational, technical and legal information security measures and information security measures ( legal protection information, technical protection information, protection economic information etc...

Methods and means of information protection

The need to protect information

The choice of means of protecting information from unauthorized access should be based on the above requirements for the information protection system in the AS GRN and on an analysis of existing means of protection in the country. These funds should, if possible...

Ensuring information protection in local computer networks

The architecture of the LAN and the technology of its operation allows an attacker to find or specifically create loopholes for hidden access for information...

Organization of information protection in local computer network(using the example of Mari Machine-Building Plant OJSC)

Development of a software tool for certification of network sections

Methods of protecting information in an enterprise, as well as methods of obtaining it, are constantly changing. New offers appear regularly from companies providing information security services...

The classification applies to all existing and projected AS institutions, organizations and enterprises processing confidential information...

Development of a program to automate audit verification during certification of informatization objects

Software product Security Code company Secret Net 6...

Development of a project for protecting information from unauthorized access for automated system district administration institutions

ISIS Secret Net 7.0 is a system for protecting confidential information on servers and workstations from unauthorized access. Operates under OS control Windows families,Linux. Secret Net 7...

Methods for protecting information

Unauthorized access- reading, changing or destroying information without the appropriate authority to do so...

Information security tools

The task of protecting information stored in computer systems from unauthorized access (UNA) is very relevant. To solve this problem, a whole range of tools is used, including technical...

Means antivirus protection

Methods of protection against computer viruses

There are three lines of defense against computer viruses:

‣‣‣ preventing the entry of viruses;

‣‣‣ preventing a virus attack if the virus does arrive on the computer;

‣‣‣ preventing devastating consequences if an attack does occur. There are three methods of implementing protection:

‣‣‣ software protection methods;

‣‣‣ hardware protection methods;

‣‣‣ organizational methods of protection.

When it comes to protecting valuable data, the everyday approach is often used: “it is better to prevent a disease than to treat it.” Unfortunately, it is this that causes the most destructive consequences. Having created bastions on the path of viruses entering your computer, you cannot rely on their strength and remain unprepared for action after a destructive attack. Besides, virus attack- is far from the only and not even the most common reason for the loss of important data. There are software glitches that can disable operating system, as well as hardware failures that can make the hard drive inoperable. There is always the possibility of losing your computer and valuable data due to theft, fire, or other natural disaster.

For this reason, you should first of all create a security system “from the end” - from preventing the destructive consequences of any impact, be it a virus attack, indoor theft or physical failure of the hard drive. Reliable and secure work with data is achieved only when any unexpected event, incl. and complete physical destruction of a computer will not lead to catastrophic consequences.

The main means of protecting information is backing up the most valuable data. When backing up data, you should also keep in mind that you need to separately save all registration and password information for accessing Internet network services. They should not be stored on a computer.

When creating an information backup plan, it is extremely important to consider that backup copies should be stored separately from the computer. That is, for example, backing up information on a separate hard drive of the same computer only creates the illusion of security. A relatively new and fairly reliable method of storing valuable, but not confidential data is storing it in Web folders on remote servers on the Internet. There are services that provide free space (up to several MB) for storing user data.

Backups of confidential data are stored on external media, which are stored in safes, preferably in separate rooms. When developing an organizational plan backup take into account the extreme importance of creating at least two backup copies, saved in different places. Rotation is carried out between copies. For example, within a week, data is copied daily to the media of backup set A, and after a week they are replaced with set B, etc.

Auxiliary means of information protection are anti-virus programs and hardware protection tools. So, for example, simply disconnecting the jumper on motherboard will not allow erasing a reprogrammable ROM chip (flash BIOS), regardless of who tries to do it: a computer virus, an attacker or a careless user.

There are quite a lot of antivirus protection software available. They provide the following options.

1. Creation image of a tough disk on external media (for example, floppy disks). In the event of data failure in the system areas of the hard drive, the saved “disk image” can allow you to recover, if not all the data, then at least most of it. The same tool can protect against data loss due to hardware failures and careless hard formatting disk.

2. Regular scanning hard disks in search of computer viruses. Scanning usually runs automatically every time you turn on your computer and when you place external drive in the reader. When scanning, you should keep in mind that the antivirus program searches for a virus by comparing the program code with the codes of viruses known to it, stored in the database. If the database is out of date and the virus is new, the scanning program will not detect it. It is worth saying that for reliable operation you should regularly update your antivirus program. The recommended update frequency is once every two weeks; acceptable - once every three months. As an example, we point out that the devastating consequences of the attack of the W95.CIH.1075 virus (ʼʼChernobylʼʼ), which caused the destruction of information on hundreds of thousands of computers on April 26, 1999, were associated not with the lack of means of protection against it, but with a long delay (more than a year) in updating these funds.

3. Control over changes in file sizes and other attributes. Since some computer viruses change the parameters of infected files during the reproduction stage, the monitoring program can detect their activity and warn the user.

4. Control over requests to hard drive. Since the most dangerous operations associated with the operation of computer viruses are, in one way or another, aimed at modifying data recorded on the hard drive, antivirus programs can monitor access to it and warn the user about suspicious activity.

Antivirus protection tools - concept and types. Classification and features of the category "Anti-virus protection" 2017, 2018.

The main tasks of antiviruses

· Scan files and programs in real time.

· Scan your computer on demand

· Internet traffic scanning

· Email scanning

· Protection against attacks from hostile websites

· Recovery damaged files(treatment).

Antivirus protection tools

Anti-virus protection tools are designed to scan files and computer memory for the presence of known and new malware, disinfect infected objects, and remove threats.

The first computer viruses and antivirus utilities appeared back in the 70s of the last century. At that time, viruses were “experimental” - they did not have malicious functionality and were created as part of research into self-replicating programs. But their destructive action soon became apparent, which at that time consisted only in the fact that they actively copied themselves and occupied valuable disk space and other resources. Antivirus programs then were aimed at neutralizing one or two specific viruses, and not antivirus protection in general.

In the 80s, the first massive viral epidemics were recorded. Virus writers began to distribute malware capable of destroying valuable documents, programs and system files. Anti-virus protection tools began to develop rapidly, although at that time they were still mainly primitive scanners and immunizers, and the prevalence of anti-virus software was very low.

Types of antivirus protection

In the more than twenty years that have passed since then, antivirus products have come a long way in development. Modern antiviruses are complex software packages, usually containing several interrelated and complementary modules, aimed at combating the entire spectrum computer threats. Modern antiviruses can use the following types of antivirus protection:

Comparison with a viral pattern - viral code signature, behavior pattern malware or a digital fingerprint on the black list of known threats. This type of anti-virus protection consists of examining a suspicious program for signs characteristic of malware. For example, when implementing this type of protection, an antivirus looks for signatures - code sequences unique to a particular virus.

Behavioral monitoring is a type of anti-virus protection based on scanning objects during reading, writing and other operations. To carry out monitoring, the antivirus program is located in RAM and acts as a system event handler. When starting any operation that could lead to infection, the anti-virus monitor starts scanning the object being processed (document, program, etc.).

Change detection is a type of anti-virus protection based on integrity monitoring software components computer. When infected, viruses modify files system registry or boot sectors of the disk. The antivirus program determines whether an object has been modified by counting cyclic control codes (CRC sums) and other methods.

Heuristic analysis. This type antivirus protection is based on the fact that the actions performed by viruses and their sequence differ from the behavior of most programs. Therefore, analysis of command sequences and system calls suspicious software helps to make the right decision about its harmfulness.

Treatment is a type of anti-virus protection that consists of removing malicious objects and restoring normal parameters of the computer system.

Reputation service - newest look anti-virus protection, which has become widespread in recent years and is based on checking the reputation of programs, web resources and email systems. This check is carried out using cloud-based reputation servers maintained by leading anti-virus software developers, and is based on constantly updated lists of “legitimate”, malicious and suspicious resources. The advantage of reputation services is that high speed reactions to the emergence of new threats.

There are also outdated, now rarely used types of anti-virus protection, for example, immunization, which consists of placing a program in the computer’s memory that informs viruses that avoid re-infection that the system is already infected.

The following modules implement anti-virus protection:

Antivirus scanner

Antivirus monitor using multiple protection technologies

Behavior blocker

Anti-virus auditor or CRC control system

Antiviral phage or doctor.

The new generation antivirus products eScan implement the entire complex modern technologies protection.

Information protection - This is the use of various means and methods, the use of measures and the implementation of activities in order to ensure a system of reliability of transmitted, stored and processed information.

The problem of information security in electronic data processing systems arose almost simultaneously with their creation. It was caused by specific facts of malicious actions over information.

If in the first decades active use PCs, the main danger was posed by hackers who connected to computers mainly through telephone network, then in the last decade the violation of information reliability has progressed through programs, computer viruses, global network Internet.

There are quite a lot methods of unauthorized access to information, including: viewing; copying and substitution of data; entering false programs and messages as a result of connecting to communication channels; reading the remaining information on its media; signal reception electromagnetic radiation and wave nature; use of special programs.

1. Means of identification and restriction of access to information

One of the most intensively developed areas for ensuring information security is the identification and determination of the authenticity of documents based on an electronic digital signature.

2. Cryptographic method information protection

Most effective means Enhancing security is cryptographic conversion.

3. Computer viruses

Destruction of the file structure;

The disk drive warning light comes on when it is not being accessed.

The main ways in which computers are infected by viruses are usually removable drives(floppy disks and CD-ROMs) and computer networks. Infection of a computer's hard drive can occur if the computer is booted from a floppy disk containing a virus.

Based on the type of habitat viruses have, they are classified into boot, file, system, network and file-boot (multifunctional).

Boot viruses are embedded in the boot sector of the disk or in the sector that contains the system disk boot program.

File viruses are placed mainly in executable files with extension .COM and .EXE.

System viruses embedded in system modules and drivers peripheral devices, file allocation tables and partition tables.

Network viruses are located on computer networks, and file-boot - infect boot sectors of disks and files application programs.

Along the path of infection of the environment, viruses are divided into resident and non-resident.

Resident viruses when a computer is infected, they leave their resident part in the operating system, which, after infection, intercepts the OS’s calls to other infection objects, infiltrates them and carries out its destructive actions, which can lead to shutdown or reboot of the computer. Non-resident viruses do not infect the computer’s operating system and are active for a limited time.

The structural features of viruses affect their manifestation and functioning.

Logic bomb is a program that is built into a large software package. It is harmless until a certain event occurs, after which its logical mechanism is implemented.

Mutant programs self-reproducing, creating copies that are clearly different from the original.

Invisible viruses or stealth viruses, intercept OS calls to infected files and disk sectors and substitute uninfected objects in their place. When accessing files, these viruses use rather original algorithms that allow them to “deceive” resident anti-virus monitors.

Macro viruses use the capabilities of macro languages ​​that are built into office programs data processing ( text editors, spreadsheets).

Based on the degree of impact on the resources of computer systems and networks, or destructive capabilities, viruses are classified into harmless, non-dangerous, dangerous and destructive viruses.

Harmless viruses do not have a pathological effect on the operation of the computer. Non-dangerous viruses do not destroy files, but reduce free space disk memory, display graphic effects. Dangerous viruses often cause significant disruption to computer operation. Destructive viruses may lead to erasure of information, complete or partial disruption of application programs. It is important to keep in mind that any file that is capable of downloading and executing program code is a potential location where a virus could be placed.

4. Antivirus programs

The widespread use of computer viruses has led to the development antivirus programs, which allow you to detect and destroy viruses and “treat” affected resources.

The basis of most antivirus programs is the principle of searching for virus signatures. Virus signature name some unique characteristic virus program, indicating the presence of a virus in a computer system.

According to the way they work, antivirus programs can be divided into filters, auditors, doctors, detectors, vaccines, etc.

Filter programs - these are “watchmen” who are constantly in the OP. They are resident and intercept all requests to the OS to perform suspicious actions, i.e. operations that use viruses to reproduce and damage information and software resources on the computer, including reformatting the hard drive. Among them are attempts to change file attributes, correct executable COM or EXE files, and write to boot sectors of the disk.

The constant presence of “guard” programs in the OP significantly reduces its volume, which is the main disadvantage of these programs. In addition, filter programs are not able to “clean” files or disks. This function is performed by other antivirus programs, for example AVP, Norton Antivirus for Windows, Thunder Byte Professional, McAfee Virus Scan.

Auditor programs are a reliable means of protection against viruses. They remember initial state programs, directories and system areas of the disk, provided that the computer has not yet been infected with a virus. Subsequently, the program periodically compares the current state with the original one. If inconsistencies are detected (file length, modification date, file cyclic control code), a message about this appears on the computer screen. Among the audit programs we can highlight the Adinf program and its add-on in the form of the Adinf cure Module.

Doctor program is capable of not only detecting, but also “cleaning” infected programs or disks. At the same time, it destroys the infected programs of the virus body. Programs of this type can be divided into phages and polyphages. Phages - These are programs that are used to search for viruses of a certain type. Polyphages designed to detect and destroy a large number of different viruses. In our country, the most commonly used polyphages are MS Antivirus, Aidstest, Doctor Web. They are continuously updated to combat emerging new viruses.

Detector programs capable of detecting files infected with one or more viruses known to program developers.

Vaccine programs or immunizers, belong to the class of resident programs. They modify programs and disks in such a way that this does not affect their operation. However, the virus against which the vaccination is carried out considers them already infected and does not invade them. IN present moment Many anti-virus programs have been developed that are widely recognized and are constantly being updated with new tools to combat viruses.

5. Data security in an online environment

Online environments are vulnerable to data security. An example of interactive environments is any of the systems with communication capabilities, e.g. e-mail, computer networks, Internet.

In order to protect information from hooligan elements, unqualified users and criminals, the Internet system uses a system of authority, or access control.

Assignment: notes, answer questions from teacher Tsv., p. 176, question. 3, 4 and 5.

Lesson objectives:

 educational: get acquainted with the types of anti-virus programs, study methods of protecting information from viruses, gain practical skills in working with an anti-virus program.

 developing: develop intellectual skills: highlight the main thing, analyze, compare, draw conclusions, broaden your horizons.

 educational: to cultivate attention and respect for computer equipment and information resources; communication skills, ability to rationally manage time when performing independent work, maintain interest in the subject through practical application acquired knowledge.

Lesson type: combined

Class: 8

Equipment: projector, computers, interactive whiteboard;

Lesson software:

 antivirus Kaspersky program Antivirus 6.0

 MyTestX program

Methodological support for the lesson:

 presentation for the lesson in the program for interactive whiteboard

 handouts (for each student) – a sheet of text, an electronic test, practical work“Scanning objects for viruses”

Types of work: conversation, frontal survey, work with handouts, work at the computer.

Literature used in preparing the lesson:

• 
  http://www.kaspersky.ru/about
• 
  http://www.messagelabs.com/threats
• 
  http://rspu.edu.ru/rspu/structure/university_departments/math_faculty/site/stud_materials/Ribalova/AntivirysPrograms.htm

Lesson plan:

Lesson progress

I. Organizational moment

Checking student attendance and readiness for class.

2. Updating basic knowledge(Slide 1).

Frontal survey:

3. Studying new material. (Slide 2).

Epigraph of the lesson: “As soon as I swallow something, I immediately

something interesting is happening. Let's see what happens this time! "

Lewis Carroll. "Alice in Wonderland"

1. Warm up.(Slide 3).

Who got into our computer?

At least no one called him?

Login and password stolen

The files were all twisted for us,

He closed access to the disk, -

And the computer suddenly froze.

A complete minus for work.

Suspicion of...

- Virus!

Topic of our lesson: « Anti-virus information protection » (Slide 4).

Students write down the topic of the lesson in their notebook.

Today in class we will learn:

 What is an antivirus program;

 Types of antivirus programs;

 How to protect your computer from viruses.

3.1 Antivirus program

Move down five cells and write down the definition: (Slide 4)

Antivirus is a program that can

Recognize and destroy known viruses.

How does a computer virus work?

- A computer virus secretly writes its code into the file code. The file becomes infected.

Let's consider the basic principle of operation of antivirus programs. They include lists of known viruses, which contain the name of the virus and its code. These lists are called antivirus databases. Moreover, the codes of these viruses are blocked in a special way and cannot harmful effects to the computer. As soon as the antivirus program detects that a piece of code in a file matches the virus code in the database, the file is considered infected and must be disinfected, i.e. is removed from it program code virus. If the code of a new virus is not in the database, it is not always possible to detect it. Databases must be kept up to date.

How can this be done?

- Update or download from the Internet.

Question for thought: in order to better protect the computer, Sasha installed two anti-virus programs at once, but the computer began to work much worse, and the anti-virus programs were constantly struggling with something. Let's help Sasha figure out what's wrong?

- Do programs take up a lot of RAM?

- Virus attack.

- They are hunting for the same virus.

Let's remember what is included in antivirus programs?

- Anti-virus databases.

- Now imagine that these programs have detected virus codes in each other’s databases... Their further actions?

- They will fight each other.

What advice will we give to Sasha?

- Install only one antivirus program.

Based on the principle of virus detection, there are several types of antivirus programs (Slide 5). Let's complete the diagram.