计算机(各种形状和大小)已成为我们生活的关键。我们所有的工作、信息和关键服务现在都通过计算机系统运行。这使它们成为各种恶意软件的目标。
然而,并不是每一段讨厌的代码都是一样的。数字疾病种类繁多,因此了解病毒、木马、蠕虫、rootkit 等之间的区别非常重要。
什么是恶意软件?
让我们首先确定涵盖下面列出的所有恶意软件类型的总称 -恶意软件(malware)。
您可能已经猜到了,这个词只是“恶意”和“软件”的融合。它涵盖了为通过您的计算机损害您、您的计算机或第三方实体而编写的任何类型的程序。
什么是病毒?
病毒(virus)是最基本和众所周知的恶意软件类型。病毒以一种特殊的方式运行,使其有别于其他类型的恶意软件。
首先,病毒会感染其他程序。他们将自己的代码插入到另一个程序中,希望在有人运行合法程序时执行。其次,病毒通过感染他们在计算机上找到的其他程序进行自我复制。
除了试图传播到其他程序之外,病毒还有一个有效载荷。有效载荷可以是病毒作者想要的任何东西。一些病毒具有良性有效载荷,实际上不会损坏任何东西。大多数病毒确实会通过删除数据、窃取数据或以其他方式对您或您的 PC 不利的行为来故意损害您的数据或系统。
什么是蠕虫?
计算机(Computer)蠕虫和病毒在它们自我复制并在计算机系统上执行(通常)恶意有效载荷的意义上非常相似。它们的不同之处在于它们的传播方式。病毒需要宿主程序来感染,并依赖用户使用可移动存储、电子邮件或其他类似的传输方法传播受感染的程序。
蠕虫作为它自己的独立程序存在,而不是作为附加到第三方应用程序的代码。它们也会自行传播,无需人工干预。例如,由于Windows 计算机上易受攻击的开放网络端口, (network port)Blaster Worm在 2000 年代中期像野火一样蔓延开来。
因此,如果公司或学校的一台计算机被感染,该程序可能会迅速将自身传播到其他连接的机器上。蠕虫(Worms)通常使用在操作系统、硬件或软件中发现的漏洞来运行它们的代码,而用户根本不需要做任何事情。
如今,防火墙和其他网络安全系统在阻止蠕虫传播方面非常有效,但总是会发现新的漏洞。
什么是木马?
特洛伊木马以希腊(Greek)神话中的特洛伊木马(Trojan Horse)命名。在最初的故事中,特洛伊(Troy)人将一尊巨大的木马雕像推入城市,认为这是敌人送给他们的告别礼物。不幸的是,结果证明这是有史以来最糟糕的皮纳塔,里面挤满了希腊(Greek)士兵,他们在晚上偷偷溜出来,为其余的军队打开城门。
计算机(Computer)特洛伊木马以完全相同的方式工作,除了你会得到一个程序说它是有用且无害的,而不是一匹大马。实际上,在幕后,它正在做恶意的事情。与病毒或蠕虫不同,木马通常不会尝试感染其他软件或自我复制。相反,他们倾向于在您的系统上安装其他恶意软件并回拨给他们的创建者,将您的计算机的控制权交给特洛伊木马的作者。
木马通常通过“社会工程”传播,这是一种黑客技术(hacker technique),依靠人类心理的共同弱点来欺骗用户做某事。在这种情况下,“某事”是打开一个程序,因为您认为它很酷。
什么是 Rootkit?
Rootkit 可能是现存最危险的恶意软件形式。它不是一个恶意软件,而是安装在系统上的一组应用程序(因此称为“工具包”)。这些应用程序一起在低级别接管计算机的控制。“低级别”意味着在操作系统本身级别,让 rootkit 的创建者对计算机系统及其数据做任何他们想做的事情。
Rootkit 如此危险的原因之一是它们很难被检测到。由于 rootkit 至少与操作系统本身一样强大,因此可以轻松抵御反恶意软件。毕竟,rootkit 比系统上的任何其他应用程序拥有更多的权限。Rootkit 检测和删除(Rootkit detection and removal)通常涉及使用专用的可引导USB驱动器,该驱动器会在清除 Rootkit 之前首先阻止已安装的操作系统加载。
什么是广告软件?
广告软件(Adware)包括向用户显示广告的任何软件,但在恶意软件的上下文中,这些广告是不受欢迎的。虽然广告软件(Adware)本身通常无害,但恶意广告软件会在未经您同意的情况下自行安装,并对您的浏览体验和计算机性能产生负面影响。
广告软件可以通过多种方式进入您的计算机。广告支持的软件在技术上是开放和预先的,但不是恶意软件。其他非恶意软件有时可能会偷偷在其安装程序中包含广告软件。
他们使用“选择退出”方法,其中默认安装包括预先勾选的复选框来安装广告软件,大多数用户只是通过安装向导启动而不阅读任何内容。因此,他们无意中授予了广告软件安装权限。
在最坏的情况下,您会从浏览器中看到大量弹出窗口,并将您的网页浏览重定向到掠夺性网站。AdAware等专用软件通常最适合处理广告软件。
什么是间谍软件?
与其他类型的恶意软件不同,间谍软件(Spyware)通常会避免对您的系统做任何您注意到的事情。相反,间谍软件的存在是为了监视您所做的事情,然后将该信息发送回间谍软件作者。
这可以包括各种信息。例如,间谍软件可能会截取您正在处理的文档的屏幕截图。这是从事间谍活动的人可能想要的功能。犯罪分子部署的间谍软件通常会获取信息以获取经济利益。(Spyware)例如,键盘记录器将您的击键保存到文本文件中。当您输入银行网站之类的地址,然后输入您的用户名和密码时,键盘记录器会捕获该信息并将其发送回国内。
间谍软件还可以指包含用户不知道用户行为或信息被发送回开发人员的功能的合法软件。在大多数国家/地区,此类数据收集必须公开,因此请仔细阅读您的用户协议!
木马可以在您的系统上安装间谍软件作为其有效负载的一部分,而 Rootkit 本身至少部分是一种间谍软件。
什么是勒索软件?
勒索软件(Ransomware)是一种特别讨厌的恶意软件,它不会破坏您的数据,而是将其锁定在强加密之后。在此之后,恶意软件的创建者会要求您支付赎金以取回您的数据。
这是有效的,因为强加密几乎不可能被破解。因此,除非您支付赎金金额,否则您的数据实际上已经消失了。但是,您永远不应该真正向勒索软件创建者付款。首先(First),不能保证您可以重新获得对数据的访问权限。其次,你鼓励他们继续伤害他人。处理勒索软件(Ransomware)的最佳方法是在恶意软件无法访问的地方主动备份和保护您的数据。
保护自己免受恶意软件侵害
阅读可能感染您的个人设备的所有不同类型的计算机恶意软件可能会令人恐惧,但您也并非无能为力。您的下一步是查看如何保护您的计算机免受黑客、间谍软件和病毒的侵害(How to Protect Your Computer from Hackers, Spyware and Viruses)。
在那篇文章中,您将学习如何从一开始就主动预防感染,以及如何在最糟糕的情况确实发生时处理这种情况。
What’s the Difference Between a Virus, a Trojan, a Worm, and a Rootkit?
Computers (in all shapes and sizes) have become crucial to our lives. All our work, informatiоn, and critical services now run through computer systems. That makes them a target for all sorts of malicious software.
However, not every piece of nasty code is the same. There’s a huge variety of digital diseases out there, which makes it important to know the difference between a virus, trojan, worm, rootkit, and more.
What’s Malware?
Let’s start by identifying the umbrella term which covers all of the malicious software types listed below — malware.
As you’ve probably guessed, the word is just the fusion of “malicious” and “software”. It covers any type of program written to harm you, your computer, or a third-party entity via your computer.
What’s a Virus?
A virus is the most basic and well-known type of malicious software. Viruses operate in a particular way that sets them apart from other types of malware.
First, viruses infect other programs. They insert their code into another program with the hope that it will be executed when someone runs the legitimate program. Secondly, viruses self-replicate by infecting other programs they find on a computer.
Apart from trying to spread to other programs, viruses also have a payload. The payload can be anything the virus author wants it to be. Some viruses have benign payloads that don’t actually damage anything. The majority of viruses do harm your data or system on purpose by deleting data, stealing it, or otherwise doing something that’s not good for you or your PC.
What’s a Worm?
Computer worms and viruses are very similar in the sense that they self-replicate and execute a (usually) malicious payload on computer systems. Where they differ is in how they spread. A virus needs a host program to infect and relies on users to spread that infected program using removable storage, email, or another similar transmission method.
A worm exists as its own independent program, not as code attached to a third-party application. They also spread by themselves, without human intervention. For example, the Blaster Worm spread like wildfire in the mid-2000s thanks to a vulnerable open network port on Windows computers.
So if one computer at a company or school became infected, the program could quickly spread itself to other connected machines. Worms usually use vulnerabilities discovered in operating systems, hardware, or software to run their code without the user having to do anything at all.
These days, firewalls and other network security systems are highly effective at stopping worms from spreading, but new holes are always being discovered.
What’s a Trojan?
Trojans are named after the Trojan Horse of Greek mythology. In the original story, the people of Troy wheeled a giant wooden horse statue into the city, thinking it was a goodbye present from their enemies. Unfortunately, it turned out to be the worst piñata ever, filled with Greek soldiers who snuck out at night and opened the city gates for the rest of their army.
Computer trojans work in exactly the same way, except instead of a big horse you’ll get a program that says it’s something useful and harmless. In reality, behind the scenes, it’s doing malicious things. Unlike viruses or worms, trojans don’t usually try to infect other software or replicate themselves. Instead, they tend to install other malware on your system and call back to their creator, handing over control of your computer to the trojan’s author.
Trojans usually spread through “social engineering”, a hacker technique that relies on common weaknesses in human psychology to fool users into doing something. In this case, the “something” is opening a program because you think it’s something cool.
What’s a Rootkit?
Rootkits are probably the most dangerous form of malware in existence. It’s not one piece of malware, but a collection (hence “kit”) of applications that are installed on a system. Together these applications take over control of the computer at a low level. A “low level” means at the level of the operating system itself, letting the creator of the rootkit do absolutely anything they’d like to the computer system and its data.
One of the reasons that rootkits are so dangerous is how hard they are to detect. Since the rootkit is at least as powerful as the operating system itself, antimalware software can be fended off with little effort. After all, the rootkit has more authority than any other application on the system. Rootkit detection and removal usually involves using a specialized bootable USB drive that prevents the installed operating system from loading in the first place before it scrubs the rootkit clean.
What’s Adware?
Adware includes any software that displays advertising to the user, but in the context of malware, those adverts are unwanted. While Adware by itself is generally not harmful, malicious adware installs itself without your consent and can negatively affect your browsing experience and computer performance.
Adware can make its way onto your computer in various ways. Ad-supported software that’s open and upfront about it is technically adware, but not malware. Other software that’s not malicious can sometimes be sneaky about including adware in their installers.
They use an “opt-out” approach where the default installation includes pre-ticked tick boxes to install adware, Most users just power through installation wizards without reading anything. Thus they unintentionally give the adware permission to install.
In worst-case scenarios, you’ll be seeing a deluge of popups from your browser and have your web browsing redirected to predatory websites. Dedicated software such as AdAware is usually best for tackling adware in particular.
What’s Spyware?
Unlike other types of malware, Spyware generally avoids doing anything to your system that you’d notice. Instead, spyware exists to monitor what you do and then send that information back to the spyware author.
That can include all sorts of information. For example, the spyware might take screenshots of documents you’re working on. That’s a function those engaged in espionage are likely to want. Spyware deployed by criminals usually captures information for financial gain. For example, keyloggers save your keystrokes to a text file. When you type in the address of something like a banking website and then type in your username and password, the keylogger captures that information and sends it back home.
Spyware can also refer to legitimate software that contains functionality the user is unaware of where user behavior or information is sent back to the developers. In most countries this type of data gathering has to be disclosed, so read your user agreements carefully!
Trojans can install spyware on your system as part of their payload and Rootkits are at least partially a type of spyware themselves.
What’s Ransomware?
Ransomware is a particularly nasty type of malware that doesn’t destroy your data but locks it behind strong encryption. Following this, the creators of the malware demand a ransom from you in order to get your data back.
This works because strong encryption is virtually impossible to break. So unless you pay the ransom amount, your data is effectively gone. However, you should never actually pay money to ransomware creators. First, you aren’t guaranteed to regain access to your data. Secondly, you’re emboldening them to keep victimizing people. The best way to deal with Ransomware is to proactively backup and protect your data in places the malware can’t reach it.
Protecting Yourself From Malware
It can be scary to read about all the different types of computer nasties that might infect your personal devices, but you aren’t powerless against them either. Your next step is to check out How to Protect Your Computer from Hackers, Spyware and Viruses.
In that article, you’ll learn how to proactively prevent infection in the first place and how to deal with the situation when the worst actually does happen.
