1299448 玖、發明說明 【發明所屬之技術領域】 本發明係關於一種提供電腦安全之方法,且特別關於 種具有防毒功能之電腦安全方法。 【先前技術】 隧著電腦的普及與網路技術的進步,電腦已經與今日人 們的生活息息相關。然而,隨著電腦的資料量越來越大, ,時其與網路之間的互動越來越頻繁,使得電腦病毒的問 題也越來越嚴重。—旦電腦病毒發作,輕則造成生活或工 作的不便,重m甚至可能造成人命財產的重大損失。 電腦病毒的類型有許多,通常其為一組程式碼,夾藏在 ^他=檔案或應用程式中,當使用者從網路或光碟片讀入 有病毒的程式,其電腦便稱為中毒。中毒的電腦可 其他電腦的中繼站。當然,中毒的電腦也 腦完運:密資料帳號遭到竊取’甚至整部電 發出電腦的 =今曰有許多的廠商開 種病毒碼分析盆樣能二防毋程式大部分皆針對各 病毒掃描侦由樣態存成資料庫’以便進行 須附加在執奸至,八於“的技術曰新月異,從早期必 在執仃棺到今日甚至可附隨在電子郵件中進行散 1299448 病毒碼的資料庫越來越魔大。可想見的是,日後 大時,每次進行掃毒積測的時間將 長’而嚴重影㈣腦正t運作。在這種惡 Γ2腦的硬體與軟體功能越來越強大,其效能將因為電 :=而:法實質的提昇,甚至讓使用者對過於複雜的系 統望而部步。 此外,使用者亦需隨時更新病毒碼 透過這些防毒程式來保護其電腦的安全。雖然有若干電腦 使用者對電腦安全具有濃厚的興趣,而願意隨時注意相關 貪訊並更新最新的病毒碼資料庫,但是有更多的電腦使用 者完全對此沒興趣’也根本沒有時間耗費在進行這些防毒 程式的更新動作。 因此,如何能夠找出一種簡便的電腦安全方法,讓使用 者可以接近一勞永逸地解決電腦病毒的問題,而提供使用 者一個安全的電腦使用環境便成為一件非常重要的工作。 【發明内容】 因此,本發明目的係在於提供一種避免電腦病毒干擾電 腦正常運作的方法以及電腦程式。 依據本發明之實施例,此方法包括下列步驟。首先,針 對一作業系統設計一監控程式,也就是防毒程式。該監控 程式對作業糸統之複數程式模組進行監控,以探知是否有 任何系統功能發生異動。此外,系統的初始設定亦包括提 1299448 供使用者設定一組 據。 密碼’作為是否有權異動系統檔案的依 接者,在電腦的操作過程中 ^如果作業系統之程式模組 啕任何增修刪減之動作時, 入, . ^皿控耘式便向使用者要求輸 式模密碼’則該監控程式阻止該些程 =、'且進心何增修職之動作。反之,則容許該異動之 動:依^載該異動情形,以作為日後判斷是否有合法異 士此外’當該監控程式發現該些程式模組未經授權發生異 該監控程式刪除該些異動程式模組,並載入該些程 式模組之備份映像以恢復電腦之正常運作。 在實作上,此監控程式可針對特定作業系統設計,如此 將可大幅減少設定所需時間。舉例來說,當作業系統^ 〇 上市時,使用者只要購買對應作業系統1〇的監控程式; 即使作業糸統改版到2.0,使用者也只要購買對應作業系 統2.0的監控程式,而無須隨時注意或下載最新的病毒碼 程式,如此也可避免因為病毒碼資料庫的龐大而影響整體 系統運作的效能。當所有的人都安裝此類的程式後,病毒 將難以擴散,即令中毒,也只是暫時的狀況而不會進—步 惡化,如此將能根本地解決病毒對電腦系統的烕脅。 【實施方式】 1299448 具趙實施例 請參照第1圖,此圖例示本實施例所要阻止的、广主 種傳播類型。駭客12在網路 的病母之- 用去1 η日丨丨+ a 又叶並散佈病毒,而佔 Λ 路14時,將帶有病毒的檔案載回。: :=有病毒的槽案被載回使用者1〇的電腦 : 的i“牛下’例如感染檔案被執行或 在特疋 進-步潛人作㈣㈣A式被執行時, 作。 組’伺機發作,執行破壞動 請參照第2圖,一如《TP* 士 ^ -心 一應用耘式層24。這三層各職 ::同的工作,但彼此間須緊密合作以完成: 工作。驅動程式層20通常由夂麻辦广女 订的 式声24則斜㈣田本廠商研發設計,應用程 各種不同應“開發出來,至於作 =層22職應用程式層Μ與驅動程式層2。之間的乍 # 進行程式呼叫,應用程式 曰24的§又汁者便無須處理所有硬體的細節,而 完成其待處理的工作。 β 4 作業系統層22通常由許多的程式模組構成,例如者八 ,常用的個人電腦作業系統為微軟作業系統,其係由二 的程式模組構成,這些程式模組被包裝到一系列的系统檔 案中’當作業系統執行時依照其需求被載入記憶體以執行 相關的工作。 然而,當電腦病毒之病毒碼被執行時,電腦病毒碼會寬 改作業系統層22的程式模組’以攔截或改變原先程式模組 1299448 的正常運作。簡言之,此時電腦系統即中毒了。 弟3圖係例示本發明之具體實施例,首先,使用者將某 一::統31安裝到電腦3”。在安裝完成後,使用者進 腦;Φ針對此作ί系統31設計之防毒程式32也安裝到電 則#用去舉例^兄,當微軟出版Wind〇WS 2000作業系統, 壬 者去購買對應Wind〇ws 2〇〇〇作業系統設計的防毒 ^乍。以下將說明此防毒程式32如何進㈣測以及防毒的 第4圖係此防毒程式32的運作流程圖。 映像首防毒程式32先紀錄作業系統31的程式模組之 ^像檔(步驟402)。關於此步驟可縣 31進行映像檔之備份,而玄一從, 豕竹疋W 菜糸統 德,ά & 另種做法則是在作業系統安裝 =,由此防毒程式32動態找尋哪些檔案 二 3二的糊例:用附標名進行㈣ ^果^將其貝料以壓縮或不壓縮的方式紀錄其映像楷。此 外,為了快速檢驗是否程式模組遭 =數對系統檔案進行運算以得出一索引二= ί的=值的比對’即能快速得知是否程式模組有進行任 接著,防毒程式提供使用者設 :步:4〇4)’此密碼係作為驗證使用者權限,== 程式模組的依據。 ,、動上述之 以上為系統設定的基本工作,接著,當使 何-個上述之程式模組時(步驟4〇6),防毒程式 1299448 =見固’向使用者要求輸人密碼以作為確認(步驟彻), ^ =圖所不之密碼確認晝面·中進行密碼的輸入。 又査主種監控的任務,防毒程式32需要有—個常駐部 :、二:截對程式模組進行異動的作業,關於此點的一種 讓防毒程式32去攔截作業系統之㈣操作介面,例 如在·d〇WS作業系統’對槽案操作的Αρι介面作一個攔 截的動作’並檢查異動檔案是否為紀錄中存有上述程式模 組之系統播案。 如果使用者輸人的密碼錯誤時,則防毒程式32拒絕該 次程式模組之㈣(㈣412)。反之,防切式32則容許 该次程式模組異動之進行(㈣414),此外,防毒程式32 並更新其Μ料庫,將新的程式模組資料存成合法之參考資 除了對於可攔截的程式模組之異動進行密碼驗證的動 作,防毒程式32亦於每次開機時或定期對於程式模組進行 監控(步驟416),以探知是否有未經授權之增修刪減動作的 發生(步驟418)。假如發現有任何未經授權程式模組發生異 動,則判定該程式模組中毒,刪除該程式模組,並從資料 庫將該程式模組之映像重新載回系統,以恢復系統正常之 運作。 *綜言之,上述的防毒程式之概念綜合了密碼驗證、程式 模組監控、文感染程式模組之刪除,以及系統復原的重要 功能,而不須耗費力氣在於永無止盡病毒碼資料的建立, 而且k供使用者一個簡易好用的解決方案,即便中毒也能 1299448 迅速恢復系統正常運作,因此確實提供一個讓電腦系統免 於病毒破壞的重要機制。 雖r、、i本备明已以較佳實施例揭露如上,然其並非用以限 ^本發明,任何熟習此技藝者,在不脫離本發明之精神和 範圍内,當可作各種之更動與潤飾,因此本發明之保護範 圍當視後附之申請專利範圍所界定者為準。 【圖式簡單說明】 第1圖係例示病毒入侵之一種基本樣態; 第2圖係例示被入侵之軟體系統之示意圖; 第3圖係例示本發明之一實施例之外部示音圖; 第4圖係例示本發明之一實施例之程式實作流程圖; 以及 ^ 第5圖係例示向使用者要求確認密碼之書面示音圖。 【元件代表符號簡單說明】 10使用者 · 12駭客 14網路 20應用程式 22作業系統 24驅動程式 31作業系統 11 1299448 3 2防毒程式 33電腦 402-420 :步驟 500 ··密碼確認畫面BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of providing computer security, and more particularly to a computer security method having an antivirus function. [Prior Art] With the popularity of tunneling computers and the advancement of network technology, computers have become closely related to the lives of today's people. However, as the amount of data on computers grows larger, interactions with the Internet become more frequent, making the problem of computer viruses more and more serious. Once a computer virus attacks, it will cause inconvenience in life or work, and may even cause a major loss of life and property. There are many types of computer viruses, usually a set of code, hidden in ^he = file or application. When a user reads a program with a virus from the network or a disc, the computer is called poisoning. Poisoned computers can be relay stations of other computers. Of course, the poisoned computer is also in the brain: the secret account is stolen. Even the whole computer is sent out. = Many manufacturers have opened a virus code to analyze the basin. The second anti-virus program is mostly for each virus scan. Detecting the status of the database into a database, in order to carry out the need to attach to the rape, the technology of the "new", from the early must be executed to today can even be accompanied by an email in the 12299448 virus code The database is getting bigger and bigger. It is conceivable that in the future, every time the anti-drug test will take place, the time will be long and the image will be severely affected. (4) The brain is working. In this kind of evil 2 brain hardware and The function of the software is getting stronger and stronger, and its performance will be improved by the electricity:=: the essence of the law, and even let the user look at the overly complex system. In addition, the user also needs to update the virus code through these antivirus programs at any time. Protecting the security of their computers. Although there are a number of computer users who have a strong interest in computer security and are willing to pay attention to the relevant greed and update the latest virus code database, there are more computer users who have nothing to do with it. Interests also have no time spent on updating these anti-virus programs. Therefore, how to find a simple computer security method that allows users to solve the problem of computer viruses once and for all, and provide users with a safe computer. The use of the environment becomes a very important task. SUMMARY OF THE INVENTION Accordingly, the present invention is directed to a method and computer program for preventing a computer virus from interfering with the normal operation of a computer. According to an embodiment of the present invention, the method includes the following steps. First, a monitoring program, that is, an anti-virus program, is designed for an operating system. The monitoring program monitors the operating system's complex program modules to detect whether any system functions have changed. In addition, the initial settings of the system include 1299448 For the user to set a group of documents. The password 'as the recipient of the right transaction system file, during the operation of the computer ^ If the program module of the operating system 啕 any additions and deletions, enter, . ^Dish control type will ask the user for the transmission mode The code 'The monitoring program blocks the process =, 'and the intention to increase the role of the repair action. Otherwise, the action is allowed to move: according to the case of the change, as a future judgment to determine whether there is a legal alien. The monitoring program found that the program modules were unauthorized to delete the program modules and load backup images of the program modules to restore the normal operation of the computer. In practice, the monitor program It can be designed for a specific operating system, which will greatly reduce the time required for setting. For example, when the operating system is listed, the user only needs to purchase the monitoring program corresponding to the operating system; even if the operating system is revised to 2.0, Users only need to purchase the monitoring program corresponding to the operating system 2.0, and do not need to pay attention to or download the latest virus code program at any time. This also avoids the effect of the overall system operation due to the large size of the virus code database. When all of these people install such programs, the virus will be difficult to spread, that is, poisoning, and only temporary conditions will not progress, so that it will fundamentally solve the virus's threat to the computer system. [Embodiment] 1299448 embossing embodiment Referring to Fig. 1, this figure illustrates the type of propagation of the broad main species to be blocked in this embodiment. The hacker 12 is on the Internet's sick mother - use 1 η日丨丨 + a and spread the virus, and when the road is 14 , the file with the virus is loaded back. : := The virus case is loaded back to the user's computer: i "Buffalo", for example, if the infected file is executed or when the special-in-step sub-man (4) (4) A is executed, the group 'waits for an opportunity For the onset and execution of the destruction, please refer to Figure 2, just as "TP* 士^-心一耘耘层24. These three levels of work:: the same work, but must work closely together to complete: work. Drive The program layer 20 is usually designed and developed by the 夂 办 广 广 女 ( 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 田 田 田 田 田 田 田 田 田 田 田Between the # 进行# program call, the application 曰24 § succulent person does not have to deal with all the hardware details, and complete its pending work. The β 4 operating system layer 22 is usually composed of a plurality of program modules. For example, the commonly used personal computer operating system is a Microsoft operating system, which is composed of two programming modules, which are packaged into a series of In the system file, when the operating system is executed, it is loaded into the memory according to its requirements to perform related work. However, when the virus code of the computer virus is executed, the computer virus code will change the program module of the operating system layer 22 to intercept or change the normal operation of the original program module 1299448. In short, the computer system is poisoned at this time. The third embodiment illustrates a specific embodiment of the present invention. First, the user installs a certain system: 31 to the computer 3". After the installation is completed, the user enters the brain; Φ is designed for the antivirus program of the system 31 32 is also installed to the electric device # use to go to the example ^ brother, when Microsoft published the Wind WS WS 2000 operating system, the latter to buy the anti-virus ^ corresponding to the Wind 〇 ws 2 〇〇〇 operating system design. The following will explain this anti-virus program 32 The fourth figure of how to enter (4) and antivirus is a flowchart of the operation of the antivirus program 32. The image first antivirus program 32 first records the image file of the program module of the operating system 31 (step 402). The backup of the image file, and Xuan Yi from, 豕 疋 疋 德 ά ά amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp amp Attached to the standard name (4) ^ Fruit ^ record its image in a compressed or uncompressed manner. In addition, in order to quickly check whether the program module is operated by the number of system files to get an index two = ί = comparison of values ' can quickly tell is The program module has to be followed, and the antivirus program provides the user setting: Step: 4〇4) 'This password is used as the basis for verifying the user's authority, == the program module., and the above is the basic setting of the system. Work, then, when the above-mentioned program module is used (step 4〇6), the antivirus program 1299448 = see solid 'request the user to enter the password as a confirmation (step is complete), ^ = figure is not Enter the password in the password confirmation page. Also check the task of the main type of monitoring. The antivirus program 32 needs to have a resident part: 2: the pair of program modules to perform the change operation, and an antivirus program for this point 32 to intercept the operating interface of the operating system, for example, in the ·d〇WS operating system 'make an action on the interface of the slot operation' and check whether the transaction file is a system broadcast of the program module in the record. If the user enters the wrong password, the anti-virus program 32 rejects the (4) ((4) 412) of the program module. Conversely, the anti-cut 32 allows the program module to be changed ((4) 414), in addition, The program 32 updates its database and saves the new program module data as a legal reference. In addition to the password verification action for the blocking module module, the antivirus program 32 is also turned on every time or periodically. The program module monitors (step 416) to ascertain whether an unauthorized addition/deletion action has occurred (step 418). If any unauthorized program module is found to have changed, the program module is poisoned. Delete the program module and reload the image of the program module from the database back to the system to restore the normal operation of the system. * In summary, the above antivirus program concept combines password verification and program module monitoring. , the deletion of the infected program module, and the important functions of the system recovery, without the need for effort to establish the never-ending virus code data, and k for the user a simple and easy to use solution, even if poisoned can be 1299448 Quickly restore the system to function properly, so it does provide an important mechanism to protect the computer system from virus damage. Although the present invention has been disclosed in the above preferred embodiments, it is not intended to limit the invention, and various modifications may be made without departing from the spirit and scope of the invention. And the scope of the present invention is defined by the scope of the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram showing a basic state of virus intrusion; FIG. 2 is a schematic diagram illustrating an invaded software system; FIG. 3 is an external sound diagram illustrating an embodiment of the present invention; 4 is a flowchart showing a program implementation of an embodiment of the present invention; and FIG. 5 is a diagram showing a written representation of a password to a user. [Simplified description of component symbol] 10 users · 12 hackers 14 networks 20 applications 22 operating systems 24 drivers 31 operating systems 11 1299448 3 2 antivirus programs 33 computers 402-420 : steps 500 · · password confirmation screen