Do we need anti-virus software?

Editor’s note: This article is from WeChat public account “Tencent Institute” (ID: Cyberlawrc), author Lao Mu.

For the children of the 80s and 90s, Rising’s little lion was the most profound impression of the computer in their childhood.

In 2017, there was also a desktop lion on the Internet that “remove anti-virus and firewall functions” for everyone to miss the past.

People who are online today probably don’t remember most of the lions that mimic the various actions in the lower right corner of the computer. Many free anti-virus software has shuffled the anti-virus software, but with the technological changes in recent years, it seems that anti-virus software is no longer one of the necessary software for installation.

antivirus software

What is the driving force of the era, let the anti-virus software that once copied two or three hundred yuan gradually withdraw from people’s horizons?

Source – the presence of a virus

Before talking about the history of anti-virus software, let’s take a look at what is a virus. From a legal point of view, “computer virus refers to a set of computer instructions or program code that is compiled or inserted into a computer program that destroys computer functions or destroys data, affects computer use, and can self-replicate.” Computer viruses are also a program, just some malicious programs.

How did the virus start? Speaking of it, you may not believe that the earliest virus is usually just a tool, and its role is far from today.

In the early days, students used viruses to do some academic research and improve their programming skills. Sometimes they used some viruses to make some classmates jokes; Xerox engineers used worms to find idle networks. Resources; many developers use the boot sector virus to combat piracy.

The virus developed before 1988 is basically harmless. For example, the first virus in the world that was born on Windows – brain virus (Brain)– It was developed by two brothers, 17-year-old and 24-year-old Basit and Anjad Farooq Alvi, who made a program for heartbeat detection, and they made this because of the piracy in their area. A virus mainly used to prevent pirated copies. As long as someone installs non-genuine software, Brain will eat the remaining space of the pirated user, and write a poisoning reminder text in the guiding track, and attach the contact number of the two brothers, please inform us if you are poisoned. Get “antidote”.

But when the two brothers released the virus, they immediately received a flood of calls, and even many of them came from abroad to seek “antidote”, which was also shocked by the brothers. Start to explain that they are not malicious.

For example, the first virus since the founding of New China – the small ball virus discovered in 1988, its attack condition is when the system clock is at half or full point, and the system is in the process of reading. At the time of the attack, there is a small dot that is alive and kicking, and it is slanted. When it hits the edge of the screen or the text, it immediately bounces off and removes some of the text that it touches.

The earliest people who made the virus just had the “show off technology” mentality, using some explicit, more powerful viruses, or they just used the virus in some tool-like scenarios. After that, the development of the virus began to show a trend of dominant damage, such as the Loveletter virus around 2000, which attacked tens of thousands of computers after it was released – by sending a confession to the user. Mail, seduce you to open the attachment of I Love You, and then replace the user’s local picture, file, and send the message to other friends in the address book.

After entering the 21st century, the “smart skills” of the virus began to change. The amazing destructive power of some viruses has brought huge turmoil to the Internet that has just spread. For example, for the earlier “networm” in China, the shockwave virus in 2003 and the panda burning virus in 2007 are still fresh in memory. The former exploits a vulnerability in a network service of Windows for non-intentional propagation, and causes the infected computer to be constantly restarted and unavailable. The latter will turn all the files and programs in the infected computer into a burning incense panda icon that cannot be opened.

For example, the most serious virus attack to date – the Conficker virus that appeared in 2008, which used a memory vulnerability in Windows at the time, corrupted the system default settings, and automatically found other computers on the LAN that had the vulnerability. Create a link, copy it yourself, then accept the remotely controlled instructions locally, collect personal information, download the securityInstall additional malicious programs on the victim’s personal computer, so that users can’t prevent it.

The mode of “locking the information in the computer” by the panda burning incense has gradually developed the category of ransomware, and the virus has changed from a “bad taste” to an “illegal business”, 2017 “Eternal Blue” is the highest peak of this model.

But more than the “destruction” and “direct demand for money”, more virus makers who attempt to commercialize choose to make the virus “more and more harmless”. The logic is very simple. The average user will think of taking measures when the computer is obviously abnormal. If the virus can run in the user’s device for a long time without a sound, the virus can steal more information and data from the user. Or content with peripheral values.

This model is called advanced persistent threat (English: advanced persistent threat, abbreviation: APT). It is no longer just a “hacker” to plan these attacks, but it may be a whole article. Industry chain. Their goal is no longer to cause direct loss to the user, and even for the user may not find “any loss.”

But in fact, the virus can steal the user’s sensitive information or trade secrets on the device or even state secrets by silently obtaining the highest authority of the user. After the information is stolen, the data is sorted into a black database and the price is clearly marked on the “dark net”.

antivirus software

Defender-Antivirus

Security needs are the most basic needs of human beings. Since there is attack, it is natural to prevent. Since the brain virus was introduced in 1986, people began to think about how to fight against virus programs. Until 1987, IBM released individual users. The first anti-virus software.

Speaking of anti-virus software, we briefly introduce the basic workflow of anti-virus software – its workflow can be roughly divided into three phases:

  1. Capture the program behavior of other programs: What if it is doing in memory, what is being transmitted to the network, etc.

  2. Give a quote