有關(guān)電腦病毒英文文獻(xiàn)
下面這篇是下面是學(xué)習(xí)啦小編給大家?guī)淼囊环蓐P(guān)于計算機(jī)病毒的英文文獻(xiàn)和中文翻譯,希望對你有幫助。
COMPUTER VIRUSES
What are computer viruses?
According to Fred Cohen‟s well-known definition, a computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a “virus”. However, Cohen uses the terms within his definition (e.g. “program” and “modify”) a bit differently from the way most anti-virus researchers use them, and classifies as viruses some things which most of us would not consider viruses.
Computer viruses are bits of code that damage or erase information, files, or software programs in your computer, much like viruses that infect humans, computer viruses can spread, and your computer can catch a virus when you download an infected file from the Internet or copy an infected file from a diskette. Once the viruses is embedded into your computer‟s files, it can immediately start to damage or destroy information, or it can wait for a particular date or event to trigger its activity. What are the main types of viruses?
Generally, there are two main classes of viruses. The first class consists of the file Infectors which attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS,.OVL,.PRG,&.MNU files.
File infectors can be either direct action or resident. A direct-action virus selects one or more other programs to infect each other time the program which contains it is executed ,and thereafter infects other programs when “they” are executed (as in the case of the Jerusalem) or when certain other conditions are fulfilled. The Vienna is an example of a direct-action virus. Most other viruses are resident.
The second class is system or boot-record infectors: those viruses, which infect executable code, found in certain system areas on a disk that are not ordinary files. On DOS systems, there are ordinary boot-sector viruses, which infect only the DOS boot sector on diskettes. Examples include Brain, Stoned, Empire, Azusa, and Michelangelo. Such viruses are always resident viruses.
Finally, a few viruses are able to infect both (the Tequila virus is one example). There are often called “multipartite” viruses, though there has been criticism of this name; another name is “boot-and -file” virus.
File system or cluster viruses (e.g. Dir-II) are those that modify directory table entries so that the virus is loaded and executed before the desired program is. Note that the program itself is not physically altered; only the directory entry is. Some consider these infectors to be a third category of viruses, while others consider them to be a sub-category of the file infectors. What are macro viruses?
Many applications provide the functionality to create macros. A macro is a series of commands to perform some application-specific task. Macros are designed to makelife easier, for example, to perform some everyday tasks like text-formatting or spreadsheet calculations.
Macros can be saved as a series of keystrokes (the application record what keys you press); or they can be written in special macro languages (usually based on real programming languages like C and BASIC). Modern applications combine both approaches; and their advanced macro languages are as complex as general purpose programming languages. When the macro language allows files to be modified, it becomes possible to create macros that copy themselves from one file to another. Such self-replicating macros are called macro viruses.
Most macro viruses run under Word for Windows. Since this is a very popular word processor, it provides an effective means for viruses to spread. Most macro viruses are written using the macro language WordBasic. WordBasic is based on the good old BASIC programming language. However, it has many (hundreds of) extensions (for example, to deal with documents: edit, replace string, obtain the name of the current document, open new window, move cursor, etc.). What is a Trojan horse program?
A type of program that is often confused with viruses is a „Trojan horse‟ program. This is not a virus, but simply a program (often harmful) that pretends to be something else.
For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mail your saved passwords to another person.
Note: simply download a file to your computer won‟t activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document. What kind of files can spread viruses?
Viruses have the potential to infect any type of executable code, not just the files that are commonly called “program files”. For example, some viruses infect executable code in the boot sector of floppy disk or in system areas of hard drives. Another type of virus, known as a “macro” virus, can infect word processing and spreadsheet documents that use macros. And it‟s possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code. Since viruses code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, .etc., as well as plain text in .txt files. For example, just viewing picture files won‟t infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file which the computer will actually try to execute. How do viruses spread?
The methodology of virus infection was pretty straightforward when first computer viruses such as Lehigh and Jerusalem started appearing. A virus is a small piece of computer code, usually form several bytes to a few tens of bytes, that can do, well, something unexpected. Such viruses attach themselves to executable files— programs,
so that the infected program, before proceeding with whatever tasks it is supposed to do, calls the virus code. One of the simplest ways to accomplish that is to append the virus code to the end of the file, and insert a command to the beginning of the program file that would jump right to the beginning of the virus code. After the virus is finished, it jumps back to the point of origination in the program. Such viruses were very popular in the late eighties. The earlier ones only knew how to attach themselves to .Com files, since structure of a .COM file is much simpler than that of an .EXE file—yet another executable file format invented for MS-DOS operating system. The first virus to be closely studied was the Lehigh virus. It attached itself to the file that was loaded by the system at boot time—COMMAND.COM. the virus did a lot of damage to its host, so after three-four replications it was no longer usable. For that reason, the virus never managed to escape the university network.
When you execute program code that‟s infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network. And the newly infected programs will try to infect yet more programs.
When you share a copy of an infected file with other computer users, running the file may also infect their computer; and files from those computers may spread the infection to yet more computers.
If your computer if infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies.
Some viruses, known as „multipartite‟ viruses, and spread both by infecting files and by infecting the boot areas of floppy disks. What do viruses do to computers?
Viruses are software programs, and they can do the same things as any other program running on a computer. The accrual effect of any particular virus depends on how it was programmed by the person who wrote the virus.
Some viruses are deliberately designed to damage files or otherwise interfere with your computer‟s operation, while other don‟t do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading.
Note that viruses can‟t do any damage to hardware: they won‟t melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.
Modern viruses can exist on any system form MS DOS and Window 3.1 to MacOS, UNIX, OS/2, Windows NT. Some are harmless, though hard to catch. They can play a jingle on Christmas or reboot your computer occasionally. Other are more dangerous. They can delete or corrupt your files, format hard drives, or do something of that sort. There are some deadly ones that can spread over networks with or without a host, transmit sensitive information over the network to a third party, or even mess with financial data on-line.
What‟s the story on viruses and E-mail? You can‟t get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded message containing embedded executable code (i.e., JavaScript in HTML message) or message that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, you computer has to execute some type of code .This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There‟s no special hazard in files attached to Usenet posts or E-mail messages: they‟re no more dangerous than any other file. What can I do to reduce the chance of getting viruses from E-mail?Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If you E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature. My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, Who it came from, and why it was sent to you. The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it. Some General Tips on Avoiding Virus Infections Install anti-virus software from a well-known, reputable company. UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn‟t been updated for several months will not provide much protection against current viruses. In addition to scanning for viruses on a regular basis, install an „on access‟ scanner (included in most good a-v software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file. Virus scans any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections. Anti-virus programs aren‟t very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or „dubious‟ sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren‟t well-known or don‟t have a good reputation, and executable files unexpectedly received as attachments to E-mail. Be extremely careful about accepting programs or other flies during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially younger
What‟s the story on viruses and E-mail? You can‟t get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded message containing embedded executable code (i.e., JavaScript in HTML message) or message that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, you computer has to execute some type of code .This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There‟s no special hazard in files attached to Usenet posts or E-mail messages: they‟re no more dangerous than any other file. What can I do to reduce the chance of getting viruses from E-mail?Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If you E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature. My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, Who it came from, and why it was sent to you. The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it. Some General Tips on Avoiding Virus Infections Install anti-virus software from a well-known, reputable company. UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn‟t been updated for several months will not provide much protection against current viruses. In addition to scanning for viruses on a regular basis, install an „on access‟ scanner (included in most good a-v software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file. Virus scans any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections. Anti-virus programs aren‟t very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or „dubious‟ sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren‟t well-known or don‟t have a good reputation, and executable files unexpectedly received as attachments to E-mail. Be extremely careful about accepting programs or other flies during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially younger
What‟s the story on viruses and E-mail? You can‟t get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded message containing embedded executable code (i.e., JavaScript in HTML message) or message that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, you computer has to execute some type of code .This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There‟s no special hazard in files attached to Usenet posts or E-mail messages: they‟re no more dangerous than any other file. What can I do to reduce the chance of getting viruses from E-mail?Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If you E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature. My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, Who it came from, and why it was sent to you. The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it. Some General Tips on Avoiding Virus Infections Install anti-virus software from a well-known, reputable company. UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn‟t been updated for several months will not provide much protection against current viruses. In addition to scanning for viruses on a regular basis, install an „on access‟ scanner (included in most good a-v software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file. Virus scans any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections. Anti-virus programs aren‟t very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or „dubious‟ sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren‟t well-known or don‟t have a good reputation, and executable files unexpectedly received as attachments to E-mail. Be extremely careful about accepting programs or other flies during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially younger What‟s the story on viruses and E-mail?
You can‟t get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded message containing embedded executable code (i.e., JavaScript in HTML message) or message that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, you computer has to execute some type of code .This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There‟s no special hazard in files attached to Usenet posts or E-mail messages: they‟re no more dangerous than any other file.
What can I do to reduce the chance of getting viruses from E-mail?
Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file.
If you E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.
My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, Who it came from, and why it was sent to you.
The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it. Some General Tips on Avoiding Virus Infections
Install anti-virus software from a well-known, reputable company. UPDATE it regularly, and USE it regularly.
New viruses come out every single day; an a-v program that hasn‟t been updated for several months will not provide much protection against current viruses.
In addition to scanning for viruses on a regular basis, install an „on access‟ scanner (included in most good a-v software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file.
Virus scans any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.
Anti-virus programs aren‟t very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or „dubious‟ sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren‟t well-known or don‟t have a good reputation, and executable files unexpectedly received as attachments to E-mail.
Be extremely careful about accepting programs or other flies during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially youngerones) use the computer, make sure they know not to accept any files while using chat. Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive and a recent backup may be the only way to recover your data.
Ideally, you should back up your entire system on a regular basis. If this isn‟t practical, at least backup files you can‟t afford to lose or that would be difficult to replace: documents, bookmark files, address books, important E-mail, etc. Dealing with Virus Infections
First, keep in mind “Nick‟s First Law of Computer Virus Complaints”:
“Just because your computer is acting strangely or one of your programs doesn‟t work right, this does not mean that your computer has a virus.”
If you haven‟t used a good, up-to-date anti-virus program on your computer, do that first. Many problems blamed on viruses are actually caused by software configuration errors or other problems that have nothing to do with a virus.
If you do get infected by a virus, follow the direction in your anti-virus program for cleaning it. If you have backup copies of the infected files, use those to restore the files. Check the files you restore to make sure your backups weren‟t infected. for assistance, check the web site and support service for your anti-virus software. Note: in general, drastic measures such as formatting your hard drive or using FDISK should be avoided. They are frequently useless at cleaning a virus infection, and may do more harm than good unless you‟ re very knowledgeable about the effects of the particular virus you‟re dealing with.
中文翻譯:
計算機(jī)病毒
什么是計算機(jī)病毒?按照Fred Cohen的廣為流傳的定義,計算機(jī)病毒是一種侵入其他計算機(jī)程序中的計算機(jī)程序,他通過修改其他的程序從而將(也可能是自身的變形)的復(fù)制品嵌入其中。注意一個程序之所以成為“病毒”,并非一定要起徹底的破壞作用(如刪除或毀壞文件)。然而,Cohen在他的定義(即“程序”和“修改”)中使用的“病毒”這個術(shù)語與大多數(shù)反病毒研究人員使用的“病毒”術(shù)語有些差別,他把一些我們多數(shù)人認(rèn)為不是病毒的東西也歸類為病毒。計算機(jī)病毒是一些能破壞或刪除計算機(jī)中的信息、文件或程序的代碼。正如感染人體的病毒一樣,計算機(jī)病毒能夠擴(kuò)散。當(dāng)你的計算機(jī)從互聯(lián)網(wǎng)上下載一個被感染的文件,或者從磁盤上復(fù)制一個被感染的文件時,你的計算機(jī)就會染上病毒。而一旦病毒進(jìn)入到你的計算機(jī)文件中,它就能馬上破壞或摧毀其中的信息,或者等到某個特殊的日期或事件來臨時才觸發(fā)其破壞活動。個人計算機(jī)病毒主要有哪些類型?一般來說,主要存在著兩類計算機(jī)病毒。第一類由文件感染型病毒組成,他們將自身依附在普通的程序文件上。這些病毒通常感染任意的.COM和/或EXE文件,盡管有些也感染具有執(zhí)行功能的文件,如.SYS,.OVL,.PRG和.MNU文件. 文件感染型病毒又可分為“立即執(zhí)行型”和“駐留型”。立即執(zhí)行型病毒在含有它的程序每次執(zhí)行是都對其他的一個或多個文件進(jìn)行感染,而駐留型病毒在被感染的程序第一次執(zhí)行時先將自己隱藏在內(nèi)存中的某個地方,以后當(dāng)其他程序執(zhí)行或當(dāng)某些其他程序特定條件滿足時就對它們進(jìn)行感染(就像耶路撒冷病毒一樣)。維也納病毒是立即執(zhí)行型病毒的一個例子,大多數(shù)其他病毒則是駐留型病毒。第二類病毒是系統(tǒng)病毒或引導(dǎo)區(qū)記錄感染型病毒,這些感染可執(zhí)行代碼的病毒出現(xiàn)在磁盤的某些系統(tǒng)區(qū)中,而不是普通文件中。在DOS系統(tǒng)中,常見的引導(dǎo)扇區(qū)病毒和主引導(dǎo)記錄病毒,前者只感染DOS引導(dǎo)扇區(qū),后者感染硬盤的主引導(dǎo)記錄和軟盤的DOS引導(dǎo)扇區(qū)。第二類病毒的例子包括大腦病毒、大麻病毒、帝國病毒、Azusa以及米開郎基羅病毒等,此類病毒通常為駐留型病毒。另外,有些病毒能感染上述兩種對象(如蒸餾酒病毒就是一個例子),這些病毒常稱為“多成分”病毒(盡管這個名字曾遭到過批評),它們的另一個名字是“引導(dǎo)區(qū)和文件型”病毒。文件系統(tǒng)型病毒或“簇”病毒(如Dir-II病毒)是那種修改文件目錄表項并且在文件裝入、執(zhí)行前就被裝入和執(zhí)行的病毒。注意,程序本身實際上并沒有被修改,只是目錄項被修改。有些人把這種感染型病毒看作是第三類病毒,而另一些人把它看作是文件感染型病毒的子類。什么是宏病毒?許多應(yīng)用程序都提供了創(chuàng)建宏的功能。宏是一個完成特定應(yīng)用任務(wù)的命令序列。設(shè)計宏的目的是使諸如文本格式化或電子表格計算這樣的日常工作更為簡單。宏可以保存成一系列擊鍵(即應(yīng)用程序記錄你按了哪些鍵),或者它們能夠用某些特殊的宏語言像通用程序設(shè)計語言一樣復(fù)雜。當(dāng)宏語言允許文件被修改時,就有可能建立能將自身從一個文件復(fù)制到另一個文件上的宏。這種具有自復(fù)制功能的宏稱作宏病毒。
大多數(shù)的宏病毒都是在Windows的Word軟件中運(yùn)行的,因為Word是一種流行的字處理器,它為病毒的擴(kuò)散提供了有效的途徑。大部分的宏病毒是用WordBasic宏語言編寫的。WordBasic基于以前的性能良好的BASIC編程語言,然而它有很多(幾百種)擴(kuò)展功能(如下列文件處理功能:編輯、替換字符串、獲取當(dāng)前文檔的名字、打開一個新的窗口、移動光標(biāo)等)。 什么是特洛伊木馬程序?
通常與病毒想混淆的一種程序是特洛伊木馬程序.。它不是病毒,僅僅是扮作其他東西的程序(常常是有害的)。
例如,你可能下載了你認(rèn)為是新游戲的東西,但當(dāng)你運(yùn)行它時,它刪除了你硬盤上的文件?;蛘弋?dāng)你第三次運(yùn)行該游戲時,該程序把你保存了的密碼發(fā)送給其他人。 注意:僅僅把一個文件下載到你計算機(jī)不會激活病毒或特洛伊木馬程序。你必須執(zhí)行文件中的代碼才能出觸發(fā)它。這意味著運(yùn)行一個程序文件或打開一個可以執(zhí)行文檔中的宏的程序(如Word或Excel)中的Word/Excel文檔。 哪些文件可以傳播計算機(jī)病毒?
計算機(jī)病毒有感染任何可執(zhí)行代碼的潛力,不僅僅是通常叫做“程序文件”的文件。例如,某些計算機(jī)病毒感染軟盤引導(dǎo)區(qū)或硬盤系統(tǒng)區(qū)域的可執(zhí)行代碼。另外有一種叫做“宏”
的計算機(jī)病毒,可以感染使用宏的字處理程序和電子表格程序。包括JavaScript和其他可執(zhí)行類型代碼的HTML文檔也可能傳播計算機(jī)病毒或其他惡意代碼。 因為計算機(jī)病毒代碼必須被執(zhí)行才能實現(xiàn)任何感染,所以被計算機(jī)當(dāng)作純數(shù)據(jù)的文件是安全的。這包括.gif、.jpg、.mp3、.wav等圖形和聲音文件,也包括以.txt為擴(kuò)展名的簡單文本文件。例如,只查看圖片不會使計算機(jī)感染病毒。病毒代碼必須存在于一個形式中,像計算機(jī)實際上可執(zhí)行的.exe程序文件或Word和.doc文件。
計算機(jī)病毒是如何傳播的?
當(dāng)初的病毒(如Lehigh and Jerusalem病毒)開始出現(xiàn)的時候,病毒感染的的方法是非常直截了當(dāng)?shù)?。一個病毒是一小段計算機(jī)代碼,通常是幾個到幾十個字節(jié),它們能做一些意想不到的事情。比如,這些病毒將自身依附到可執(zhí)行文件(即程序)上面,這樣,被感染的程序在執(zhí)行它自身的任務(wù)前首先調(diào)用病毒代碼。實現(xiàn)這種目的的一個最簡單的方法是將病毒代碼附加文件的尾部,并且在程序文件的開頭處插入一條命令,使得控制正好能跳到病毒代碼的開始處,在病毒代碼被執(zhí)行完以后,控制又跳回到程序的初始點(diǎn)。這種病毒在80年代后期很常見。早期的病毒只知道附加到.COM文件上,因為他的結(jié)構(gòu)比MS-DOS操作系統(tǒng)的另一種可執(zhí)行文件格式——.EXE文件更簡單。第一個被人們深入研究的病毒是Lehigh病毒,它把自身附加到啟動時由系統(tǒng)裝入的文件COMMAND.COM中。病毒對宿主程序能帶來很多破壞,因為這些程序在經(jīng)過三、四次復(fù)制以后就不可再使用。正因如此,病毒無法從大學(xué)的網(wǎng)絡(luò)上消除干凈。 當(dāng)你執(zhí)行一個感染了病毒的程序代碼時,病毒程序也將進(jìn)行并試圖感染本計算機(jī)過通過網(wǎng)絡(luò)相連的其他計算機(jī)上的其他程序。最新感染的程序?qū)⒃噲D感染更多的程序。
當(dāng)你與其他計算機(jī)用戶共享一個感染文件的拷貝時,運(yùn)行該文件也可以感染他們的計算機(jī)。并且,這些計算機(jī)中的文件也可能把病毒傳染給更多的計算機(jī)。 如果你的餓計算機(jī)已經(jīng)感染了引導(dǎo)區(qū)病毒,該病毒試圖把自身的拷貝寫到軟盤的
系統(tǒng)區(qū)域。然后,感染了的軟盤可能感染用它們引導(dǎo)的其他計算機(jī),而硬盤上的病毒拷貝將試圖感染更多的軟盤。一些病毒,也叫做“多部分”病毒,既可以通過感染可以通過感染軟盤的引導(dǎo)扇區(qū)來傳播。計算機(jī)病毒對計算機(jī)做什么?病毒是軟件程序,它所做的事情與計算機(jī)上運(yùn)行的任何其他程序所做的事情相同。任何一個特別病毒的實際效果取決于編寫病毒的程序員是如何編寫的。有些病毒有意設(shè)計為損壞文件和妨礙計算機(jī)的運(yùn)行,也有一些病毒只傳播自己而不做其他任何事情。但即便只傳播自己的病毒也是有害的,因為它們在傳播過程中損壞文件,還可能引起其他問題。注意病毒不會對硬件造成任何損壞:它們不會徹底損壞你的CPU,也不會燒壞你的硬盤,引起你的顯示器爆炸等。關(guān)于病毒將物理上破壞你的計算機(jī)的警告通常是惡作劇,不是合理的病毒警告。現(xiàn)代病毒能夠存在于從MS DOS 、Windows 3.1到MacOS、UNIX、OS/2、Windows NT等各種系統(tǒng)上。有些盡管難以發(fā)現(xiàn),但卻是無害的,它們知識偶爾在圣誕節(jié)產(chǎn)生叮當(dāng)聲或重新啟動你的系統(tǒng);另一些病毒卻是有害的,它們能夠刪除或破壞你的文件、格式化硬盤或者做一些其他的事情;還有一些是致命的病毒,它們能隨或不隨宿主程序在網(wǎng)上傳播,通過網(wǎng)絡(luò)向第三方式從敏感的信息,或者甚至搞亂即時財經(jīng)數(shù)據(jù)。關(guān)于病毒和電子郵件有什么誤解?僅僅閱讀一個純文本的電子郵件或Usenet郵件不可能得到一個病毒。你必須警惕的是那些包含了可執(zhí)行代碼的編程消息(例如一個HTML消息中的JavaScript)或包含一個可執(zhí)行文件附件的消息(例如一個編碼程序文件或包含宏的Word文檔)。要激活病毒或特洛伊木馬程序,你的計算機(jī)必須執(zhí)行某種代碼。這可能是附在電子郵件的程序、從因特網(wǎng)下載的Word文檔或從軟盤上接受的某些東西。附加在Usenet郵件或電子郵件消息的文件并不特別危險:它們并不比其他文件更危險。怎樣減少從電子郵件感染病毒的機(jī)會?像對待任何其他新文件一樣小心對待可能包含可執(zhí)行代碼的任一文件附件:把附件保存到磁盤上,在運(yùn)行該文件之前,先用更新過的病毒掃描檢查它。如果你的電子郵件或新軟件有能力自動執(zhí)行JavaScript、Word宏或其他包括在消息中或附加在消息中的可執(zhí)行代碼,建議關(guān)閉這一功能。如果一個電子郵件令人意外地出現(xiàn)一個可執(zhí)行文件,除非你確實核實了它是什么、從誰那里來、為什么要發(fā)給你,否則刪除它。最近爆發(fā)的美麗殺病毒就是一個活生生的范例,說明當(dāng)你接收到帶附加文件過文檔時要特別小心。只因為一個電子郵件來自你信任的某人,并不意味著該文件就是安全的或假定的發(fā)送者與此有任何關(guān)系。避免病毒感染的一些普通技巧?安裝著名公司的防病毒軟件,定期升級定期使用。新的計算機(jī)病毒每天都可能到來。幾個月不升級的病毒軟件面對當(dāng)前的病毒不能提供什么保護(hù)。要定期掃描病毒,除此之外安裝“訪問時”掃描程序(大部分好的防病毒軟件包中都有),并把它們配置為每次開機(jī)時自動啟動。這將通過每次訪問可執(zhí)行文件就自動檢查病毒來保護(hù)你的系統(tǒng)。
在打開或執(zhí)行一個新程序或其他包含可執(zhí)行代碼的文件之前,先進(jìn)行病毒掃描,無論它們來自哪里。也有出售的軟盤和CD-ROM光盤傳播病毒的情況。防病毒程序不能很好地檢查特洛伊木馬程序,所以當(dāng)打開來自不知道的或“不確定的”源的二進(jìn)制文件和Word/Excel文檔是要特別小心。這包括:二進(jìn)制新聞組的郵件、來自不著名或良好聲譽(yù)的Web/ftp網(wǎng)站的下載、收到意外的作為電子郵件附件的可執(zhí)行文件。在聯(lián)網(wǎng)聊天時接收到的程序其他文件要特別小心:這似乎是人們感染計算機(jī)病毒或惹上特洛伊木馬麻煩的更普遍的途徑之一。如果任何一個家庭成員(特別是年輕人)使用了計算機(jī),一定要讓他們知道聊天時不能接收任何文件。定期備份。某些病毒或特洛伊木馬程序會刪除和破壞硬盤上的文件,而最近的備份也許是恢復(fù)數(shù)據(jù)的唯一途徑。理想的情況是,定期備份整個系統(tǒng)。如果做不到,至少要備份不能承受丟失或難以替代的文件:文檔、書簽文件、地址薄、重要的電子郵件等。處理病毒感染首先,謹(jǐn)記“計算機(jī)病毒癥的尼克第一定律”:“僅僅因為你的計算機(jī)表現(xiàn)奇怪或一個程序不能正常工作,這并不意味著你的計算機(jī)有了病毒。”如果你的計算機(jī)沒有使用好的、升級過的防病毒程序,先做這件事吧。許多歸咎于病毒的問題實際上是由軟件配置錯誤或其他與病毒無關(guān)的問題引起的。如果你被計算機(jī)病毒感染了,按照你恢復(fù)的文件的說明來清除它。如果備份了被感染的文件,用防病毒軟件來恢復(fù)它。檢查你恢復(fù)的文件確保你的備份沒有被感染。要尋求幫助,請查看網(wǎng)站及防病毒軟件的支持服務(wù)。注意:一般來說,應(yīng)該避免使用像格式化硬盤或用FDISK這樣的過激措施。這常常對清除病毒感染無效,并且弊大于利,除非你對處理的病毒非常了解。