In copies of itself to grow in your computer, the virus should be possible to execute code and write code into memory. For this reason, many viruses attach to executable files that can be part of legitimate programs. If a user tries to launch a program that is infected, the virus code can be run simultaneously. Viruses can be divided into two types according to their behavior when they run. non-resident viruses immediately search for other computers that may be infected, infect these targets, then transfer control to the program an infected application. Resident viruses do not search for hosts when they started. Instead, you load the memory resident virus in the execution and transfer control to host program. The virus remains active in the background and infects new hosts when files are accessed from another program or operating system itself.
Non-resident viruses
Non-resident viruses can be considered as composed of modules and module finder replication. Finder module is responsible for finding new files to infect. For each new executable file finder module meeting, she calls the replication module to infect files.
Resident viruses
Resident viruses contain a replication module which is similar to what is used by the virus overseas. This module, however, is called a finder module. The cost in the form of virus replication in memory when running, however, and ensuring that this module runs every time you call the operating system to perform certain operations.Replication module can be called, for example, each time the operating system executing file. In this case, the virus infects all the right programs running on your computer.
Resident viruses are sometimes divided into the category of fast infectors and a category slow infectors. Fast infectors are designed to infect as many files as possible. A fast infector, for instance, can infect every potential host file that is accessed. This poses a particular problem when using anti-virus software as a virus scanner will have access to all files that have the potential to accommodate the computer when you run the analysis at the system level. If the virus does not realize that this virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that were analyzed. Fast infectors rely on fasting levels of the spread of infection.
The disadvantage of this method is that infecting many files may make detection more likely, because the virus can slow down your computer or perform many suspicious actions that can be seen from anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. Some slow infectious agent, for example, only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: this is less likely to reduce significantly the computer and at best, often trigger anti-virus software that detects suspicious behavior in the program. Slow infector approach, however, does not seem right.
0 komentar:
Post a Comment