Computer virus is a program, which can copy to itself. To reach it, it needs to connect to another already existing program. With the gathering of the program, the virus gathers too (floppy, CD-ROM, internet). Also many viruses have an very bad characteristics: they destroy data in the computer. The most simply viruses, immediately after the starting re-write some data, so we can uncover them. Another viruses get to data and wait for fulfilling of some task; e.g. starting of an certain program. Very dangerous are viruses, which have the ability to change your data gradually, step by step. After their discovering, you would not know, which data are right and which are wrong. The last specialty in viruses, are polymorfal viruses. These viruses are modifying with all next copy. That is why it is hard to discover them. Many viruses, except the fact that they are gathering, do not directly do anything. Viruses get distributed usually through illegal copies. Very dangerous can be also downloading of various programs, films or music from the internet. One of a very risky viruses is a very spread Slovak virus- One Half, which after every switching off of the computer, decoded a part of a hard disk. After pruning away of the virus, were all decoded data not available.
The real beginning of the existence of computer viruses was the year 1986, when the Brain born- the first computer virus for personal computers IBM PC.
Computer viruses are divided into two big groups: Boot viruses and Folder viruses.
Boot viruses:
The body of the virus is oriented to the beginning of the disk(in the floppy sector or in the MBR of the hard disc). It is activating after implementing of the system from the infected disc. If the virus is active, it can infect all floppies, not secured against writing. From the floppy to the hard disc the virus transfers just after the implementing of the system from the infected floppy.
Folder viruses:
Folder viruses joins or overwrites executable folders (*.COM, *.EXE, *.BAT), or folders, which contain executable code (*.BIN, *.OVL …). This virus is activating after the setting off of the infected folder. If we execute the infected program, firstly the virus makes its job( it infects next programs) and just then it delivers the administration to the infected program. If the virus is “well written”, program goes as usually and the user does not catch anything.
We can also divide viruses to memory resistant and not-resistant.
Not-residential virus infects just after the execution of the infected folder.
Memory residential virus can after starting of the infected folder endurable settle down in the operating memory of the computer. Most often it is in the conventional memory, with the help of the disconnection INT 12 ensures, not to be overwritten with another program. Residential virus can discover in the conventional memory, in the EMS memory and in the first 64 kB segment memory extended (that means 0-1088 kB). After settle down in the memory, virus scans the activities of the user. If he works with an healthy folder, virus infects it. Residential virus can infect folders of any size.
As the time goes, there discovers viruses, which can hide in front of antivirus programs (stealth viruses), viruses, that modifies their own code (polymorfal viruses), viruses, that can infect also other than executive folders (macroviruses). With the coming of the new operating systems, we can enjoy again new types of viruses with “incredible and impossible” abilities.
Viruses do during their life cycle a lot of actions:
•Take over the control of the processor
•Check current state
•Install into the memory
•Redirect disconnections
•Undertake the test for conditions to execute damages (date…)
•Execute sabotages
•Find place for creating of own copy
•Input of own copy
•Decode
Prevention against computer viruses:
Software protection
Hardware protection
SOFTWARE PROTECTION
It is implemented through antivirus programs. An antivirus program is a program, which helps to localize, elimination and maximally repair of damages.
For allocating the virus, there are using various methods:
Controllable accounts- this method is functional on the systems of database, which antivirus program creates alone and when controlling, each folder evaluates with its own and it signs in case of doubt.
Searching of known chains- program contains database of already known viruses and when controlling, it compares the content.
Heuristical analysis- when checking, it imitates the computer bahaviour, and when any program is shady, immediately it alerts
Residential protection- after switching on the computer, antiviruses immediately install. It secures weak places
HARDWARE PROTECTION
It is executed through extended chip. The chip contains ROM memory with special software.
