The disease is from the mouth, saying that a thousand and ten thousand, whether it is poisoned, is not whether you have installed anti-virus software, but the habit of using your computer.
Often I heard some "more professional" IT staff said, "Users have installed anti-virus software, but there is no concept of anti-virus, do you think it will not be poisoned?"
If you don't want to be poisoned, it's more important to learn more about how the virus works and how to protect it. Here, I hope that for the computer users of general enterprises, we can provide some "anti-virus concepts" that are sufficient. Maybe you can't "guarantee" anything, but at least you can have a general understanding of what happens on your computer!
Fine and fragile boot program
The computer must be turned on first, from the power on until the operating system is loaded. This is commonly known as the "boot program". Since most viruses try to make themselves part of the "boot program" (for parasitism and infection), you must first know what steps the entire program has:
1. Power on, if everything is working properly, then Next Step
2. BIOS (Basic Input/Output System) performs routine boot check and then takes over the boot program with the default storage device
3.According to industry-recognized specifications, pre- The boot device (usually the hard disk drive) starts the software boot process, and loads the core of the operating system and the driver in sequence.
4. After the kernel of the operating system is loaded, it can also be loaded according to the settings. The various resident programs specified by the person (anti-virus software, IM software...) In each of the above-mentioned boot programs, moving from this step to the next step will leave a "hook point". For example, the BIOS system on the motherboard should execute the boot process of the storage medium, and it will execute the boot command from a fixed location. Where is this fixed location? We don't need to know most people, but this position is definitely a public specification.
So, the person who writes the operating system knows where the storage media is powered on, and the person who writes the disk maintenance program knows that the person who writes the tool program knows, and the person who writes the virus... of course knows, so there is The so-called "boot-type virus." However, modern "boot-type viruses" are rare, mainly because the operating system loaded after booting is quite large and complex, and it is difficult for such viruses to operate normally under such complicated boot conditions. Most of the current viruses are mostly destroyed in the operating system. The possibility of not booting is...
Whether it is Windows, MacOS, Linux or BSD, the initial loading of the operating system consists of elaborate sequential steps, one after the other. The operating system usually has to set the operating mode of the processor, load the system core, driver and drawing interface, then load the resident program, and finally hand over the usage rights to the user.
If this series of "exquisite" but "fragile" process has a little mistake, the system can not load, the user will say "ah, this computer is hung up /crashed /can not open /Dead... All sorts of sayings: The driver has a problem. The core program has a problem. The disk that stores the OS core program has a problem. The user's resident program has a problem. As long as there is a small link error, It may make the operating system not load properly - fortunately this situation does not happen often. So far, the above concept seems to be very simple? Please introduce the concept of "memory" no matter which operating system, etc. after the boot process is completed The user can execute various application software. For example, you can execute a browser, a word processing program, a movie player, etc. The specific behavior is to use the mouse on the icon of the application, and continuously press the left mouse button twice. Yes, that's the "easy".
It's just what most people often forget: there is a very important "component" in the computer called "memory" When the user presses the power supply and executes the boot process, an important step of the program is to load the core of the operating system from the storage medium into the memory. After the core of the operating system is loaded into the memory, according to the developer's Design, will continue to maintain the normal operation of its core and user applications, this process is equally delicate and fragile. In addition, (computer knowledge network www.pc6c.com) because the program is written by "people", if it is written The program person "scrambles" (either intentionally or unintentionally), the application may cause the operating system kernel program to be destroyed and cause a crash. As for the virus?
The virus will hope that it can have the following Ability: Resident in memory, disguising yourself as part of the operating system camouflage process, preferably
Let no one, any software find out as much as possible not to interfere with the operation of the original program, lest you Be aware of using as many methods as possible to attach yourself (virus) to someone else (other computer), if necessary, Do something useful (or fun) for the author, including stealing money and causing damage...
Executable files are more
good, if the virus wants to hide itself in memory First, it has to let you "execute" it. The question is, who will be stupid to execute the virus - if the virus's forehead says "I am a virus, come and squat, execute me", then you will go Touch it? It will not be! So, the writer of the virus will find ways to let the user unconsciously execute it to achieve the purpose of "infection". Therefore, the "executable file" becomes Most of the main targets of the virus "parasitic".
The so-called executable file is what we call "program", "software", usually this kind of software is also composed of one (or several) files. As mentioned above, the software has to be loaded into the memory to be executed and used by the user. Therefore, the author of the software will use the development tool to compile the "original program" into an "executable file" and then ship it to the user. Allow users to perform it.
Before, the executable file only had several fixed formats: the extensions were .COM, .EXE, .BAT, which are executable files. In the era of Windows 7, this has not changed. However, Windows later introduced a number of "rare" executable file formats. For example, .DLL is a "dynamic link library", it is also an executable file that must be attached to the main program; SCR is a screen saver, it is also a special function executable file; MSI (Windows InstallerPackage) is usually found in the "installer", but ... it is also an executable file; some narrative files, such as .VBS, .JS..., are also executable files.
There is a list of extensions for "executable files". Be careful when you see such extensions, and harmful things may be hidden in them.
Win7 systems toolbar provides a lot of convenience for everyone, adding a lot of new features for us
When we use the printer to print on the Win7 system computer, you may have encountered such a situat
Method 1 1. We can use the run command to enter the system service view program. The first is to op
how to make win7 run faster and more smoothly First, only to understand some of the knowledge sys
How does Win7 delete the recycle bin icon?
Win7 system registry damage repair method
Win7 system d disk can not be formatted how to do
How to open the Administrator account in win7
Win7 disk becomes unmarked volume solution
Win7 installed graphics card driver has been restarted solution
How to disable EFS encryption in Win7
Win7 system settings do not automatically black screen method
What if the win7 sound volume icon is missing?
Spring Festival Evening Live can be seen on the computer
What should I do if the Win7 application cannot start 0x000007b normally?
Improve Windows 7 security: Microsoft should do 5 things
How to open the tmp file of Win7 system?
Solve difficult problems with Windows 7 security mode
What features does Windows 8 my app have access to?
Win8 how to delete the input method Win8 delete the input method skills
How to switch tasks in the Windows 8 Metro screen
Third-party tools are all on the side, Win7 easily adjust the network card order
Think about what version of Microsoft Windows 7 is right for you?