In the recent years, through the transmission of e-mail, the virus has become the biggest hazard to the
development of the network industry. Since the past few years, a wide range of
viruses has been spread through the internet. As the internet is becoming a global
tool, the virus is also becoming a global troublemaker
and system killer. Compared with the traditional virus, the viruses spread
through the network, especially the e-mail, shows faster speed and more
powerful lethality. On the basis of
analyzing the characteristic of the computer virus in the information
technology age, the effective way of preventing virus will be discussed.
Number of new malware specimen (in million)
Table 1: Malware trends 2007 – 2017
The generation of
computer virus is the inevitable product of the development of computer
technology and the process of computer-based
social information development to a certain stage.
virus is a new form of
high technology crime, which is instantaneous, dynamic and random. It is essentially
difficult to obtain evidence, and it can damage the computer dramatically.
Because it has a small risk and huge
damage, it irritates the crime consciousness and criminal activity. It reflects
some people’s mischievous and retaliatory mindset in the field of computer
The technical reason
is the vulnerability of the software and hardware of the modern computer. The
software could be easily deleted or rewritten. And, the manual way to design
the computer software is inefficient and not secured, due to its long
production cycle. The designer has no way to know whether there is any mistake
in the program before the program is in operation. The mistake could be
modified only in the operation. Designers have no idea how many errors and
defects are hidden in the program. Those vulnerabilities provide a tunnel for
the invasion of the virus.
The popularization of
computers is the necessary environment for
the generation of a computer virus. The
hardware of most of the modern computers is simple, and the operating system is highly transparent. Due to
the lack of security, more and more users are able to understand clearly the shortcoming of the computer. They could make different
attack choices based on different purposes.
virus can be hidden in
computer storage medium (the hard drive) or program. When a certain condition is qualified, the computer
virus is activated by some program or
instructed remotely to destroy computer resources. The computer virus is a
small program, but it is different from the computer program with some unique
Parasitism: computer virus is
parasitic in another program. When executing this program, the virus will begin
to destroy; however, it is not easy to be detected before it starts.
Infectivity: computer virus can
not only destruct but also infect. The
infection speed is hard to contain once the virus is produced and duplicated.
In the biology world, the virus spread
from one organism to another through infection. Under appropriate conditions,
it can be reproduced in large quantities, and wells make the infected organisms
show illness or even death. Similarly, computer viruses will spread from
infected computers to non-infected computers through various channels. In some cases, the
infected computers will be in disorder or even paralyzed. Unlike the biological
virus, a computer virus is a piece of a human-generated
computer program, that can be transferred to other computers. Once the
program is executed, it will search for other program or storage medium
containing infectious conditions. It will determine the target and they insert its own code into another program
to achieve the purpose of self-reproduction.
If a computer is infected, if it is not processed in time, the virus will
spread quickly on this machine, and a large number of files (usually executable
files) will be infected. The infected documents have become a new source of
infection, and then infect other machines or contact them through the network,
the virus will continue to spread. Normal computer programs generally do not
connect their own code to other programs. The virus can force its own code to
infect all non-infected programs. Computer viruses can infect other computers
through various possible channels, such as USB, and computer networks. When a
computer virus is found on a machine, the carrier that is used to transfer
files is also infected. Other computers
that are on the same network as the
infected computer may also be infected by the virus, too. Whether it is
contagious or not is the most important condition for judging whether a program
is a computer virus.
Latency: some viruses are pre-designed to make an attack at the certain
time, just like a time bomb. When a certain
condition is qualified, it will explode at once and destroy the system.
An elaborate computer virus program will not outbreak at the moment it enters
the operation system. It could be hidden in legal documents in a few weeks,
months, or even a few years. It will start to infect the system, and it will
not be found easily. The better the latent, the longer the computer virus will
exist in the system, and the greater the scope of infection the virus will do.
The first behavior of latent refers to its crypticity. A computer virus program will
not be found without certain professional detection program. The virus could
quietly hide in disk or carriers for several days or even years. The virus will
operate and continue to bread, spread and harm when it gets the opportunity. The second behavior
of latency is that there is usually an internal
trigger mechanism in the computer virus. When it does not meet the trigger
condition, the computer virus will hibernate beside infecting. Once the trigger
condition is satisfied, some of the computer viruses will display information,
graphics or special marks on the screen, others perform operations that destroy
the system, such as formatting disk, deleting disk files, encrypting data
files, blocking keyboards, and locking the system.
Hidden: computer virus has
a strong concealment. Some of them can be checked out by anti-virus software,
others cannot be found at all. That virus is usually difficult to deal with.
Destructiveness: when a computer is infected by the computer virus, it may not able to
run the software normally. The files
might be deleted or be damaged in varying degrees.
Triggering: a computer virus,
due to the occurrence of an event or value, starts to carry out infection or
attack is called triggering. In order to conceal, the virus must lurk. If the
computer virus is completely inactive and lurking, the virus can neither infect
nor destroy. The virus needs to be able to hide and keep its power of destroying as well. Therefore, it must know
when to switch its status. The triggering mechanism of a virus is used to
control the frequency of infection and destruction. The virus has a
predetermined trigger condition, which may be time, date, file type, or certain
data. When the virus is running, the trigger mechanism checks whether the
predetermined conditions are met. If the condition is satisfied, it will start
the infection or destruction action. If the condition is not satisfied, the
virus will continue to lurk.
The most common
computer virus (for Windows only)
System virus: prefix: Win32, PE, W32, etc. These viruses can generally infect the *.exe and
*.dll files of the Windows operating
system and spread through these files.
Worm virus prefix: Worm. The virus is transmitted through network or
system vulnerabilities, and most of the worm viruses are sent out by email. It could block the internet.
Figure 2: Warm Virus
Trojan virus, hacker virus. The prefix of the Trojan virus is
Trojan, and the hacker virus prefix is generally named Hack. The public
character of Trojan virus is to enter the user’s system through the network or
system vulnerabilities and hide. And then it will disclose the user’s
information to the outside world. The hacker has a visual interface to control
the user’s computer remotely. Trojan horses and hacker viruses often appear in
pairs, that is Trojan horse is responsible for intruding into the user’s
computer, and hacker virus will be controlled through the Trojan virus. Now
these two types are becoming more and more integrated
Figure 3: Trojan
Bundled machine virus, prefix: Binder. The public property of this kind of
virus is that the virus is bundled with some applications that are available on the internet. It looks like a normal file by
its appearance. When the user runs the program, the bundled virus will be activated,
and begin to damage.
Script virus, prefix: Script. The public feature of a script virus
is that it is written in a scripting language and it is transmitted through a
Implant virus: The public character of
the virus is the release of one or more new viruses from the body to the system
directory. The newly generated viruses will do the job of destruction.
Destructive program virus, prefix: Harm. The public character of these viruses
is that they have attractive icons to entice users to click. When users
clicking on such viruses, viruses will directly damage users’ computers.
Benign virus: it is a code that does not contain immediate damage
to a computer system. This kind of virus will do nothing except keep spreading
from one computer to another. It does not destroy any data in the computer.
Some people dismiss about the infection of this kind of computer virus and think it’s a joke. In fact, both
benign and malignant are relative. After obtaining the system control, a benign
virus will cause the whole system and application to fight for the control of
CPU, and cause the whole system to be a deadlock
at any time. This will cause trouble to normal operation.
The most important
hardware and software entities in the computer network are servers and
workstations. Therefore, the server and the workstation should be considered
the first for prevention and control of computer network viruses. On the other
hand, strengthening comprehensive control is also important. The network server
is the center of the computer network, and it is the backbone of the network.
One of the important signs of network paralysis is the paralysis of the network
server. Once the network server is knocked down, the loss is catastrophic,
irretrievable, and inestimable.
Prevention of local area network virus:
Virus prevention has become
a very important part of the daily management of the local area network (LAN)
in the company, due to the huge number of computers in LAN and the users are on
the different level of anti-virus.
Therefore, the prevention of computer virus should qualify the following
It is essential to
select the anti-virus software application and update the virus database.
Install all kinds of
patches, timely installation of various patches is also very important
Standardize the use
of electronic mail.
Do a backup of
work and data. To a company, the most important part should be the files and
data in the storage
Isolate the infected
Prevention on the user end
Pay attention to the
attachment of the mail as much as possible.
Always in a set of
Pre-scan the accessories before opening any attachment
Pay attention to the
file extension. Windows allows users to use multiple extensions when naming
files, but many e-mail programs display only the first extension. This will
camouflage the virus.
Do not run unknown
Never blind forward
vulnerabilities. Many network viruses are now spread with Microsoft’s IE and
Don’t take the
documents casually. Try not to accept files from strangers in the online chat
system, such as Skype or Facebook.
Do automatic virus
check. Ensure that the computer will do an automatic
virus check on the inserted plug and play media, as well as e-mail and
Figure 3, warning
Prevention using firewall
Firewall is a
threshold for controlling the incoming and outgoing
communication. On the network, the internal and external network is isolated
through the established network communication monitoring system to block the
intrusion of the external network. There are three main types of firewalls at
filtering firewall: packet filter firewall is set in the
network layer. And packet filtering can be implemented on the router.
Proxy firewall: proxy firewall, also called application level and gateway
level firewall is composed of a proxy server and filter router.
Double point host firewall: it is the firewall used to perform security control
function by the host.
Physical security strategy:
policy should be designed to protect a computer
system, network servers, printers and other hardware and communication
links from natural disasters, human-made destruction, and wiretapping attack. Authenticating users and their permission
is a way to prevent unauthorized users to operate. Establish a safety
management system, to prevent illegal access to computer control room and all
kinds of theft and sabotage.
Most of the programs
installed in the Windows10 operating system
requires the certain administrative authority
to be used. The company could take this
advantage, and eliminate unnecessary people to touch certain program. Thus,
lower the probability of getting the program infected and damaged by a computer virus. When needed, the company could
assign a temporary administrative authority to access the program. When users get the permission, they can log in to Windows10 with their identities, then
right-click the setup file, press and hold the Shift key on the keyboard, click
from the shortcut menu then appears in the operation mode, with the
corresponding management authority. Finally, they will be required to enter the
username and password in the pop-up window.
Information encryption strategy:
The purpose of
encrypting the information is to protect the data, file, password, and control
information in the network, thus protect the data transmitted on the internet.
There are three common methods of network encryption: link encryption, endpoint
encryption, and node encryption. The
purpose of link encryption is to protect link information security between
network nodes. The purpose of end-to-end encryption is to protect data from
users to destination ends, and the purpose of node encryption is to provide
protection for transmission links between source nodes and destination nodes.
The user can choose the above encryption method according to the network
In the network
security, besides the above technical measures, strengthening the safety
management of the network and formulating the relevant rules and regulations
will play a very effective role in ensuring the safe and reliable operation of
the network. The safety management strategy of the network includes:
determining the level of safety management Formulating the operation rules of
network operation and the management system of personnel access to the computer
room. And establishing the maintenance system and emergency measures of the
From the analysis in the report body, it was concluded
that although computer viruses are terrible, as long as we do all kinds of work
for computer virus prevention and security strategy, we can still avoid the
infection of a computer virus. To ensure
computer and network security, it is not enough to rely solely on the current
anti-virus technology. A detailed and
thoughtful safety policy is also an effective way to prevent the spread of the
virus and reduce damage. The security policy is not only to play a good role in
protection but also to ensure users complete
the operation smoothly. The research of information network security has gone
through two stages: communication security and data protection. It is entering
the research stage of network information security. Firewall, security router,
security gateway, hacker intrusion detection system and system vulnerability
scanning software have been developed. The information network security is a
comprehensive and interdisciplinary field, which combines the long-term
accumulation of many disciplines. The current job is to focus on understanding
all the modern technology, and how the computer viruses work. “Know the enemy
and know ourselves, and we can fight a hundred battles with no danger or
Based on the analysis and conclusion in this report,
it is recommended that instead of spending most of the time doing software
updates and server protection, it is more important to teach the employees the
knowledge of anti-virus. It is necessary to update the software and do network
updates and network maintenances since it
will repair computer vulnerabilities, and eliminate the possibilities of the
computer being infected by the virus. The
firewall will filter out the dangerous features and documents. It is more
useful to enrich employees’ thought about
the computer virus. The virus will not enter the system by itself. Human’s
wrongful action will be the main source that helps
the vires enter and harm computers. The first thing to do will rise their awareness.