In general, the basic form of computer network, including network servers and network nodes stations (including disk workstations, diskless workstations and remote workstations). Computer viruses usually first through various channels into the workstation with disk, also access to the network, and then began to spread online.
LAN principle and the phenomenon of virus invasion
Specifically, the dissemination of the following ways. Copies of the virus directly from the workstation to the server or through the mail in the net spread; virus first infected workstation, the workstation memory-resident, and other programs to run within a Web site and then transmitted to the server; the virus first infected workstation, the workstation memory resident, In the run-time virus transmitted directly through the image path to the server; if the remote workstation by viruses, the virus can enter the network through the data exchange server.
Once the virus enters the file server, it can quickly spread through the entire network, each computer. For diskless workstations, because it does not really "diskless" (which is a network disk drive), when it runs a network drive on the infected program, and put more memory in transmitting the virus to the program or path through the image transmitted to the server other documents, so diskless workstation is a hotbed of breeding the virus.
The virus from the above mode of transmission on the network can be seen, in a network environment, the network has a transmissible virus in addition to, enforceability, destructive and other common computer viruses, but also has some new features.
1, the infection fast: in the stand-alone environment, the virus only through the media from one computer to another station, the network is in network communication mechanism can spread rapidly. According to the determination of the network under normal operating conditions, as long as a workstation has a virus, you can be online in a few minutes, hundreds of computers were infected.
2, spread wide: As the virus spread very fast in the network, spread of large, rapidly spread not only all the computers within the LAN, but also through the remote workstation to the virus spread to thousands of miles away in an instant.
3, complex and diverse forms of communication on the network computer virus is usually through the "workstation" to "server" to "workstation" means of transmission, but a lot of technological progress virus, transmitted in the form of complex and diverse.
4, difficult to completely eliminate single computer virus on the infected files can sometimes be resolved. Low-level format the hard drive and other measures can eradicate the virus. The network that once a computer workstation can not be cleaned, you can re-enable the network to be infected, and even anti-virus work just completed a workstation, there may be another line infected by infected workstation. Therefore, the only workstation anti-virus, and can not solve the virus harm to the network.
5, devastating large: Network virus will directly affect the work of the network, ranging from lower speed, affect the efficiency of the network while in the collapse, destruction server information, so many years of work destroyed.
6, can stimulate the conditions of network virus stimulate diversification, which can be internal clock, the system date and user name, it can be a communications network. A virus-virus program can follow the designer's request, and issued a workstation inspired attack.
7, potential: the network is infected with a virus, even if the virus has been cleared, the potential risk is enormous. According to statistics, the virus is cleared after the network, 85% of the network within 30 days will be re-infected.
Such as Nimda virus will search the local network, file sharing, either file server or end-user machines, once found, they installed a hidden file called Riched20.DLL to each contain "DOC" and "eml" files, when the user through the Word, WordPad, Outlook open the "DOC" and "eml" document, these applications will perform Riched20.DLL file, so that the machine is infected, the virus also can infect the same time remote the file server is started. E-mail with the Nimda virus, do not need you to open attachments, as long as the read or preview the message with the virus will continue to send infected e-mail to your address book in a friend.
LAN HIV prevention methods
The "Nimda" virus, for example, individuals infected with the virus, the use of stand-alone anti-virus software to remove; but corporate network, a machine is infected, "Nimda" virus will be Automatic copy, send and use various means to stop cross infection to other users within the LAN. Transmission of computer viruses and the increasing diversity of form, therefore, a large corporate network anti-virus system has been not as a single computer virus detection and removal as Jian Dan, Er Xu Yao a multi Cengci's, stereo's virus protection system, but Yao have a sound management system to set up and maintain virus protection strategy. An enterprise network anti-virus system is set up in each local area network anti-virus systems should be based on requirements of each local area network anti-virus, anti-virus to establish local area network control system, were set a target of anti-virus strategy.
(1) to increase safety awareness: to eliminate the virus, initiative played an important role. The spread of the virus, often due to internal employees know enough about the virus mode of transmission, transmission of the virus there are many channels available through the network, such as physical media. Killing the virus, we must first know what the virus in the end, it is how the kind of harm, that harm the virus, raising the safety awareness campaign to eliminate a malignant tumor had half the battle. Normally, enterprises should begin to enhance safety awareness of the virus hidden in the daily work to increase awareness of hazards, such as the installation of a popular online version of antivirus software, accredited, regularly updated virus definitions, running on the file of unknown origin before the killing, once a week, killing the virus, reducing the number of shared folders, file sharing permissions and increase control when possible passwords, can very well prevent the spread of the virus in the network.
(2) care Mail: With the popularity of the network, e-mail has become indispensable to people working in a medium. It is convenient to improve people's working efficiency, but also unwittingly become accomplices of the virus. Data show that there are now more than 90% of the virus to spread via email. Although these viruses Spreading principle is very simple, but this piece is certainly not only yes technical problems, also should educate the users and Qi Ye, make them appropriate for Cuoshi. For example, if all the Windows users have closed the VB script functions, such as the Anna Kournikova virus can not spread. Careful vigilance as long as the user at any time, do not open suspicious e-mail is worth, you can reject the virus out.
(3) selection of online version of antivirus software: Select a skill advanced online edition of the virus, "killer" on the essential. In general, the killing is complete, the interface is friendly and convenient, can realize remote control, centralized management of a network is to determine the three elements of anti-virus software.