Internet business
There is such a profession - web designer!
Today information technologies have merged into almost every corner of our life. Every year, about 40 million PCs are used in almost all areas of our lives, communications and communications…

...

Visual Network Enlightenment. Book review for web designer
Information for consideration CSS Zen Garden is a site that was born on May 8, 2003. The site consists of a single HTML file, by the example of which it…

Continue reading →

Internet security
According to the results of an international study conducted in the European Region, in the Middle East and Africa, it turned out that the index of the Russian Federation’s citizens…

...

Stealth viruses or stealth viruses

Stealth viruses (Stealth) or invisible viruses are a type of resident viruses (reside in RAM). Stealth-viruses falsify information read from the disk so that the program for which this information is intended receives incorrect data. This technology, which is sometimes called Stealth technology, can be used both in BOOT viruses and in file viruses.
Stealth viruses are classified as masking viruses that are very difficult to detect.
Basics of Stealth Technology
The basis of the work of Stealth-viruses is the fact that the operating system when accessing peripheral devices (including hard drives) uses an interrupt mechanism. When an interrupt occurs, control is transferred to a special program, the interrupt handler. This program is responsible for the input and output of information to / from the peripheral device.
In such a system, the vulnerability is initially hidden: by controlling the interrupt handler, you can control the flow of information from the peripheral device to the user. Stealth viruses, in particular, use a control interception mechanism when an interrupt occurs. Replacing the original interrupt handler with their own code, stealth viruses monitor the reading of data from the disk.
If an infected program is being read from a disk, the virus “bites out” its own code (usually the code is not literally “bitten out”, but the number of the readable sector of the disk is changed). As a result, the user gets to read “clean” code. Thus, as long as the interrupt handler vector is changed by the virus code, the virus itself is active in the computer’s memory, it is impossible to detect it by simply reading the disk with the means of the operating system. A similar masking mechanism is used by boot viruses.
Types of Stealth viruses
All types of stealth viruses are known – boot viruses, DOS file viruses, and even macro viruses.
Boot stealth viruses use two basic methods to hide their code. The first of these is that the virus intercepts the commands for reading the infected sector (INT 13h) and substitutes the uninfected original instead. This method makes the virus invisible to any DOS-program, including antivirus, unable to “cure” the computer’s RAM. The basic idea is that, despite the fact that the file is infected, the data of the uninfected file (previously cured by the virus itself) is transferred into RAM.
Most of the file stealth viruses use the same methods as above: they either intercept DOS calls to the files (INT 21h) or temporarily cure the file when it is opened and infect it upon closing. As well as for boot viruses, there are file viruses that use interception of lower level interrupts for their stealth functions — calls to the DOS driver, INT 25h, and even INT 13h.
Implementing stealth algorithms in macro viruses is probably the easiest task – all you need to do is just to prohibit calling the File / Templates or Tools / Macro menu. This is achieved either by removing these menu items from the list, or by replacing them with FileTemplates and ToolsMacro macros. Partially stealth viruses can be called a small group of macro viruses that store their main code not in the macro itself, but in other areas of the document – in its variables or in Auto-text.
The most well-known Stealth viruses include viruses such as Exploit.Macro.Stealth, Exploit.MSWord.Stealth, Virus.DOS.Stealth.551.
Ways to fight Stealth viruses
In order to combat stealth viruses, it was previously recommended (and, in principle, it is recommended now) to perform an alternative system boot from a floppy disk and only after that to search and remove virus programs. Currently, booting from a floppy disk may be problematic (for the case of win32 anti-virus applications, they will not be able to run).
In view of the foregoing, polyphage antiviruses are most effective only when dealing with already known viruses, that is, with those whose signatures and behaviors are familiar to the developers. Only in this case, the virus with 100% accuracy will be detected and removed from the computer’s memory, and then from all scanned files. If the virus is unknown, it can quite successfully resist attempts to detect and treat it. Therefore, the main thing when using any polyphage is to update the program versions and virus databases as often as possible. For the convenience of users, databases are moved to a separate module, and, for example, AVP users can update these databases daily using the Internet.

Posted in because science, Effect, file viruses, Help, uninfected file
<a href="http://thisismyurl.com/downloads/easy-random-posts/" title="Easy Random Posts">Easy Random Posts</a>
Design and logic of the Internet portal
Information portal is one of the most popular Internet resources. What only interests, aspects of life, activities they do not cover! Portals on professional topics, news portals, portals on art,…

...

Online photo slideshow
Photos replacing each other in the form of a presentation clip on which you can overlay music and animated transition effects - this is what the slide show consists of…

Continue reading →

Internet security
According to the results of an international study conducted in the European Region, in the Middle East and Africa, it turned out that the index of the Russian Federation’s citizens…

...