Russian Federation
The article considers one of the methods of information protection on the computer – monitoring of the operating system. Malicious software for computers are numerous, they are constantly updated and new programs with new principles of malicious work appear. Therefore, the use of antivirus and anti-spyware is often ineffective, as they work on the principle of signature search (sample search) and therefore cannot detect new varieties of malware. The solution to this problem is the use of various utilities (service programs) for monitoring (research) of the operating system installed on the computer. The article describes in detail the utilities for monitoring the operating system installed on the PC. This is a monitoring utility of the operating system: File Monitor (monitoring file operations), which allows you to monitor all file operations in real time; Registry Monitor (monitoring registry operations); TCP View (monitoring network activity)a feature of which is the binding of the listening port or open connection to the process that uses it; the auto run application control utility Auto Runs, which analyzes dozens of different autorun methods, including classic autorun methods, extensions of different types of explorer, scheduler jobs, services and drivers, print library and providers; Process Explorer utility, which allows you to change the priority of the process, stop the process and all its threads, force the process to end.
malware, information protection, operating system monitoring, personal computer, file operations monitoring, registry operations monitoring, network activity monitoring, autostart management, process manager
1. Bezopasnost' informacionnyh sistem i zashchita informacii v MCHS Rossii: ucheb. posobie / Yu.I. Sineshchuk [i dr.]; pod red. V.S. Artamonova. SPb.: S.-Peterb. un-t GPS MCHS Rossii, 2012.
2. Pal'cev D.A. Obnaruzhenie i zashchita ot vredonosnogo PO. SPb.: BHV-Peterburg, 2016.
3. Sklyarov D. Iskusstvo zashchity i vzloma informacii. SPb.: BHV-Peterburg, 2011.
4. Yakovlev A.V., Izrailov K.E. Obzor sushchestvuyushchih metodov obnaruzheniya dublikatov iskhodnogo koda // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2023. № 1 (41). S. 86–92. DOI:https://doi.org/10.37468/2307-1400-2023-1-86-92. EDN OLRBOK.
5. Labinskij A.Yu., Il'in A.V. Fraktaly i zashchita informacii // Prirodnye i tekhnogennye riski (fiziko-matematicheskie i prikladnye aspekty). 2016. № 1 (17). S. 82–86. EDN WKBIDP.
6. Labinskij A.Yu., Tolstov A.P. Nejronnye seti i zashchita informacii // Problemy upravleniya riskami v tekhnosfere. 2019. № 1 (49). S. 68–73. EDN EKGDPM.
7. Labinskij A.Yu. Organizaciya zashchity informacii v operacionnoj sisteme Linux // Prirodnye i tekhnogennye riski (fiziko-matematicheskie i prikladnye aspekty). 2021. № 1 (37). S. 4–9. EDN UVURYZ.
8. Andress J. The Basics of Information Security. Syngpress, 2014.
9. Stewart J.M. Certified Information Systems Security Study Guide. Canada: John Wiley & Sons Inc., 2015.
10. Ramzan Z. Handbook of Information Security. Springer Science, 2017.
