New stage of development of the network with HTML5
With new modern requirements for the design and interactivity of websites, the possibilities of the HTML4 standard, on which the vast majority of projects are built, to say the least,…

...

User friendly interface
When planning the structure of the navigation menu - consider well-known statistics, which states that the average user must find the final document in a maximum (!) Of three steps…

Continue reading →

An error that could kill your site.
What is important on your site? Design? Navigation? Pictures? Probably, all this is important, but if your site is not an art gallery, then the text is the most important…

...

Stealth viruses or stealth viruses

Stealth viruses (Stealth) or invisible viruses are a type of resident viruses (reside in RAM). Stealth-viruses falsify information read from the disk so that the program for which this information is intended receives incorrect data. This technology, which is sometimes called Stealth technology, can be used both in BOOT viruses and in file viruses.
Stealth viruses are classified as masking viruses that are very difficult to detect.
Basics of Stealth Technology
The basis of the work of Stealth-viruses is the fact that the operating system when accessing peripheral devices (including hard drives) uses an interrupt mechanism. When an interrupt occurs, control is transferred to a special program, the interrupt handler. This program is responsible for the input and output of information to / from the peripheral device.
In such a system, the vulnerability is initially hidden: by controlling the interrupt handler, you can control the flow of information from the peripheral device to the user. Stealth viruses, in particular, use a control interception mechanism when an interrupt occurs. Replacing the original interrupt handler with their own code, stealth viruses monitor the reading of data from the disk.
If an infected program is being read from a disk, the virus “bites out” its own code (usually the code is not literally “bitten out”, but the number of the readable sector of the disk is changed). As a result, the user gets to read “clean” code. Thus, as long as the interrupt handler vector is changed by the virus code, the virus itself is active in the computer’s memory, it is impossible to detect it by simply reading the disk with the means of the operating system. A similar masking mechanism is used by boot viruses.
Types of Stealth viruses
All types of stealth viruses are known – boot viruses, DOS file viruses, and even macro viruses.
Boot stealth viruses use two basic methods to hide their code. The first of these is that the virus intercepts the commands for reading the infected sector (INT 13h) and substitutes the uninfected original instead. This method makes the virus invisible to any DOS-program, including antivirus, unable to “cure” the computer’s RAM. The basic idea is that, despite the fact that the file is infected, the data of the uninfected file (previously cured by the virus itself) is transferred into RAM.
Most of the file stealth viruses use the same methods as above: they either intercept DOS calls to the files (INT 21h) or temporarily cure the file when it is opened and infect it upon closing. As well as for boot viruses, there are file viruses that use interception of lower level interrupts for their stealth functions — calls to the DOS driver, INT 25h, and even INT 13h.
Implementing stealth algorithms in macro viruses is probably the easiest task – all you need to do is just to prohibit calling the File / Templates or Tools / Macro menu. This is achieved either by removing these menu items from the list, or by replacing them with FileTemplates and ToolsMacro macros. Partially stealth viruses can be called a small group of macro viruses that store their main code not in the macro itself, but in other areas of the document – in its variables or in Auto-text.
The most well-known Stealth viruses include viruses such as Exploit.Macro.Stealth, Exploit.MSWord.Stealth, Virus.DOS.Stealth.551.
Ways to fight Stealth viruses
In order to combat stealth viruses, it was previously recommended (and, in principle, it is recommended now) to perform an alternative system boot from a floppy disk and only after that to search and remove virus programs. Currently, booting from a floppy disk may be problematic (for the case of win32 anti-virus applications, they will not be able to run).
In view of the foregoing, polyphage antiviruses are most effective only when dealing with already known viruses, that is, with those whose signatures and behaviors are familiar to the developers. Only in this case, the virus with 100% accuracy will be detected and removed from the computer’s memory, and then from all scanned files. If the virus is unknown, it can quite successfully resist attempts to detect and treat it. Therefore, the main thing when using any polyphage is to update the program versions and virus databases as often as possible. For the convenience of users, databases are moved to a separate module, and, for example, AVP users can update these databases daily using the Internet.

Stealth viruses or stealth viruses
Stealth viruses (Stealth) or invisible viruses are a type of resident viruses (reside in RAM). Stealth-viruses falsify information read from the disk so that the program for which this information…

...

Non-standard operating systems
Menuet OS is an operating system not similar to Windows or Unix because it is written not in C (C ++), but in pure assembler (therefore the code is very…

Continue reading →

The most famous hackers
Hackers are the most gifted in the literal sense of the word circle of people involved in hacking various types of systems for fun, without causing appreciable harm to computers.…

...