User of modern personal computer has free access to all machine resources. This is what opened up the possibility of the existence of a danger that was called a computer virus.

A computer virus is a specially written program that can spontaneously attach itself to other programs, create copies of itself and inject them into files, system areas of the computer and into computer networks in order to disrupt the operation of programs, damage files and directories, and create all kinds of interference with work on the computer. Depending on their habitat, viruses can be divided into network viruses, file viruses, boot viruses, file-boot viruses, macro viruses and Trojans.

• Network viruses distributed over various computer networks.
• File viruses are implemented mainly in executable modules. File viruses can be embedded in other types of files, but, as a rule, written in such files, they never gain control and, therefore, lose the ability to reproduce.
• Boot viruses are embedded in the boot sector of the disk (Boot sector) or in the sector containing the boot program system disk (Master Boot Record).
• File boot viruses infect both files and boot sectors of disks.
• Macro viruses are written in high-level languages ​​and attack document files of applications that have built-in automation languages ​​(macrolanguages), such as applications in the Microsoft Office family.
• Trojans masquerading as useful programs, are a source of computer virus infection.

To detect, remove and protect against computer viruses several types have been developed special programs, which allow you to detect and destroy viruses. Such programs are called antivirus programs. The following types are distinguished: antivirus programs :

• - detector programs;
• - doctor programs, or phages;
• - audit programs;
• - filter programs;
• - vaccine programs, or immunizers.

Detector programs They search for a signature characteristic of a particular virus in RAM and files and, if found, issue a corresponding message. The disadvantage of such antivirus programs is that they can only find viruses that are known to the developers of such programs.

Doctor programs, or phages, as well vaccine programs not only find files infected with viruses, but also “treat” them, i.e., remove the body of the virus program from the file, returning the files to their original state. At the beginning of their work, phages search for viruses in RAM, destroying them, and only then proceed to “cleaning” files. Among the phages there are polyphages, i.e. doctor programs designed to search for and destroy a large number of viruses. The most famous of them: Kaspersky Antivirus, Norton AntiVirus, Doctor Web.

Due to the fact that new viruses are constantly appearing, detector programs and doctor programs quickly become outdated, and regular version updates are required.

Auditor programs are among the most reliable means of protection against viruses. Auditors remember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then periodically or at the user’s request compare the current state with the original one. Detected changes are displayed on the monitor screen. As a rule, states are compared immediately after loading operating system. When comparing, the file length, cyclic control code (file checksum), date and time of modification, and other parameters are checked. Auditor programs have fairly developed algorithms, detect stealth viruses and can even distinguish changes in the version of the program being checked from changes made by the virus. Auditor programs include the widely used Kaspersky Monitor program.

Filter programs or “watchmen” are small resident programs designed to detect suspicious actions during computer operation, characteristic of viruses. Such actions may be:

• - attempts to correct files with COM extensions. EXE;
• - changing file attributes;
• - direct recording to disk at an absolute address;
• - writing to boot sectors of the disk;

When any program tries to perform the specified actions, the “guard” sends a message to the user and offers to prohibit or allow the corresponding action. Filter programs are very useful. since they are able to detect the virus at the earliest stage of its existence, before reproduction. However, they do not “clean” files and disks.

To destroy viruses, you need to use other programs, such as phages. The disadvantages of watchdog programs include their “intrusiveness” (for example, they constantly issue a warning about any attempt to copy executable file), as well as possible conflicts with other software.

Vaccines or immunizers These are resident programs. preventing file infection. Vaccines are used if there are no doctor programs that “treat” this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect its operation, and the virus will perceive it as infected and therefore will not take root. Currently, vaccine programs have limited use.

Timely detection of virus-infected files and disks and complete destruction of detected viruses on each computer help avoid the spread of a virus epidemic to other computers.

Abundance of threats (“infected” flash drives, Internet, local networks, incorrectly configured OS) led to the need to use antivirus programs. Most users prefer a universal “all-inclusive” solution that combines a full range of routines for scanning potential sources of threats (mail, websites, external media, and so on). But there are also specific solutions tailored only to specific threats.

The following types of antivirus programs exist:

— Antispyware. A popular type of threat today. Today, the overwhelming majority of antivirus packages do not classify such software as malicious, since it is “borderline”. This led to the emergence of a whole class of utilities for cleaning the system from spyware. In addition, some anti-virus programs for professionals (for example AVZ) still contain spyware detection modules. Examples of anti-spyware software packages are Search & Destroy, Pestpatrol, Ad-aware.

— Online scanner. There are services that allow you to check a computer connected to the Internet for viruses. They work using ActiveX technologies (then it only works in Internet Explorer) or Java. Their main advantage is the ability to search (and, in the more advanced ones, treat) infected files without installing an anti-virus package. The main disadvantage of this type of service is that there are no means of preventing infection. Here are the most famous online scanners - ESET Online Scanner, Trend Micro HouseCall, Comodo AV Scanner.

— Online “single file” scanner. Analyzes what you consider to be malicious files. You simply upload the file system object you selected to the anti-virus laboratory server and a response is received almost instantly. The waiting time also depends on the number of heuristic programs used to check and the server load. This solution is ideal for those PCs where an antivirus is not installed, but you need to check files brought, say, from a neighboring machine. The most famous include Dr.Web online check, avast! Online Scanner, VirusTotal, Online malware scan.

— Antivirus scanners without a monitor. Are engaged in scanning and cleaning local and external media from malware. Unlike “combines”, which contain a whole set firewalls and heuristics do not have a built-in module. Due to this, good performance is achieved. The most popular are Cure it, Clam AntiVirus, Norton Security Scan, Microworld.

— Firewall. The program can also be classified as a type of antivirus, since it repels automated attempts to penetrate the system. The mechanism is to block network traffic and ensure the invisibility of the PC on the network (by blocking ping and other services). It can also be useful in cases of infection that has already occurred (blocks outgoing connection attempts). The most popular today is Outpost Firewall.

To detect, remove and protect against computer viruses, several types of special programs have been developed that allow you to detect and destroy viruses. Such programs are called antivirus programs.

These programs can be classified into five main groups: filters, detectors, auditors, doctors (phages) and vaccinators (immunizers).

Antivirus filters or “watchmen” are resident programs that notify the user of all attempts by any program to write to a disk, much less format it, as well as other suspicious actions. You will be prompted to allow or deny this action. The operating principle of these programs is based on intercepting the corresponding interrupt vectors. The advantage of programs of this class compared to detector programs is their versatility in relation to both known and unknown viruses, while detectors are written for specific types currently known to the programmer. However, filter programs cannot track viruses that access the BIOS directly, as well as BOOT viruses that are activated even before the antivirus starts, during the initial stage of DOS boot. Disadvantages also include the frequent issuance of requests to carry out any operation.

The most widespread in our country are detector programs, or rather programs that combine a detector and a doctor. The most famous representatives of this class are Aidstest, Doctor Web, MicroSoft AntiVirus. Antivirus detectors are designed for specific viruses and are based on comparing the sequence of codes contained in the body of the virus with the codes of the programs being scanned. Many detector programs also allow you to “clean” infected files or disks by removing viruses from them (of course, treatment is supported only for viruses known to the detector program). Such programs need to be updated regularly, as they quickly become outdated and cannot detect new types of viruses.

Auditors are programs that analyze the current state of files and system areas of the disk and compare it with information previously saved in one of the auditor data files. This checks the state of the BOOT sector, the FAT table, as well as the length of the files, their creation time, attributes, and checksum. By analyzing messages from the audit program, the user can decide whether the changes were caused by a virus or not. Auditor programs are among the most reliable means of protection against viruses.

The last group includes the most ineffective antiviruses - vaccinators - these are resident programs that prevent file infection. Vaccines are used if there are no doctor programs that “treat” this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect its operation, and the virus will perceive it as infected and therefore will not take root. Currently, vaccine programs have limited use.

In our country, anti-virus programs that combine the functions of detectors and doctors have become especially popular. The most famous of them is the AIDSTEST program by D.N. Lozinsky. One of latest versions detects more than 1500 viruses.

The Aidstest program is designed to fix programs infected with ordinary viruses that do not change their code.

Disadvantages of the Aidstest program: does not recognize ordinary viruses; is not equipped with a heuristic analyzer that allows it to find viruses unknown to it; does not know how to check and disinfect files in archives; does not recognize viruses in programs processed by executable file packers such as EXEPACK, DIET, PKLITE, etc.

Advantages of Aidstest: easy to use; works very quickly; recognizes a significant part of viruses; well integrated with the Adinf audit program; works on almost any computer.

Recently, the popularity of another anti-virus program, Doctor Web, offered by the Dialog-Science company, has been rapidly growing. This program was created in 1994 by I.A. Danilov. Dr.Web, like Aidstest, belongs to the class of detectors - doctors, but unlike the latter, it has a so-called “heuristic analyzer” - an algorithm that allows you to detect known viruses.

Unlike Aidstest, the Dr.Web program: recognizes polymorphic viruses; equipped with a heuristic analyzer; can check and disinfect files in archives; allows you to test files vaccinated with CPAV, as well as packaged with LZEXE, PKLITE, DIET.

AVSP (Anti-Virus Software Protection)

An interesting software product is AVSP antivirus. This program combines a detector, a doctor, and an auditor, and even has some resident filter functions (prohibiting writing to files with the READ ONLY attribute). The antivirus can treat both known and unknown viruses, and the user himself can inform the program about how to treat the latter. In addition, AVSP can treat self-modifying and Stealth viruses.

ADINF (Advanced Diskinfoscope)

ADinf belongs to the class of audit programs. This program was created by D. Yu. Mostov in 1991.

The work of the programs is based on regular monitoring of changes occurring in hard drives. If a virus appears, ADinf detects it by the modifications it makes to file system and/or boot sector of the disk and informs the user about it. ADinf is especially effective for detecting new viruses for which an antidote has not yet been invented.

The useful properties of ADinf are not limited to just fighting viruses. In essence, ADinf is a system that allows you to monitor the safety of information on disks and detect any, even subtle changes in the file system, namely, changes in system areas, file changes, creating and deleting directories, creating, deleting, renaming and moving files from a directory to catalog.

Norton AntiVirus

Antivirus developed by Symantec Corporation. One of the most famous and popular antiviruses. The percentage of virus recognition is very high (close to 100%). The program uses a mechanism that allows you to recognize new unknown viruses. Norton AntiVirus neutralizes all types of viruses, protects your computer while surfing the Internet, checks email and files downloaded from the network. Norton AntiVirus can, upon user request, scan all local drives, including floppy disks and CDs, for viruses in files. In addition, Norton AntiVirus provides protection against spyware. The disadvantage of this program is that it is difficult to configure (although there is practically no need to change the basic settings).

AVP (AntiViral Toolkit Pro)

This program was created by Kaspersky Lab. AVP has one of the most advanced virus detection mechanisms. Today AVP is practically in no way inferior to its Western counterparts.

AVP provides users with maximum service - the ability to update anti-virus databases via the Internet, the ability to set parameters for automatic scanning and disinfection of infected files. Updates on the AVP website appear almost weekly, and the database includes descriptions of almost 40 thousand viruses.

Antivirus programs are programs designed to protect your computer from hacker attacks by damaging various viruses. If there are no computer anti-virus programs on your computer, then your system unit or the laptop is at risk of becoming infected with a virus. It doesn’t matter whether you go online or use a CD or DVD discs, the world of information transmission is filled with various viruses and it is necessary to take care of security. Be it home computer or worker, antivirus for the office is just as necessary as for the home. You can easily find out how much an antivirus program costs on websites that sell antivirus programs.

Purpose of antivirus programs

The purpose of antivirus programs is to fight viruses; three methods are used for this.

Comparing files with previously saved data about them in order to search for changes and identify similar ones that probably belong to viral bodies, and restore them to their original form. This method allows you to identify any changes made by any viruses, but does not exclude changes that occur non-virally (for example, as a result of user actions).

Comparing the contents of the file with data on known sequences of virus codes, in order to warn the user about the presence of viruses and subsequently remove the virus code (treatment) from the file. This method allows you to detect and neutralize known viruses, but is powerless against new viruses that have not yet been entered into the database.

Continuous monitoring of programs and intercepting their attempts to write something to other programs, system areas or physical addresses. This method does not allow the execution of virus actions, but is powerless if the virus writes not to the program, but to its copy, which has a different extension, and only then replaces the original program with an infected file. Such an action cannot be controlled because it is constantly applied various programs and by the user himself (editing documents, moving files, automatically saving settings, etc.)

The more the Internet develops, the more malware appears there, used by attackers for various purposes. Therefore, the issue of computer security must be approached with the utmost seriousness. Keeping your computer safe starts with choosing an antivirus program. In this article we will look at what types of antivirus programs there are.

Dr.Web is a reliable antivirus

The company's security software has been on the market since 1992.

This antivirus program is very user-friendly interface. Scanning is slow, but very high quality. The program is able to detect almost any virus, after which it offers to remove the infected program, cure it or quarantine it. You can use the program for free for a month, after which you need to purchase a license.

To scan your computer for viruses, or a utility Dr.web CureIt, which scans your computer for threats and removes them.

You can also download another one useful utility — Dr.Web Linkcheckers. This program is a browser extension that blocks ads and checks links and downloaded files.

Also among the useful components of Dr.Web, you should pay attention to Dr.Web LiveCD. This free application to restore the system. It is quite effective in restoring the system for most possible failures.

Avast is a popular free antivirus.

Avast- it's complex software tool to detect and remove malware. Avast is able to scan your computer in several modes: full scan, express scan and single folder scan. It is also possible to scan when the computer boots. This process takes quite a long time, but is the most effective.

Avast antivirus is available in several versions:

1. Avast Free antivirus is a free antivirus option.
2. Avast Pro Antivirus - standard version.
3. Avast Internet Security is a tool for Internet security.
4. Avast Premier is the most full version with various security components.

For use free version it is enough to indicate the address Email and full name.

Kaspersky Internet Security

Kaspersky is a software tool that can easily be called one of the leaders among security products. Many uninformed users criticize it for being very loading RAM computer. But it was like that before, but modern versions This antivirus does not consume a lot of computer resources and does not greatly affect performance. The only resource-consuming process is scanning hard drives, and in all other cases, the antivirus has virtually no effect on system performance.

The antivirus includes: a classic antivirus, an online scanner that protects your computer in real time, and an antispyware module. on our website.

ESET NOD32 ANTI-VIRUS

ESET NOD32 is also a fairly popular antivirus tool; like most other similar products, it has a classic antivirus, web antivirus and antispyware. NOD32 is one of the fastest antiviruses, the operation of which does not in any way affect the operation of the system.

ESET NOD32 Business Edition includes a centralized system for protecting servers from Trojans, ad viruses, worms and many other threats. The product also contains ESET app Remote Administrator used for administration corporate networks.

ESETNOD32 Business Edition Smart Security– a tool for comprehensive protection of servers and workstations in large enterprises and offices, includes antivirus, antispam, antispyware and personal firewall.

Comodo Antivirus Free

When talking about popular antivirus tools, one cannot fail to mention free antivirus COMODO. It may not be the most powerful antivirus product, but its main advantage is that it is completely free. It is free to use at home and in business. Despite being free, COMODO provides a fairly impressive range of antivirus tools.

COMODO also produces paid security products. The most powerful of this company's paid antiviruses is Comodo Internet Security Complete, which is suitable for ensuring security, even in large production facilities or in the office.

Conclusion on choosing an antivirus

The choice of antivirus programs is very large and they all have certain advantages and disadvantages. There are both paid and free antiviruses. Of course, many users, especially for commercial organizations, strive to purchase paid product to be as confident as possible in the safety of your PCs. But also among free antiviruses There is a large selection of tools capable of ensuring information security at the proper level.