LogiCL |
---|
Services Informatiques |
LogiCL IT Services
Computer Virus
Virus
A computer virus is a computer program that can replicate itself and spread from one compute
to another. The term "virus" is also commonly, but erroneously, used to refer to other types of
malware, including but not limited to adware and spyware programs that do not have a
reproductive ability.
Malware includes computer viruses, computer worms, ransomware, trojan horses, keyloggers,
most rootkits, spyware, dishonest adware, malicious BHOs and other malicious software. The
majority of active malware threats are usually trojans or worms rather than viruses. Malware
such as trojan horses and worms is sometimes confused with viruses, which are technically
different: a worm can exploit security vulnerabilities to spread itself automatically to other
computers through networks, while a trojan horse is a program that appears harmless but hides
malicious functions. Worms and trojan horses, like viruses, may harm a computer system's data
or performance. Some viruses and other malware have symptoms noticeable to the computer
user, but many are surreptitious or simply do nothing to call attention to themselves. Some
viruses do nothing beyond reproducing themselves.
Classification
In order to replicate itself, a virus must be permitted to execute code and write to memory. For
this reason, many viruses attach themselves to executable files that may be part of legitimate
programs (see code injection). If a user attempts to launch an infected program, the virus' code
may be executed simultaneously. Viruses can be divided into two types based on their behavior
when they are executed. Nonresident viruses immediately search for other hosts that can be
infected, infect those targets, and finally transfer control to the application program they infected.
Resident viruses do not search for hosts when they are started. Instead, a resident virus loads
itself into memory on execution and transfers control to the host program. The virus stays active
in the background and infects new hosts when those files are accessed by other programs or the
operating system itself.
Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module.
The finder module is responsible for finding new files to infect. For each new executable file the
finder module encounters, it calls the replication module to infect that file.
Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by
nonresident viruses. This module, however, is not called by a finder module. The virus loads the
replication module into memory when it is executed instead and ensures that this module is
executed each time the operating system is called to perform a certain operation. The replication
module can be called, for example, each time the operating system executes a file. In this case
the virus infects every suitable program that is executed on the computer.
The role of software development
Because software is often designed with security features to prevent unauthorized use of system
resources, many viruses must exploit security bugs (security defects) in system or application
software to spread. Software development strategies that produce large numbers of bugs will
generally also produce potential exploits.
Antivirus softwares and other preventive measures
Many users install antivirus software that can detect and eliminate known viruses when the
computer attempts to download or run the executable (which may be distributed as an email
attachment, or on USB flash drives, for example). Some antivirus software blocks known
malicious web sites that attempt to install «malware». Antivirus software does not change the
underlying capability of hosts to transmit viruses. Users must update their software regularly to
patch security vulnerabilities ("holes"). Antivirus software also needs to be regularly updated in
order to recognize the latest threats. The German AV Test Institute publishes evaluations of
antivirus software for Windows and Android.
From Wikipedia, the free encyclopedia.