Table of contents
Introduction ………………………………………………………………….1
1. What is a virus? ………………………………………………………..2
1.1 Virus classification ………………………………………………...3
1.2 What damage does a computer virus cause? ……………………....5
1.3 Virus protection options ……………..…………………………….6
2. What is an antivirus? …………………………………………………..7
2.1 The concept of antivirus software ………………………………....8
2.2 How do antiviruses work?.………………………………………....9
2.3 How does antivirus protect the owner?...………………………….10
Батыс Қазақстан инновациялық-технологиялық университеті
Р е ф е р а т
Тақырыбы: «Comparative analysis of anti- virus means of
information protection». Stage 1.
Жасаған: Г.Е.Серікқали
Тексерген: Д.Ж.Адрахманова
Орал, 2020 ж
Introduction ………………………………………………………………….1
1. What is a virus? ………………………………………………………..2
Table of contents.
Introduction ………………………………………………………………….1
1. What is a virus? ………………………………………………………..2
Table of contents
Introduction ………………………………………………………………….1
Introduction…………………………………………………………….1
1. What is a virus?.……………………………………………………..2
1.1 Virus classification ………………………………………………...3
1.2 What damage does a computer virus cause? ……………………....5
1.3 Virus protection options ……………..…………………………….6
2. What is an antivirus? ………………………………………………..7
2.1 The concept of antivirus software ………………………………....8
2.2 How do antiviruses work?.………………………………………....9
2.3 How does antivirus protect the owner?...………………………….10
2.4 Detection methods ………………………………………………...11
2.4.1 Signatures …………………………………………………….…11
2.4.2 Heuristic …………………………………………………………11
2.4.3 Firewall …………………………………………………….........11
2.5 Comparison of antivirus packages …………………………….…..13
Conclusion ………………………………………………………….....16
List of sources …………………………………………………………17
Introduction
At present, most areas of human activity are related to the use of computers.
They are tightly rooted in our lives. They have tremendous opportunities, there by allowing you to save the human brain for more necessary and responsible tasks. A computer can store and process a very large amount of information; this is a very convenient thing for humanity.
When working with a user's computer, he can face many troubles: data loss, system freezing, failure of certain parts of the computer, and others. One of the causes of these problems may be computer viruses that have entered the system. Viruses are the enemies of the computer. These programs, like biological viruses, multiply, writing to the system areas of the disk or attributing to files, produce various undesirable actions. All virus actions can be performed very quickly and without any messages, so it is very difficult for the user to determine that something is happening on the computer. While relatively few programs are infected on the computer, the presence of the virus can be almost invisible. There are many ways to spread viruses. The virus can enter the user's computer
with a floppy disk, a pirated CD, or an e-mail message.
In order not to become a victim of this scourge, each user should be well aware
of the principles of protection against computer viruses. In the modern world,
humanity uses an antivirus. A very useful thing.
1
What is a virus?
Computer viruses- are programs that can reproduce themselves in several
copies, possibly attributing to other programs, and possibly commit some side
effects.
The main goal of the virus is to spread it. Also, often its accompanying function
is a malfunction of hardware and software systems - deleting files and even
deleting the operating system, inability to use data placement structures,
blocking users, etc. Even if the author of the virus did not program malicious
effects, the virus can cause computer crashes due to errors not taken into account
due to the intricacies of interaction with the operating system and other
programs. Besides, viruses, as a rule, occupy a place on information storage
devices and consume system resources.
2
Virus classification Today, there are hundreds of thousands of viruses. The viruses are classified
according to the following criteria:
Habitat;
Method of infection;
Action;
Features of the algorithm.
Depending on the environment, viruses can be divided into
-Network,
- File,
-Boot,
-File-boot.
Network viruses spread across various computer networks.
File viruses penetrate mainly into executable modules, some files have EXE
extensions, etc. File viruses can penetrate other types of files, but, as a rule,
recorded in such files, they never gain control and, therefore, lose their ability to reproduce.
Boot viruses infiltrate the boot sector of the disk (Boot sector) or the sector
containing the system boot program (Master Boot Record).
File — boot viruses infect both files and boot sectors of disks. By the method of
infection, viruses are divided into resident and non-resident. When a computer is
infected (infected), a resident virus leaves its resident part in RAM, which then
intercepts the operating system’s calls to infected objects (files, boot sectors of
disks, etc.) and penetrates them. Resident viruses are in memory and are active
until the computer shuts down or reboots. Non-resident viruses do not infect
computer memory and are active for a limited time.
By the degree of impact, viruses can be divided into the following types:
safe, those that do not interfere with the operation of the computer, but reduce
the amount of free RAM and memory on disks; the actions of such viruses are
manifested in any graphic or sound effects; dangerous viruses that can lead to
various computer malfunctions; very dangerous, the action of which can lead to
the loss of programs, data destruction, erasing information in the system areas of
the disk.
By the features of the algorithm, viruses are difficult to classify due to their
great diversity. Simple viruses are parasitic; they modify the contents of files
and sectors of the disk and can be easily detected and destroyed. We can note
viruses - replicators, called worms, that spread through computer networks, find
the addresses of network computers and write down their copies at these
addresses. There are known invisible viruses called stealth viruses, which are
very difficult to detect and neutralize, since they intercept the operating system’s
3
calls to infected files and disk sectors and substitute uninfected disk sections for
their bodies. The most difficult thing is to identify mutant viruses that contain
encryption-decryption algorithms, thanks to which copies of the same virus do
not have a single chain of bytes that are repeated. There are also so-called
quasivirus or “trojan” programs, which, although they are not capable of self-
distribution, are very dangerous because, masquerading as a useful program,
they destroy the boot sector and file system of disks.
4
What damage does a computer virus cause?
A virus (virus program) has the following properties:
The ability to create your copies and embed them in other software
objects.
Securing (latency) up to a certain point in its existence and distribution.
Unauthorized (by the user) actions were taken by him.
The presence of negative consequences from its functioning.
The actions of computer viruses can manifest themselves in different ways:
some files get corrupted;
programs stop running or run incorrectly;
unexpected messages or symbols are displayed on the monitor screen;
computer slows down, etc.
Some viruses do not manifest themselves externally at startup and can infect
other programs from time to time and perform unwanted actions on the
computer, for example, send confidential information to an attacker. Other types
of viruses after infection of programs and disks cause serious damage, for
example, format a hard disk, etc., or threaten to do this, requiring the transfer of
money for unlocking. Infected programs from one PC can be transferred using
flash drives, disks, a local or global network to other computers. If you do not
take measures to protect against computer viruses, the consequences of
computer infection can be serious.
5
Virus protection options
One of the main consequences of viruses is the loss or corruption of information.
Therefore, to ensure stable and reliable operation, it is always necessary to have
clean, not infected copies of the information and software used.
Common funds include:
Backing up information (creating copies of files and system areas of
disks);
Differentiation of access to information (prevention of unauthorized use
of information).
The software includes various anti-virus programs that are most effective in
combating computer viruses. However, there are no antiviruses that guarantee
absolute protection against viruses, since you can always offer a counter-
algorithm for a virus that is invisible to this antivirus for any antivirus algorithm.
The use of special antiviral agents in most cases allows not only detecting a
virus invasion but also quickly neutralizing the detected viruses and restoring
corrupted information.
6
What is an antivirus?
Antivirus programs are utilities that allow you to detect viruses, cure, or
eliminate infected files and disks, and detect and prevent suspicious (virus-
specific actions).
Depending on the developer, anti-virus programs use different methods of virus
detection. But most people scan files or computer memory to detect the presence
of a known virus, recognizing it by a characteristic part of the code.
The probability of getting an old virus is relatively small, but new viruses appear
daily. To maintain the effectiveness of the antivirus program, it is recommended
that you update your antivirus programs or their virus databases.
When choosing an anti-virus program, it is necessary to take into account not only the percentage of virus detection, but also the ability to detect new viruses, the
number of viruses in the anti-virus database, its update frequency, and the
presence of additional functions.
Currently, a serious antivirus should be able to recognize at least 25,000 viruses.
Many of them have already ceased to exist.
7
The concept of antivirus software
Type of antivirus program
|
Principle of Action
|
Detectors
|
Detect files infected by one of the known viruses
|
Doctors (phages)
|
They “cure” infected programs or disks. They extract the viruscode from infected programs, that is, they restore the program in the state it was in before the virus was infected.
|
The auditors
|
First, information about the state of programs and system areas of disks is stored, and then their state is compared with the original one. If a discrepancy is detected, it is reported.
|
Filters
|
They are loaded resident in RAM, intercept those calls to the system that are used by viruses for reproduction and harm, and report them. You can enable or disable this operation.
|
Among the popular and effective antivirus software systems are:
Kaspersky Anti-Virus - AntiViral Toolkit Pro (AVP) (http://www.avp.ru)
Avast (http://www.avast.ru)
DoctorWeb (http://www.drweb.ru)
NOD 32 http://www.esetnod32.ru;
Norton AntiVirus;
Symantec AntiVirus et al.
8
How do antiviruses work?
Controls traffic;
Scans ports
Deletes and modifies files;
Manages the registry;
Heavily loads the system with "left" services;
Collects statistics and sends it to the developer.
But the system at the same time works quite stably and quickly.
9
How does antivirus protect the owner?
If you don’t go into the details of the software that many may find obscure, I’d
like to highlight 3 main principles of antivirus actions in relation to spyware:
diagnostics;
prophylaxis;
Treatment.
In the first case, the software checks all the places on the HDD, RAM and
removable media. Priority is given to those areas that are most often hit by
trojans (boot sectors, executable libraries, drivers, etc.). If the antivirus finds
something, it automatically notifies the user.
Treatment can be of two types:
Attempt to cure file;
Quarantine;
Removal.
In the first case, the software will try in every possible way to restore the
functionality of one or more files. If all else fails, infected objects will be
permanently deleted from the PC. The integrity of the system may suffer and it
will have to be restored.
Files are quarantined if they are valuable to you or contain important data. In the
future, you can try to cure the object yourself, or with the help of a specialist.
Prevention - systematic scanning by antivirus in the background. You can not
suspect about its work (if the PC is powerful and there are enough resources). In
this mode, the antivirus scans all opened programs, folders, files, and more. If he
finds a virus or something suspicious, he will immediately inform the owner.
10
Detection methods
To date, there are 3 key ways to search for various worms and all other
obscurantisms that spoils the OS:
Signature method;
Heuristic method;
Firewall (firewall).
Signatures
The principle of the signatures is as follows: the anti-virus laboratory detects a
new virus with subsequent analysis, identifying the signature - a special digital
sign of the pest (like a fingerprint). Signatures are added to the database, which
the user downloads when updating.
The advantages are that the method is reliable and has been used for a very long
time. Also relatively fast.
Of the shortcomings, I want to note a huge number of such trojans that have
similar signatures. Because of this, you have to develop a template that is
entered from the database, and then unwanted software is searched for on its
basis. In this case, false positives of antiviruses sometimes occur, which periodically annoys.
Heuristic
Many programs have a built-in heuristic module for virus scanning. The bottom
line is to check all the programs and files that you run on your PC. If the
antivirus detects something dubious or suspicious, it will immediately display a
message.Advantages in the prospects of the direction of such a method and the ability to respond to those threats that are not in the signature database.
The disadvantage is “dampness,” because false positives for safe software are
common. There are frequent cases of disabling the heuristic module, which is
"annoying", because of which the system puts a potential threat. And this
method is quite voracious to PC resources.
Firewall
Firewalls protect the network, i.e. local and global connections. This module is
often independent and is sold as a separate program, or is already integrated into
the system (the Windows firewall is an example of this). The software controls
incoming and outgoing traffic, limiting the ability to connect to certain resources
(white and blacklists). Among the advantages, we note the opportunity to create a “free” Internet, working exclusively with a list of trusted sites. You can also install it on one of the local gateways, creating school or institute networks of a narrow focus (without social networks, instant messengers and other "black" sites).
The disadvantage is the complexity of the settings. To create a truly secure
network, you need to sweat well towards the hardware. Using the "default"
settings makes the firewall a huge holey trough.
11
Comparison of antivirus packages
Regardless of which information system you need to protect, the most important
parameter when comparing antiviruses is the ability to detect viruses and other
malicious programs.
However, this parameter, although important, is far from the only one.
The fact is that the effectiveness of the anti-virus protection system depends not
only on its ability to detect and neutralize viruses, but also on many other
factors.
The anti-virus should be convenient in operation, without distracting the
computer user from performing his direct duties. If the antivirus annoys the user
with persistent requests and messages, sooner or later he will be disconnected.
The antivirus interface should be friendly and understandable, since not all users
have extensive experience working with computer programs. If you do not
understand the meaning of the message that appears on the screen, you can
inadvertently allow a virus infection even with the antivirus installed.
In this work, the most popular anti-virus programs have been subjected to
comparative analysis, namely: Kaspersky Anti-Virus, Symantec / Norton,
Doctor Web, Eset Nod32, Trend Micro, McAfee, Panda, Sophos, BitDefender,
F-Secure, Avira, Avast !, AVG, Microsoft.
One of the first to test anti-virus products was launched by the British
magazine Virus Bulletin. The first tests published on their website date
back to 1998. The basis of the test is a collection of malicious programs
WildList. To successfully pass the test, it is necessary to identify all
viruses in this collection and demonstrate a zero level of false positives on
the collection of "clean" log files. Testing is carried out several times a
year on various operating systems; Successfully tested products receive a
VB100% award.
Figure 1 shows how many VB100% awards were received by products of
various antivirus companies.
12
Figure 1 - The number of successfully passed tests VB 100%
Independent research laboratories, such as AV-Comparatives, AV-Tests, test antivirus products twice a year for malware detection on demand. At the same time, the collections that are being tested contain up to a million malicious programs and are regularly updated. Test results are published on the websites of these organizations (www.AV-Comparatives.org, www.AV-Test.org) and in the well-known computer magazines PC World, PC Welt. The results of the next tests are presented below:
Figure 2 - The overall level of malware detection according to AV-Test.
13
Figure 3 - Treatment of active infection
Figure 4 - The average rating of antivirus programs
14
Conclusion
In this work, a comparative analysis of antivirus packages was performed.
In the process of analysis, the tasks set at the beginning of the work were
successfully solved. Thus, the concepts of information security, computer viruses and anti-virus tools were studied, the types of information security threats, protection methods were determined, the classification of computer viruses and anti-virus programs was considered, a comparative analysis of anti-virus packages was carried out, and a program was written to search for infected files.
The results obtained during the work can be applied when choosing an antivirus
tool.
All the results obtained are reflected in the work using diagrams, so the user can
independently verify the conclusions made in the final diagram, which reflects
the synthesis of the revealed results of various tests of antivirus tools.
The results obtained during the work can be used as a basis for independent
comparison of antivirus programs.
In light of the widespread use of IT-technologies, the presented term paper is
relevant and meets the requirements for it. In the process, the most popular anti-
virus tools were considered.
15
List of sources
1. Computer virus. - https://en.wikipedia.org/wiki/Computer_virus
2. Avoine, Gildas; and others. (2007). Computer system security: basic
concepts and exercises to be solved. Pages 21-22.
3. https://www.bestreferat.ru/referat-216858.html
4. https://useron.ru/bezopasnost/274-kak-rabotaet-antivirus.html
5. https://mirznanii.com/a/116458-3/virusy-i-antivirusy
6. https://en.wikipedia.org/wiki/Comparison_of_antivirus_software
16
Достарыңызбен бөлісу: |