简单判断病毒文件
来源:互联网 发布:ubuntu打开py文件 编辑:程序博客网 时间:2024/06/06 02:31
Today, my girlfriend asked a question. She asked me how to test a software as a suspicious software in linux operating system.I had thought much about it.
With the development of computer, many suspicious software or virus enter into computer world. There is no an accurate concept to describe this software. Maybe they can destroy your operating system or they did nothing.
Now, there are some features to describe them.
1. Execution. It must be a executable file. No matter what they are, their first action is find a way to make themselves execute with a external motivation.
2. Infectiousness. Once your system attacked by them, probably them coped them one hundred copies or more. Then, they can send themselves to the Internet and infect other system.
3. Hidden. This sort of software is running underground, but they are destructive.
And what our computer seems like after infected by virus ?
1. The CPU rate always used almost 100%.
2. The memory totally used by only one process.
3. Your file deleted and created without yourself.
4. There are also other performs like getting your private file and so on.
In fact, many virus are very very hidden which you can't discover them without a anti-virus software.
Recently, my girlfriend's team developed a code testing system to test the code from student then run the program and get the result returning to the students. Bit there is seriously security problem, which is how should we do if the code itself is a virus code. Once we compiled and run, our system will be attacked.
They develop environment is linux plus gcc.
We all know that linux operating system is very well because of it's micro kernel and good security. The linux's permission is managed very well. The system provides three groups to manage the files. Each group has it's own permission to operate the files.The files can't be executed by other users and groups.
This is a classic example of permission management.
"-rwxrwxrwx", the first three characters "rwx" represent the file owner's permission and the second three character represent the owner's group's permission, then the last three characters represent the other's permission.
This mechanism is very tight! But our program has "x" permission to execute.
We have to describe a mechanism which shows that only root user can execute every commands. That to say that if any software want to execute commands that they can't execute is probably virus.
The other methods to test the program are testing the CPU's used rate and the memory room the program used. If the rate is almost 100%, now that it is not virus, we also must stop it.
We conclude that if a test code try to execute commands it can't executed is probably virus. This is a simply conclude to test the program if it is a virus.
I should continue to explore what a virus is and how defend the virus.
0 0
- 简单判断病毒文件
- 一个简单的文件型病毒程序
- 从文件图标上判断是否感染维金病毒
- 写一个简单删除RavMon.exe病毒的bat文件
- 根据病毒名称来判断病毒类型
- C简单病毒程序
- C简单病毒程序
- 简单病毒样本分析
- 简单的C病毒
- 怎样才能判断出用户上传的文件中没有包含木马以及恶意病毒之类
- 判断conime.exe是不是病毒!
- C#简单判断文件的编码格式
- 病毒测试文件
- 8.文件型病毒
- 隐藏文件病毒
- 自己动手写病毒—ELF文件病毒
- 写一个简单脚本文件判断文件的存在性
- C语言编写简单病毒
- 前言
- MySQL 性能优化的最佳20多条经验分享
- Builder - 生成器模式
- 如何指定进程运行的CPU
- C++一级指针和二级指针做参数传递讲解
- 简单判断病毒文件
- java 18:给方法传递对象参数,对象数组
- OJ
- POJ 2676 Sudoku (数独)
- 使用IDL创建TypeLib(.tlb)文件
- CentOS 6.4 编译安装 gcc-4.8.0
- 关于安卓实训(打飞机游戏)的心得体会
- Pop上手体验(i-v)
- Android初学点滴积累(操作篇)