Choosing Abort or Fail means that the operating system should abandon the attempt to write information to the floppy disk (Abort simply cancels the operation, and Fail indicates that it should return an error code to the program). If you need to perform a write operation, remove the write protection from the floppy disk and select Retry.

You must pay close attention to the message about an attempt to write to a protected floppy disk. Reading files from a floppy disk and running most programs from it should not cause writes to it. If you are sure that the floppy disk should not be written to, but it does, there is a good chance that your computer is infected with a virus.

Some viruses block the message about an attempt to violate write protection when they infect executable files or the boot sector of a floppy disk. This allows them to go undetected if the floppy disk is protected. However, you will achieve the desired result; the floppy disk will remain uninfected.

Virus Plague.2647

A harmless resident stealth virus. When opening infected files, it removes its code from them, and then infects again when the file is closed. When infecting files on floppy disks, it checks whether write protection is set. If protection is installed, the virus will not try to infect files on it. Contains the string "PLAGUE"

Write protection can be installed on floppy disks of any size - 3.5 inches and 5.25 inches. This is easiest to do on 3.5-inch floppy disks. You just need to close the small hole in the corner of the floppy disk with a special plastic cover, as shown in Fig. 2.1. Removing write protection is also easy: just open the protective hole.

Rice. 2.1. Write protection on 3.5" floppy disk

To protect a 5.25” floppy disk from writing, you need to seal the slot in the floppy disk envelope (Fig. 2.2). To do this, use a small rectangular piece of adhesive paper. Typically, such paper is sold along with floppy disks. As a last resort, you can use regular electrical tape. You can remove the write protection by removing the piece of paper you pasted.

It is often very difficult to remove and install protection on a 5.25” floppy disk; sooner or later you will get tired of it and a virus will be able to penetrate the floppy disk. Therefore, if possible, discard 5.25" floppy disks and replace them with more convenient 3.5" floppy disks.

Rice. 2.2. Write protection on 5.25" floppy disk

Choosing the correct boot order for your computer

The operating system can be loaded either from a hard drive or from a floppy disk. Typically, the computer boots from the hard drive, but if, when the computer is turned on or rebooted, a floppy disk is inserted into drive A: (accidentally or on purpose), the operating system will start loading from it. If the floppy disk is infected with a boot virus, it will take control and immediately try to infect the computer's hard drive.

Most computers allow you to specify the priority in which the operating system should boot. This order is set using the BIOS Setup program. You can read more about the BIOS Setup program in the “File system recovery” section.

To protect your computer from accidental infection by a boot virus, specify that the operating system should first boot from the C: drive, and only if it malfunctions, from the A: drive.

If you need to boot your computer from a floppy disk, make sure there are no viruses on it. To do this, first check it with several antivirus programs, such as Doctor Web and Aidstest.

It is best if you prepare a system floppy disk in advance, and to prevent it from being accidentally damaged, install write protection on it. It is useful to write computer diagnostic programs onto the system floppy disk - antivirus programs, programs for checking the integrity of the file system and the health of the computer hardware. We described how to create a system floppy disk in the “Creating a system floppy disk” section.

Unpopular measures

In organizations, strict protection measures related to cutting off channels of possible virus entry from computers can be very effective. This primarily applies to floppy drives. The drives can be physically disabled and removed from the computer, or they can be disabled only in the CMOS memory, and a password must be set in the BIOS Setup program.

Ideally, you should disconnect all disk drives, CD-ROM drives, modems, serial and parallel ports, and network adapters from the computer. Of course, this is unrealistic, but one should not completely abandon such an idea.

Backup

It is very important to organize a backup copy of information stored on your computer. Depending on the means at your disposal, you can perform a complete copy of your computer's hard drives or copy only the most important information that cannot be recovered in any other way.

Magnetic tapes are usually used for backup. Recording on them is carried out with special digital tape recorders called streamers. The volume of magnetic cassettes ranges from 200 MB to 4 GB. Recently, magneto-optical disk memory devices have become available. In terms of reliability and ease of use, they are significantly superior to magnetic tape. The volume of magneto-optical disks varies widely and ranges from tens of megabytes to several gigabytes.

If you have neither a streamer nor a magneto-optical disk at your disposal, then in many cases it is enough to use simple floppy disks. Of course, writing to floppy disks is the worst way to backup. Firstly, floppy disks have a very small capacity - a little more than one megabyte. Secondly, floppy disks are very unreliable. Sometimes it is not possible to read previously recorded information from them.

One backup is not enough. You should have multiple backups. Here's a small example. You are performing another copy and suddenly there is a power failure or a virus attack. The computer freezes, the data recorded on the computer and its copy are corrupted

When performing backups, you need to be extremely careful. Before copying, always check the integrity of the information being copied. Perform virus scans and file system scans. To do this, use the latest versions of antivirus software and programs like ScanDisk. If you do not follow this rule, then all backup copies will sooner or later be damaged.

In particularly critical cases, perform cyclic data copying. For example, update one copy every day, the second every week, the third every month.

Archiving files

If you use regular floppy disks for backup, then you should compress them with some kind of archiving program before writing files to them. Archive programs allow you to reduce the size of disk memory occupied by files. This occurs by eliminating the redundancy of information stored in compressed files.

Compressed files can take up significantly less disk space than their originals. Thus, text files prepared, for example, in the word processor Microsoft Word for Windows, are usually halved. Of course, it is impossible to work with such a file. Before work, it must be restored using the same archiving program.

Currently, the most popular archivers are ARJ, PKZIP, RAR. They all perform approximately the same functions and can be used to create backup copies of documents.

Data archiving issues are discussed in more detail in the tenth volume of the “System Programmer's Library” series, which is called “IBM PC/AT Computer, MS-DOS and Windows. Questions and answers". Now we will only give an example of using the ARJ archiver to prepare backup copies of files. The format for calling the ARJ archiver is quite complex:

ARJ<команда> [-<ключ> [-<ключ>...]] <имя архива>
[<имена файлов>...]

The first parameter is team - determines the operating mode of the archiver:

One of the following commands may be followed by one or more optional additional parameters key. Additional parameters must be highlighted with a "-" symbol. Here is a table of the most important additional parameters and describe their purpose:

The additional parameters are followed by the name of the archive file, followed by a list of names of files to be extracted, added or deleted. When specifying the names of these files, you can use the characters "?" And "*". If you do not specify a list of file_names, all files located in the current directory or archive will be assumed.

Archive programs are very convenient for creating backup copies on floppy disks. If the archive file does not fit on one floppy disk, the archiver allows you to create a multi-volume archive consisting of several files. To do this, you need to specify the additional parameter V. Individual files of a multi-volume archive can be written to several floppy disks.

The following command creates a multi-volume archive of all files located in the current directory and all its subdirectories, excluding files with the name TMP or the name extension BAK. Multi-volume archive files will be slightly larger than 1.44 MB in size. You can burn them onto 3-inch floppy disks.

ARJ A -R -X*.BAK -XTMP.* -V1440 !COLLAPS

The files of the created archive will have the name!COLLAPS and various extensions:

COLLAPS.ARJ
!COLLAPS.A01
!COLLAPS.A02
!COLLAPS.A03
....

You can restore files recorded in this multi-volume archive either by first copying them to your computer’s hard drive or directly from floppy disks. For example, to restore from floppy disks, use the following command:

ARJ X -V A:\!COLLAPS

After restoring the archive file, the user will be prompted to process the next archive file. Insert the following floppy disk into the drive and press the button .

Backing up documents in Windows 95

The Windows 95 operating system provides convenient tools for backing up individual documents and entire directories to floppy disks. To do this, just open the My Computer icon and go to the directory, the files from which need to be written to floppy disks.

Then move the mouse pointer to the icon of the file or directory that needs to be copied and click the right mouse button. A small menu will appear on the screen.

Rice. 2.3. Writing the Library directory to floppy disks

Select the Send To line from this menu, and then in the temporary menu that opens, specify the drive on which the copying will take place. In Figure 2.3 we showed how to copy the Library directory to 3.5-inch floppy disks.

Once you specify the drive, the copying process will begin. If one floppy disk is not enough to copy all the files in a directory, the operating system will ask you to insert another floppy disk.

Unfortunately, the upload method we demonstrated does not allow copying onto floppy disks files whose size exceeds the size of the floppy disk itself. Therefore, it is impossible to copy very large documents in this way.

Let's check for viruses

To scan new programs that you record on your computer, you must use the latest versions of polyphage antivirus programs. They will be able to detect any viruses known at the time the antivirus program was created. It is advisable that the antivirus software you use perform heuristic analysis of programs. Perhaps this will allow us to detect new, not yet known viruses.

The popularity of antivirus programs Aidstest and Doctor Web is so great that they are installed on almost every computer. Therefore, now we will check your computer using these programs and see if there are any viruses on it.

If you do not have the latest versions of antivirus software, use the programs that you have. Even though such a scan will be incomplete, it will still detect a large number of viruses.

Searching for viruses on your computer's hard drive

First, let's check all computer hard drives with Aidstest. Enter the following command at the DOS prompt.

Pay close attention to the messages generated by the program while scanning your computer. If a virus is detected, Aidstest will report it.

Many viruses that Aidstest does not detect can be caught by Doctor Web. In addition, Doctor Web allows you to perform heuristic analysis of programs and boot sectors. Therefore, repeat the scan using Doctor Web.

DRWEB * /CL /HI /AR /HA1 /RV /UP

Doctor Web Anti-Virus will scan all your computer's hard drives, and it will search for viruses not only directly in executable files, but also in archive files, as well as in compressed executable files. If viruses are detected, the program will display a corresponding message on the screen.

In all the examples given in this section, only a virus scan is performed; none of the detected viruses will be removed. To do this, you need to run the antivirus program one more time, booting from the system floppy disk.

Searching for viruses on floppy disks

All new floppy disks, as well as floppy disks that you have given to someone else, must be checked for virus infection. To do this, use polyphage antiviruses Aidstest and Doctor Web. Call first one and then another program sequentially. The following example shows how to test a floppy disk inserted into drive A:.

AIDSTEST A: /B
DRWEB A: /CL /AR /HA1 /UP /NM /OF

Viruses in archive files

To increase the amount of free space on your hard drive and floppy disks, many users archive rarely used files. For this purpose, special archiver programs can be used to reduce the size of files by eliminating redundancy of data recorded in the file. When the user again needs a file from the archive, he again uses the archiver program.

The files inside the archive are stored in a compressed form, eliminating the possibility of searching for a virus by their signatures. Therefore, if you archived an infected program, it may remain invisible to many antivirus programs.

Some antivirus programs, such as Doctor Web, allow you to scan files recorded inside archives. By checking archives, Doctor Web temporarily restores the files recorded in it and scans them sequentially.

If you find viruses on your computer, be sure to check all archive files, even if your anti-virus program cannot work with archives. Recover files yourself from all archives on the disk, and then scan them with your antivirus program

Typically, when several people work on one computer, they use various means of restricting access to hard drives. For example, Diskreet from the Norton Utilities package allows you to create multiple logical drives. Each user can only have access to some disks; the rest will be completely inaccessible to him.

ArjVirus virus

A harmless non-resident virus. Searches the current directory and its subdirectories for archive files created by the ARJ archiver program. The virus distinguishes archive files only by their extension - ARJ.

If an archive file is detected, the virus creates a file with a random name consisting of four characters from "A" to "V", with a COM extension. The virus writes 5 KB of its code into this file and at the end adds an arbitrary number of bytes to it.

The virus then calls the ARJ archiver program, believing that it is located in one of the directories listed in the PATH variable. To do this, use the command processor:

C:\COMMAND.COM /C ARJ A

The ArjFile parameter specifies the name of the archive file found by the virus. The ComFile parameter contains the name of the newly created virus executable file. This command adds a new executable virus file to the archive file detected by the virus. The original virus file is then deleted.

To prevent the user from seeing information on the screen that is usually displayed by the ARJ archiver program, the virus temporarily disables all output to the monitor screen.

The main idea of ​​the virus is that a user who has recovered files from an infected archive will find an unknown executable file in it and run it out of curiosity

It is necessary to scan for viruses on all disks. It is best if this is done by a user who has access to all disks on the computer. Otherwise, each user will have to check the disks available to him. If any user discovers that there is a virus on a disk accessible to him, he must inform all other computer users about this.

If you find a virus

The greatest value is your data recorded in the computer. These can be text documents, spreadsheet files, databases, program source codes, etc. Their cost can be many, many times greater than the cost of the computer itself and the software installed in it.

Any software destroyed by viruses can be restored from distributions or backup copies. But with data the situation is much worse. If data is not backed up consistently, it may be permanently lost.

Therefore, having discovered a virus, first of all you need to reboot from a blank floppy disk and copy your data from the computer’s hard drive to floppy disks, magnetic tapes or any other information storage devices. Only after this can you begin to treat your computer.

If a virus is detected, it may have already destroyed the information stored on the computer. Destructions can be of various types. Perhaps the data files will be completely destroyed and you will not even be able to read them, or perhaps they will be changed slightly and you will not be able to notice it right away.

Virus Rogue.1208

Dangerous resident virus. Destroys files with the DBF extension by writing the first byte "R" to them and performing an EXCLUSIVE OR logical operation with the number 13 on the rest of the file contents, up to the first character, which has code 13. Destroys CHKLIST ??? files. In the month when the sum of the year value and the month value is equal to 2000, the virus displays the text: “Now you got a real virus! I"m the ROGUE...!”

Try to find out exactly what virus got into your computer and what it does. You can obtain similar information from the virus descriptions that come with your antivirus programs. Virtually all antivirus programs have such lists. They can be made in the form of simple text files or in the form of special hypertext databases.

If you find a virus on your computer, it may have already spread, infecting other computers in your organization. They must be checked without fail. Many users today have computers at home. They may also become infected.

It is necessary to check all floppy disks that were used to work with infected computers. They may be infected with boot and file viruses. The virus can persist on them and then infect the computer again. Floppy disks infected with viruses must be disinfected or formatted.

How to treat a computer

After you have tried to copy all your data (documents, source texts, database files) from your computer, it’s time to start treating your computer and removing the viruses that have infected it. There are at least three options for you to remove viruses from your computer.

The simplest of them is to completely change all the software installed on the computer. You will have to reinstall the operating system and all other programs again. If a virus has infected the boot record, it can be updated by formatting the computer's logical drives using the FORMAT command. However, even formatting will not remove the virus from the master boot record of the hard drive. To do this, use the FDISK command with the undocumented /MBR parameter, and then create partitions and logical drives on the hard drive again.

Operations such as formatting a logical disk, deleting a partition or logical disk with the FDISK command completely destroy all files on this disk. Therefore, there is no need to delete files first.

After you have re-created partitions and logical drives on your hard drive and formatted them, you can begin installing the operating system and other programs. Complete installation of computer software takes a lot of time. To speed up this process, whenever possible, install software products from CDs rather than floppy disks.

You can make restoring your computer much easier if you back up all the information on your computer ahead of time. In this case, after creating and formatting the logical drives, you can restore the software from these backup copies. How this recovery occurs depends on the tools you use to create your backups.

The second option involves manually removing viruses and restoring damaged boot sectors and files. This method is the most complex and requires high qualifications. We will talk about manually restoring your computer a little later in the chapter “Manually restoring the operating system.”

And finally, the last option involves the use of special anti-virus programs. Antivirus programs will automatically detect and remove viruses, restoring the computer's functionality. Unfortunately, such recovery is not always possible, since a large category of viruses irreversibly damages programs and data recorded on computer disks. In this case, you must reinstall the software.

Now we will very briefly look at treating a computer with anti-virus polyphage programs Aidstest and Doctor Web. For more information about these and other programs that allow you to remove viruses from your computer, read the next chapter, which is called “The Best Tool.”

Treating your computer with antivirus programs

A number of resident viruses, located in the computer’s memory, prevent the successful treatment of infected programs and boot sectors. Therefore, it is advisable to perform treatment only after booting the computer from a virus-free system floppy disk. You must first write polyphage antivirus programs onto this floppy disk, for example Aidstest and Doctor Web.

The Aidstest program allows you to remove viruses it detects. To do this, run Aidstest with the /F parameter:

Some viruses cannot be detected and removed by Aidstest, so it must be used in conjunction with Doctor Web antivirus:

DRWEB * /CL /UP /CU

Aidstest and Doctor Web programs can treat not only hard drives, but also floppy disks. To do this, instead of the * parameter, which means working with all hard drives of the computer, you need to specify the name of the drive:

AIDSTEST A:/F
DRWEB A: /CL /UP /CU

Heuristic analysis (heuristic scanning)- a set of antivirus functions aimed at detecting malware unknown to virus databases. At the same time, this term also refers to one of the specific methods.

Almost all modern antivirus products use technology heuristic analysis program code. Heuristic analysis is often used in conjunction with signature scanning to search for complex encrypted and polymorphic viruses. The heuristic analysis technique makes it possible to detect previously unknown infections, however, treatment in such cases is almost always impossible. In this case, as a rule, additional updating of anti-virus databases is required to obtain the latest signatures and treatment algorithms, which may contain information about a previously unknown virus. Otherwise, the file is sent to antivirus analysts or antivirus program authors for examination.

Heuristic analysis technology

Heuristic scanning methods do not provide guaranteed protection against new computer viruses that are not in the signature set, which is due to the use of previously known viruses as the object of analysis, and knowledge about the mechanism of signature polymorphism as the rules of heuristic verification. At the same time, since this search method is based on empirical assumptions, false positives cannot be completely excluded.

In some cases, heuristic methods are extremely successful, for example, in the case of very short program parts in the boot sector: if the program writes to sector 1, track 0, side 0, this leads to a change in the drive partition. But apart from the fdisk auxiliary program, this command is not used anywhere else, and therefore, if it appears unexpectedly, we are talking about a boot virus.

In the process of heuristic analysis, the emulated program is checked by a code analyzer. For example, a program is infected with a polymorphic virus consisting of an encrypted body and a decryptor. The code emulator reads instructions into the antivirus buffer, parses them into instructions and executes them one instruction at a time, after which the code analyzer calculates the checksum and compares it with the one stored in the database. Emulation will continue until the part of the virus necessary to calculate the checksum is decrypted. If the signature matches, the program is defined.

Disadvantages of heuristic scanning

• Excessive suspicion of the heuristic analyzer can cause false positives if the program contains fragments of code that perform actions and/or sequences, including those characteristic of some viruses. In particular, the unpacker in files packed with the PE packer (Win)Upack causes false positives for a number of antivirus tools that do not recognize this problem.

• Availability of simple techniques for deceiving the heuristic analyzer. As a rule, before distributing a malicious program (virus), its developers examine existing common anti-virus products, using various methods to avoid its detection during heuristic scanning. For example, by modifying the code, using elements whose execution is not supported by the antivirus code emulator, using encryption of part of the code, etc.
• Despite statements and advertising brochures from antivirus developers regarding the improvement of heuristic mechanisms, the effectiveness of heuristic scanning is far from expected.
• Even with successful detection, treatment of an unknown virus is almost always impossible. As an exception, some products can treat viruses of the same type and a number of polymorphic, encrypted viruses that do not have a permanent viral body, but use a single implementation technique. In this case, there may be one entry in the virus database to treat tens or hundreds of viruses.

Scanning

Antivirus protection.

Antivirus programs have been and remain the main means of fighting viruses. You can use antivirus programs (antiviruses) without having any idea how they work. However, without understanding the principles of antivirus software, knowing the types of viruses, as well as how they spread, it is impossible to organize reliable computer protection. As a result, the computer may be infected even if antivirus software is installed on it.

Today, several fundamental techniques for detecting and protecting against viruses are used:

· scanning;

· heuristic analysis;

· use of anti-virus monitors;

· change detection;

· use of antiviruses built into the computer's BIOS.

In addition, almost all antivirus programs provide automatic recovery of infected programs and boot sectors. Of course, if possible.

The simplest method of searching for viruses is that the antivirus program sequentially scans the scanned files in search of signatures of known viruses. A signature is a unique sequence of bytes that belongs to a virus and is not found in other programs.

Antivirus scanner programs are able to find only already known and studied viruses for which a signature has been defined. The use of simple scanner programs does not protect your computer from the penetration of new viruses.

For encrypting and polymorphic viruses that can completely change their code when infecting a new program or boot sector, it is impossible to identify a signature. Therefore, simple antivirus scanner programs cannot detect polymorphic viruses.

Heuristic analysis allows you to detect previously unknown viruses, and for this you do not need to first collect data about the file system, as is required, for example, by the change detection method discussed below.

Anti-virus programs that implement the heuristic analysis method scan programs and boot sectors of disks and floppy disks, trying to detect code characteristic of viruses in them. A heuristic analyzer can detect, for example, that the program being tested installs a resident module in memory or writes data to the program's executable file.

Almost all modern antivirus programs implement their own heuristic analysis methods. In Fig. 1 we showed one of these programs - the McAffee VirusScan scanner, launched manually to scan the disk for anti-virus.

When an antivirus detects an infected file, it usually displays a message on the monitor screen and makes an entry in its own or system log. Depending on the settings, the antivirus may also send a message about the detected virus to the network administrator.

If possible, the antivirus disinfects the file, restoring its contents. Otherwise, the only option offered is to delete the infected file and then restore it from a backup copy (if, of course, you have one).

Page 1

Heuristic analysis allows you to identify unknown viruses, but does not require preliminary collection, processing and storage of information about the file system. Its essence lies in checking the possible habitats of viruses and identifying in them commands (groups of commands) characteristic of viruses. When suspicious commands are detected in files or boot sectors, a message is issued indicating a possible infection.

Heuristic analysis, like the forecasting methods discussed above, is based on the principles of inductive logic, since its central concept is the reliability of the hypothesis and the degree of its validity. Obviously, it is possible to increase the degree of validity of the heuristic hypothesis in relation to the forecast of the development of scientific and technological progress in any of its directions by taking into account the dynamics and trends in the development of scientific research in these areas of science when analyzing.

Using heuristic analysis, it is possible to establish for the selected process algorithm the most appropriate combinations of functional subgroups that are part of the corresponding functional groups: for example, technological and transport rotors, which do not require an upper plate for installation on the frame.

This concludes our heuristic analysis of stellar speckle interferometry.

The program provides the possibility of conducting heuristic analysis at three levels. In this case, files and system areas of disks are examined in order to detect unknown viruses using characteristic code sequences.

The second principle is a heuristic analysis of the significance of the factors taken into account, based on practical experience and intuition.

In 1998, a visual heuristic analysis system for numerical matrices, Visual HCA, was created under the guidance of prof. Repeatedly published reports at conferences in Mexico (China, Belgium) and articles in foreign and domestic journals. In 2000, an application system for visual monitoring of Mexico City pollution measurement data was developed using a visual heuristic analysis system.

The special heuristic analysis algorithm implemented in this anti-virus program also allows you to identify files infected with new types of viruses.

In a number of cases, such a scheme of ordered deterministic calculations, accompanied by a deep heuristic analysis, makes it possible to obtain sufficiently substantiated decisions and thereby complete the optimization of an adsorption plant with incomplete information. But sometimes the resulting solutions can differ significantly in their components. Then it is recommended to continue the optimization calculation according to the scheme outlined below.

Since we now already have an exact theory of game solutions, we are obliged, after this preliminary heuristic analysis, to give an exact analysis strictly based on mathematical theory.

It should be emphasized that a research group formed to solve a particular problem of organizational management must be able to use formal mathematical apparatus and have the ability to perform a purely heuristic analysis of real situations.

Maclaurin and that fission will occur when the growing ratio m reaches the critical value m 0 14 (see section. Two interesting results follow from this heuristic analysis. First, stars with M 0 8 MQ reach the main sequence and stop contracting before their core can undergo fission caused by rotation.

The solution to the problem of constructing a set of conflicting options is carried out using the optimal design software included in the software of the computer-aided design system. Further, using heuristic analysis algorithms, the computer first ranks and selects a finite number of the best AL design options, then diagnoses them or, conversely, first diagnoses, then makes a choice. The obtained results are output to the terminal devices so that the designer can make a final assessment.

When solving a two-criteria problem, one should strive to provide an extremum of a linear combination of criteria or find Pareto sets and make the final decision based on a heuristic analysis of these sets. Sometimes they do the following. A restriction is imposed on one of the criteria and the second criterion is achieved to take an extreme value.

The name of this group of methods comes from the famous Greek word “eureka!” attributed to Archimedes. - “found!”, expressing joy at his discovery. Heuristic methods are based on creative thinking and knowledge of specialists - experts, practical experience of business managers, their intuition, individual and collective judgments. Such methods are considered qualitative-logical, complementing formalized quantitative methods of analysis. The need for their use is due to the complexity and impossibility of clear mathematical modeling of many socio-economic processes (although many of these methods involve the use of mathematical procedures for processing initial information and the results of logical expert analysis).

All heuristic methods can be divided into expert methods and methods for activating creative thinking (sometimes called psychological).

Expert methods, relying on the knowledge, judgment and experience of specialists, they allow us to solve two groups of analytical problems:

• 1) obtaining information about specific economic phenomena and their causes, about the requirements of key business stakeholders;
• 2) assessing the characteristic manifestations of stable cause-and-effect relationships, forecasting the possible development of socio-economic processes and substantiating the most rational management decisions for a given situation.

The first group of problems is solved using questionnaires, surveys and interviews with employees of enterprises and representatives of other stakeholder groups of these enterprises. To solve the second group of problems, highly qualified professional experts are involved. In this case, both individual and collective methods of expert assessments can be used.

Individual methods involve the use of the opinions of selected expert specialists, formulated by each of them independently of each other and collected through interviews or questionnaires. The disadvantage of this approach is the known limited knowledge of individual specialists about all aspects of the problem under study, and the commitment of each of them to a specific position or scientific school.

More effective application collective methods, based on the involvement of groups of various experts - theorists and practitioners who are well aware of the essence of the problem, the specifics of related fields of knowledge and activities, having different points of view. The interaction of the involved specialists makes it possible to study the problem at hand from various angles. Among these methods, the most popular commission method(industrial meetings, conferences, seminars and round tables), allowing to develop a common position of the participants, taking into account all the circumstances under discussion. The disadvantage of this method is that the decisions made, due to the desire for compromise and psychological pressure from the most authoritative experts, do not necessarily reflect their best options proposed by individual commission members. This drawback is partly overcome by dividing the commission’s work into two stages:

• ? general discussion of the problem and free expression of the opinions of the participants;
• ? critical analysis of all proposals made and development of solutions.

To an even greater extent allows you to avoid the conformity of experts Delphi method, based on an anonymous correspondence survey of independent experts (often not even aware of each other’s existence) conducted in several rounds, followed by statistical processing of the results and the development of a final decision by a group of analysts who organized the survey.

Widely known collective notebook and idea bank methods, allowing you to gradually accumulate ideas and proposals put forward by independent experts, successful standard solutions, practical examples with the possibility of their systematization and evaluation.

Methods for activating creative thinking are aimed at creating psychological conditions that allow a person to generate new ideas and look for ways to solve various problems. Among similar methods of organizing the creative process when solving problems of economic analysis, the most widely used method is “brainstorming”.

"Brainstorm" is an effective method of group organization of analytical activity to solve any problems, based on the emancipation of the creative activity of its participants. It usually involves three stages. The first stage is a clear formulation of the problem that needs to be solved and the selection of creative team members. The composition of participants should not be large, but it should include not only specialists on this issue, but also other interested parties who are not related to subordination. The second stage is generating ideas to solve the problem. A feature of this stage is the creation of conditions for maximum free creativity in the complete absence of evaluations and any criticism of the proposals made. At the same time, even directions for searching for ideas and criteria for their evaluation are not specified. The main goal is the maximum number of proposals put forward and their possible combinations, all of them must be recorded. Even fantastic and seemingly absurd ideas are welcome. The duration of this stage should not exceed an hour and a half, since after this creative activity, as a rule, begins to subside. The third stage is the classification of the proposals made, the selection, evaluation and development of various combinations of the most promising ideas, carried out by the analysts who organized the “assault”.

A modification of the brainstorming method is synectics method. The term “synectics” itself means the use of combining various, often heterogeneous, seemingly incompatible elements into a single whole to solve creative problems. Synectics differs from classical “brainstorming” by organizing the group’s influence on the creative activity of its members, defining specific methods for generating ideas, allowing critical discussion and screening out put forward ideas directly at the stage of their generation. At the same time, the group should include not just professionals, but creative individuals who strive to compete and are ready to defend their positions, having various psycho-emotional characteristics (enthusiasts, conservatives, optimists, skeptics, etc.). Characteristic of synectics is the use of various verbal techniques for activating thinking: analogies (finding solutions based on the analysis of already solved similar problems in other areas, searching for solutions in science fiction, myths, fairy tales), inversion (searching for solutions “from the reverse”), empathy (identifying oneself with the analyzed object and understanding the problem based on one’s own feelings), idealization (research from the standpoint of obtaining an ideal result). It should be noted that for a synectic group of experts, preliminary preparation, mutual understanding and cohesion are very important, otherwise the growing criticality of the discussions may simply block the generation of new ideas.

Morphological method. This method is based on an assessment of the internal structure of the object under study and the corresponding decomposition of the problem under consideration into individual problems, the selection of possible solutions for each of these problems, their systematization and the synthesis of a general solution to the problem by combining particular solutions.

Theory of solving inventive problems(TRIZ). Initially, the purpose of TRIZ was to study the principles of development of technical systems and create practical methods for solving inventive problems based on identifying and eliminating contradictions in such systems to achieve an ideal final result. Now TRIZ has become a universal methodology for analyzing various problems in many areas, including economics. Activation of creative thinking is achieved by structuring analysis tasks and a certain sequence of their solution:

• 1) what the system is intended for, what elements it consists of, what their functions are and how they interact;
• 2) which connections of system elements and their functions are useful, which are useless, and which are harmful;
• 3) which elements, functions and connections can be changed and which cannot be changed;
• 4) what are the possible options for changing the elements of the system, their functions and connections;
• 5) what changes provide improvement in the functioning of the system as a whole, and what changes cause contradictions in the system and weaken it;
• 6) how to implement improving changes while simultaneously eliminating or minimizing emerging contradictions.

To stimulate creative activity and organize systematic independent work, expert analysts often resort to following unique rules. Rule 24 prescribes that the analyst must think about the problem being studied 24 hours a day. Rule 25 - To successfully solve the problem, it is necessary to put forward at least 25 ideas. Rule 26 - There are 26 letters in the English alphabet, and as a hint to yourself, you need to think about which letter the key word for solving the problem will begin with.

Heuristic methods of analysis

In your life, you have probably met a person who, first of all, struck you with the fact that he has an extremely developed imagination, original and unexpected judgments, ideas that are characteristic of highly developed intuitive thinking. We usually call such a person a creative person. And the ability to generate new ideas has every reason to be considered one of the most important signs of a creative personality.

Both at school and in higher and secondary specialized educational institutions, unfortunately, insufficient attention is paid to the development of intuition and the ability to generate new ideas. Teachers mainly pay attention to logical methods of solving problems, including in the process of solving creative problems.

Calculation methods operate only with quantitative information, the use of which in the analysis of control systems is very limited. For the analysis of economic activity, the use of heuristic methods aimed at obtaining qualitative characteristics of a business entity is of great importance. Heuristic methods are based mainly on the experience and intuition of specialists, their individual or collective judgments. Among the heuristic methods, one can distinguish evaluative and evaluative-search methods of analysis.

Heuristic methods are widely expounded in works on personnel management, management organization and organizational behavior.

The conditions that predetermine the need to use heuristic methods can be characterized as follows:

The qualitative nature of the initial information, described using economic and social parameters, the lack of sufficiently representative and reliable information on the characteristics of the research object;

Great uncertainty in the initial data for analysis;

Lack of a clear substantive description and mathematical formalization of the subject of assessment;

Lack of time and funds for research using formal models;

Lack of technical means with appropriate characteristics for analytical modeling;

The extreme nature of the situation being analyzed.

Heuristic methods of analysis represent a special group of techniques for collecting and processing information, based on the professional judgment of a group of specialists.

Classification of heuristic analysis methods

Heuristic evaluation methods

EVALUATION AND SEARCH METHODS

Commissions and conferences

Brainstorm

Collective notebook

Bank of ideas

Method of active sociological tested analysis and control

Business games

Functional and cost analysis.

Heuristic methods are often called creative methods, as they rely on the creative thinking of a group of people. The key to the reliability and validity of analysis conclusions using heuristic methods is the correct selection of experts. Depending on the goals and focus, the group of experts may be homogeneous or include representatives of different groups of related specialists, and sometimes simply interested persons. For example, when forming a group of experts to analyze technological developments, it includes technologists who can professionally evaluate the technical novelty of a solution, economists who evaluate its effectiveness, mechanics who can assess the possibility of implementing a new technology on the existing production base, and workers who implement the new technology. When assessing the quality of products and demand for them, the group of experts includes not only commodity experts, but also manufacturers and consumers of products. At the same time, when developing a technical solution at the first stage, only specialists of the relevant profile are included in the group of experts.

In practice, quite complex methods for forming a group of experts have developed:

According to formal criteria, when specialization, work experience, length of stay in one team are taken into account; this also includes psychological assessments of the individual according to the sociological service of the organization (if any), for example, the ability for creative thinking, constructive thinking, etc.;

Based on the self-assessment of the individual obtained during the survey, in this case the future expert himself evaluates his capabilities, including qualifications, analytical and constructive thinking, ability to adapt to certain situations, etc.; such selection of experts is supplemented by determining the level of self-esteem of the future expert - underestimated, overestimated or adequate, which is carried out with special

psychological selection of experts;

Based on the assessment of persons associated with the applicant, when the professional and personal qualities of a specialist are assessed by specialists of a similar profile, consumers of services, and employees implementing the expert’s decisions;

Using a random selection method (sampling), if many persons (for example, consumers of products and services) can act as experts.

Quite often, when analyzing the activities of an economic entity, the group of experts includes managers at different levels and employees. For example, this is how a group of experts is formed when choosing a production development strategy, changing the incentive system, reforming accounting and reporting systems, and restructuring organizational structures.

Thus, when selecting experts, both formal and psychological selection methods are widely used. In this regard, heuristic methods are often called psychological.

(Melyukhova Yana) 1) Typology method is based on the now popular positioning theory. The main idea of ​​this theory is the existence of a ready-made, uniform picture of standard situations and solutions for everyone. The analyst's task is to select a position that corresponds to the object of analysis according to certain parameters and obtain a standard solution proposed by the developers of the method. Practical applications of this theory are the matrices of ZKG, MacKenzie, etc. The technology for implementing the method includes the following stages:

Evaluation of the analyzed object according to certain specified parameters;

Positioning of the object in the typological scheme in accordance with the parameter values;

schema by the type of the object being analyzed.

When constructing a typological scheme, you can use two or more parameters. Parameters can reflect both simple and complex properties. An example of a complex property is the prospects of a market, characterized by size, growth rate, level of satisfaction of user needs, competition, price level, profitability and

etc. As can be seen from the above example, parameters can have both quantitative and qualitative assessments. Positioning of the analyzed object (objects) on the typological grid is possible in the form of one or another mark (points, circles, etc.).

If there are developments in specific areas, the use of typological grids allows you to determine the type of object being analyzed and use ready-made recommendations for its improvement. However, one must be extremely careful with the typology method. It must be borne in mind that universal “recipes” are quite tempting because they contrast with the solution of creative problems, but the benefits of applying the recommendations received are very limited. It is better to know how to identify and solve problems than to believe in ready-made recipes for success. According to the author, only in combination with other assessment techniques does the typology method make it possible to characterize the situation and find acceptable options for predictive management decisions.

(Olya Kiseleva) 2) Expert assessment method relies on identifying a generalized assessment by an expert group through statistical processing of individual, independent assessments made by experts. In this case, group members may be of equal value or have different ranks, which are taken into account when drawing the results of the examination.

When recruiting experts, you should be guided by the following requirements:

High level of general erudition, possession of special knowledge in the analyzed area;

Availability of certain practical and (or) research experience on the problem under consideration;

The ability to adequately assess development trends of the object under study;

Lack of bias and interest in a specific assessment result.

Favorable conditions for the work of experts are created as a result of preliminary instruction, training in research methods, and provision of additional information about the object of analysis.

(Olya Prilepa) 3) Expert commission method is based on identifying a single collective opinion by specially selected experts when discussing the problem posed and alternatives for its solution as a result of certain compromises.

When using the expert commission method, not only statistical processing of the results of the individual scoring of all experts is carried out, but also an exchange of opinions on the results of the examination and clarification of the assessments. The disadvantage of this procedure is the strong influence of authorities on the opinion of the majority of participants in the examination.

In contact with

Heuristic analysis

Almost all modern antivirus tools use the technology of heuristic analysis of program code. Heuristic analysis is often used in conjunction with signature scanning to search for complex encrypted and polymorphic viruses. The heuristic analysis technique makes it possible to detect previously unknown infections, however, treatment in such cases is almost always impossible. In this case, as a rule, additional updating of anti-virus databases is required to obtain the latest signatures and treatment algorithms, which may contain information about a previously unknown virus. Otherwise, the file is sent to antivirus analysts or antivirus program authors for examination.

Heuristic analysis technology

Heuristic scanning methods do not provide any guaranteed protection against new computer viruses that are not in the signature set, which is due to the use of previously known virus signatures as an object of analysis, and knowledge about the mechanism of signature polymorphism as the rules of heuristic verification. At the same time, this search method is based on empirical assumptions; false positives cannot be completely excluded.

In some cases, heuristic methods are extremely successful, for example, in the case of very short program parts in the boot sector: if the program writes to sector 1, track 0, side 0, then this leads to a change in the drive partition. But apart from the FDISK helper program, this command is not used anywhere else, and therefore, if it appears unexpectedly, we are talking about a boot virus.

In the process of heuristic analysis, the emulated program is checked by a code analyzer. For example, a program is infected with a polymorphic virus consisting of an encrypted body and a decryptor. The code emulator emulates the operation of this virus one instruction at a time, after which the code analyzer calculates the checksum and compares it with the one stored in the database. Emulation will continue until the part of the virus necessary to calculate the checksum is decrypted. If the signature matches, the program is identified.

Another common heuristic analysis method used by a large group of antiviruses is decompiling a suspicious program and analyzing its source code. The source code of the suspicious file is verified and compared with the source code of known viruses and samples of viral activity. If a certain percentage of the source code is identical to the code of a known virus or viral activity, the file is marked as suspicious and the user is notified.

Disadvantages of heuristic scanning

• Excessive suspicion of the heuristic analyzer can cause false positives if the program contains fragments of code that perform actions and/or sequences, including those characteristic of some viruses. In particular, the unpacker in files packed with the PE packer (Win)Upack causes false positives for a number of anti-virus tools that de facto do not recognize this problem. Another problem with analyzers is false positives when checking completely harmless code.

For example, code compiled using Delphi 7 or Delphi 2007:

Program XDC; ($APPTYPE CONSOLE) uses SysUtils; begin if (paramstr (3) ="d" ) then begin FileSetReadOnly (paramstr (2 ) ,false ) ; DeleteFile(paramstr(2)); end ; end.

Causes false positives in antiviruses such as Panda (regardless of the compiler version), Webwasher GateWay (when compiling Delphi 2007), F-Secure (when compiling Delphi 7). As can be seen from the example, the program is absolutely safe and there are absolutely no signs of malicious code or virus functionality (all the functionality of the example: if the “d” key is specified as the third parameter, the program deletes the file specified in the second parameter).

• Availability of simple techniques for deceiving the heuristic analyzer. As a rule, before distributing a malicious program (virus), its developers examine existing common anti-virus products, using various methods to avoid its detection during heuristic scanning. For example, by modifying the code, using elements whose execution is not supported by the antivirus code emulator, using encryption of part of the code, etc.

Despite statements and advertising brochures from antivirus developers regarding the improvement of heuristic mechanisms, the effectiveness of heuristic scanning is currently far from expected. Independent tests of heuristic analysis components show that the detection rate of new malware is no more than 40-50% of their number. (English)

• Even with successful detection, treatment of an unknown virus is almost always impossible. As an exception, some products can treat viruses of the same type and a number of polymorphic, encrypted viruses that do not have a permanent viral body, but use a single implementation technique. In this case, to treat tens or hundreds of viruses, there may be one entry in the virus database, as is implemented, for example, in I. Danilov’s antivirus.

see also

Links

External links

Wikimedia Foundation. 2010.

See what “Heuristic analysis” is in other dictionaries:

- (heuristics) an algorithm for solving a problem that does not have a strict justification, but nevertheless provides an acceptable solution to the problem in most practically significant cases. Contents 1 Definition 2 Application ... Wikipedia

This term has other meanings, see Polymorphism. Computer virus polymorphism (Greek: πολυ many + Greek: μορφή form, appearance) is a special technique used by the authors of malicious software... ... Wikipedia

The style of this article is non-encyclopedic or violates the norms of the Russian language. The article should be corrected according to the stylistic rules of Wikipedia... Wikipedia

Proactive technologies are a set of technologies and methods used in antivirus software, the main purpose of which, in contrast to reactive (signature) technologies, is to prevent infection of the user’s system, and ... ... Wikipedia

This article or section is a rough translation of an article in another language (see Checking translations). It could have been generated by a translator program or made by a person with little knowledge of the original language. You can help... Wikipedia

Developer OS Windows XP/Vista License Website ... Wikipedia

Screenshot of the program Type... Wikipedia

OllyDbg ... Wikipedia

This article should be Wikified. Please format it according to the article formatting rules. Some models of human behavior in the social sciences suggest that human behavior can be adequately described... Wikipedia

Changes in the conditions and objectives of the development of business entities, determined by modern economic situations and the challenges of the time, have a fundamental impact on the methods of justifying management decisions, the organization of management processes and methods for assessing the effectiveness of decisions.

Considering that “the method of economic analysis is understood as a dialectical way of approaching the study of economic processes in their formation and development,” changes in product life cycles, technological structures, types of business and the depth of the ongoing transformations require significant reform of the methods of economic analysis.

Considering the need to clearly define their competitive advantages and consolidate them for a long period, organizations pay special attention to development strategies, putting forward strategic guidelines (for example: developing leadership positions in the market, ensuring customer loyalty, increasing the social significance of the organization) that have clear qualitative characteristics. Their quantitative parameters are often very arbitrary and cannot be directly assessed.

Analysis and justification of trends in changes in these groups of indicators require a significant change even in such traditional methods of analysis as comparison, detailing, grouping, etc., but more often involve the use of other methods of analysis, often purely logical.

The development of methods of economic analysis was particularly influenced by the possibility of multiple solutions, each of which is irrational and sometimes impossible to calculate in detail. This determined the accelerated use of new accounting methods. So, for example, for long-term, strategic analysis, it is much more effective to use the marginal method of calculating costs, which, despite all its conventions, allows you to create an optimal range of products. Accounting and analysis of the full cost of individual types of products is carried out only for assortment items included in the production plan.

Since in the conditions of innovative development all stages of the reproduction cycle are significantly intensified, there is often a need to ensure the parallel implementation of its individual stages. Many authors focus on assessing the behavior of individual indicators at different stages of the reproduction cycle, highlighting leading indicators. This is typical, first of all, for management-oriented work in the formation of development indicator panels. However, this approach to classifying indicators is becoming more common.

To objectify the assessment of the organization’s development opportunities and determine its production, economic and financial potential, it is important to correspond the changes in indicators to the stages of the reproduction cycle: growth - during the recovery period; decrease or increase - during a recession; stability - during periods of stagnation, etc. In this regard, procyclical, countercyclical and acyclic indicators are distinguished, the dynamics of which are practically unrelated to the reproduction cycle.

The complication of classifications of the system of indicators involves the logical development and clarification of traditional methods of analysis.

Thus, when using the comparison method, comparison of basic financial and economic characteristics over a long period becomes increasingly important, as this makes it possible to identify cyclical fluctuations characteristic of different types of business processes. In horizontal analysis, a qualitative comparison of sources of raised financial resources and changes in individual groups of assets of the organization is used, i.e. a combination of horizontal and vertical analysis.

With the further development of economic analysis, it is important to classify indicators according to their role in making and justifying decisions of different classes and levels. In this regard, for each decision, a target indicator, factors determining its level, and, which is especially important for the objectivity of decisions made, the restrictions within which decisions are made are identified.

Deterministic methods of analysis, including factorial, still prevail, but at the same time they are actively supplemented by methods of lengthening and expanding characteristics, which is associated with the detailing of factor indicators taking into account their significance.

In factor analysis, it is necessary to identify connections between changes in factor indicators and the need for better use of existing resources or the introduction of new resources, and this requires additional funding. For this purpose, this group of indicators is divided into factors of extensive and intensive growth, which is especially important for assessing the financial strength of an organization and assessing its economic potential.

Thus, in modern conditions, the professional judgment of the analyst is increasingly important when setting problems and choosing methods of economic analysis.

Gradually, methods of logical heuristic analysis are increasingly being used, based on the professional judgment, experience and intuition of specialists, their individual or collective conclusions. Among them, we can distinguish evaluative and evaluation-search methods of analysis (Fig. 2.2)

Rice. 2.2.

Heuristic methods are widely used in personnel management, management organization and selection of organizational behavior.

Conditions that predetermine the need to use heuristic methods:

• o the qualitative nature of the initial information, described using economic and social parameters, the lack of sufficiently representative and reliable information on the characteristics of the research object;
• o high uncertainty of the initial data for analysis;
• o lack of a clear substantive description and mathematical formalization of the subject of assessment;
• o inappropriateness and lack of time and funds for research using formal models at the first stages of justifying management decisions;
• o lack of technical means with appropriate characteristics for analytical modeling;
• o extremity of the analyzed situation.

Heuristic methods of analysis represent a special group of techniques for collecting and processing information, based on the professional judgment of a group of specialists. They are often called creative.

The basis for the use of heuristic methods are expert assessments of the processes, operations, and results under consideration.

Expert analysis methods are methods for organizing work with expert specialists and processing their opinions. Solving many analytical problems requires having an independent opinion(s), i.e. attracting experts. Information received from experts cannot be considered ready for use; it must be processed and only then used to make management decisions.

When organizing the work of experts it is necessary:

• - select qualified experts;
• - interview experts and obtain information of interest to the analyst;
• - determine methods for processing and interpreting information received from experts.

When selecting experts, one should take into account their competence and professional skills in the field of activity that is being studied, the ability for creative thinking, and the ability to work in a group (if several experts are involved).

When recruiting experts, it is advisable to be guided by the following requirements:

• o high level of general erudition;
• o possession of special knowledge in the analyzed area;
• o the presence of certain practical and (or) research experience on the problem under consideration;
• o the ability to adequately assess development trends of the object under study;
• o lack of bias, interest in a specific assessment result.

In this case, group members may be of equal value or have different ranks, which are taken into account when drawing the results of the examination.

The expert commission method is based on the development of a single collective opinion by specially selected experts when discussing the problem posed and alternatives for its solution as a result of certain compromises.

When using the expert commission method, not only statistical processing of the results of the individual scoring of all experts is carried out, but also an exchange of opinions on the results of the examination and clarification of the assessments. The disadvantage is the strong influence of authorities on the opinion of the majority of examination participants.

Conclusions obtained from analysis based on heuristic methods have a logical basis and can take the form of: direct assessment (useful, harmful, acceptable, unacceptable); defining assumptions, i.e. selection of priority or most successful solutions (this can be identified through ranking of assumptions, their scoring, etc.); selection of specific events for competitive development. Quite often, the group of experts includes professional consultants - professionals in the field being analyzed.

Depending on the goals and focus, the group of experts may be homogeneous or include representatives of different groups of specialists, and sometimes simply interested persons. For example, when developing a technical solution at the first stage, only specialists of the relevant profile are included in the group of experts. When forming a group of experts to analyze technological developments, it includes: technologists who can professionally assess the technical novelty of the solution; economists assessing the effectiveness of a decision; mechanics who can evaluate the possibility of implementing new technology on the existing production base; workers are the implementers of new technology.

When assessing the quality of products and demand for them, the group of experts includes not only commodity experts, but also manufacturers and consumers of products.

In practice, quite complex ways of forming a group of experts have developed:

• o according to formal criteria - taking into account the specialty, work experience, length of stay in the same team, as well as psychological assessments of the individual according to the sociological service of the organization (if any), for example, the ability to think creatively, constructive thinking, etc.;
• o based on a person’s self-assessment obtained during a survey - the future expert himself assesses his capabilities, including qualifications, analytical and constructive thinking, ability to adapt to certain situations, etc. It is supplemented by a special psychological selection of experts to determine the level of their self-esteem - underestimated, overestimated or adequate;
• o based on the assessment of persons associated with the applicant - the professional and personal qualities of the specialist are assessed by specialists of a similar profile, consumers of services, employees implementing the expert’s decisions;
• o by random selection (sampling), if many persons (for example, consumers of products and services) can act as experts.

Quite often, when analyzing the activities of an economic entity, the group of experts includes managers of different levels and employees. For example, this is how a group of experts is formed when choosing a production development strategy, changing the incentive system, reforming accounting and reporting, and restructuring organizational structures.

Thus, when selecting experts, both formal and psychological methods are widely used, and heuristic methods are often called psychological.

When interviewing experts, individual and group methods can be used. During an individual survey, work with each expert is carried out separately, which allows the expert to express his opinion independently of others. During a group survey, experts work in groups, coordinate their opinions and develop a common expert conclusion based on a common position. Group methods are preferable from the point of view of increasing the reliability of the examination, but are more complex.

The information obtained during the expert survey must be processed by special or traditional methods of analysis, after which it can be used to make management decisions.

There are many ways to obtain expert assessments: Delphi methods, control questions, risk assessments, scenarios, business games, SWOT analysis, functional cost analysis (FCA), etc.

The Delphi method is a correspondence and anonymous survey of an expert group (5-10 people) in several rounds with the coordination of expert opinions. Each expert is given a specific task, for example, to determine the direction of development of the enterprise. Experts fill out questionnaires on the problem under study. Participants in the examination are informed of the results of each intermediate round of the survey in the form of averaged statistical values. When receiving answers from experts, different situations may arise:

• a) all experts came to the same opinion;
• b) expert opinion is divided.

In the first case, the expert opinion is accepted as the result of solving the problem, in the second, the examination process will continue.

The method of control questions is the search for an analytical solution using a specially prepared list (list) of leading questions. The advantage of this method is its simplicity and versatility. Test questions are compiled based on the experience of already solved problems, which ensures the effectiveness of the method.

The use of the security question method is implemented in several stages:

• 1) a task is formulated, in solving which control questions will be used;
• 2) a list of check questions is compiled that are most appropriate to the nature of the problem being solved, and each of them is considered in order to use the information contained in it to solve the problem;
• 3) all ideas that can be used to solve the problem are considered;
• 4) ideas are selected that can be used to solve the problem, and a program of activities is developed.

Typically, analysts use a table containing in each row a question (parameter) and answer options (parameter values) for a specific aspect of the analysis. When answering the questions posed, the analyst makes a note in the column corresponding to his conclusion. The table, as a rule, is constructed in such a way that the notes in the columns on the left show the weaknesses of the object of study, and on the right - the strengths or special capabilities. Regular use of such tables allows you to determine trends in changes in the subject of analysis over time and compare its position in relation to other objects of analysis.

Questionnaires significantly reduce the time required to conduct analysis and reduce the dependence of its results on the analyst’s skill level. When using this method, more correct results are obtained than with scoring, which is explained by the following circumstances. Instead of assigning points, the expert selects the statement that most clearly characterizes the object of assessment. The answers can be presented with quantitative data, for example, reflecting the employee’s age, or characterize the trend of change in some parameter (growth, decline), give an assessment (“excellent”, “satisfactory”, etc.).

Selection by comparison, as a rule, is more accurate than direct measurement, when in a specific situation each expert has his own concept of the optimal state of the estimated parameters.

Experience has shown that valid questionnaires cannot be created in the first place. Analysts need to be prepared for the fact that only after repeated surveys and careful analysis of assessment results and analytical documents will it be possible to create methods containing not only universal initial lists of dictionaries, but also highly specialized questionnaires for certain categories of workers with similar tasks that reflect the essence of relationships and activities of people.

The scenario method is a set of techniques and procedures for preparing and implementing any business decisions. The method is used primarily for expert forecasting. It is useful in choosing the goals of the organization and making forecasts when the organization is not satisfied with the current situation and there is a need to expand the business.

The scenario is developed by a group of organization specialists and contains a description of the sequence of steps leading to the predicted state of the organization, as well as factors and events that have a decisive influence on this process. The starting point for developing a scenario is an accurate assessment of the organization’s current situation, carried out on the basis of a retrospective analysis of activities. Such an assessment leads to an understanding of the dynamics of the influence of factors on production processes and which factors ensure the rise of activity and which ensure its decline. For uncontrollable development factors, special assessments must be made.

Stages of script development:

• 1) determination of a system of indicators on the basis of which the development scenario of the organization will be formed;
• 2) identifying the factors that determine the development of the organization;
• 3) identification of development trends;
• 4) development of alternative development scenarios and selection of the main development option.

Business games. The most common form of business game is the modeling of the analyzed processes and the future development of the predicted phenomenon in different versions and consideration of the data obtained. Business games are used both in the educational process and in production. Games that are held in groups of organizations are called organizational-activity games (organizational games). In a certain form, they include the ideology of Delphi methods and scenarios.

All participants in the game are divided into groups, each group is asked to write a scenario for the development of events in the organization. The group is led by an expert whose task is to ensure that group members do not deviate from the established task. The next day, a conference is held at which a representative of each group makes a presentation reflecting the group’s vision of developments in the organization. Members of other groups actively participate in the discussion of the report and try to convince others that their perspective is more concrete and convincing. At the end of the day, the game director and experts sum up the results of the conference and draw the team’s attention to the lack of consensus on the issues discussed. The groups disperse and prepare a new scenario. The next day, a conference is held again, at which new reports are heard. Experts must lead participants to achieve their goals together. When this manifests itself at conferences, e.g. Most of the reports express a unity of opinions; the game participants stop working in groups and, as a single team, develop a common scenario. As a result of the game, team unity occurs, which can serve as the basis for successful activities.

To ensure the accuracy of risk assessment, the maximum spread of their assessment is allowed, i.e. provides a more stringent approach to the consistency of expert opinion.

One of the most common heuristic methods is the analogy method, when a group of experts considers a possible method of resolving a problem or searches for the cause of the current situation, relying on the past experience of their own or similar business entities. In this case, experts think through their experience and the situations they have encountered, and, based on it, propose ways to solve the problem, finding out the reasons for the current situation and ways to eliminate them.

Naturally, in this case, the use of materials describing similar situations in different periods and at different objects is of great help. They can be obtained from periodicals, scientific literature, as well as from the minutes of meetings of the founders, board of directors, meetings of departments and specialized groups working in the organization. From this point of view, a bank of situations analyzed and summarized by specialized consulting firms is of significant interest. Such data banks have been created in many consulting firms around the world. It should be noted that the first steps in creating similar materials were taken in the 1980s. at consulting firms in the USSR. Currently, this work continues in the Association of Scientific Consultants of Russia and consulting firms.

In the case when experts receive materials from situations developing in other objects, their task is to select those that are similar in principle to the one being solved, i.e. The similarity of the object, situation, and goals pursued by the analysis is assessed. After such selection, the possibility of using experience in resolving the problem and the readiness of the facility to implement specific measures are determined: the state of the production and technical base, personnel qualifications, the availability of financial resources and the possibility of attracting them, the period for resolving the problem, etc.

The method of analogies allows only to determine the main directions of economic analysis and at the next stages requires a more in-depth analysis using quantitative methods. However, the preliminary use of such a method prevents an unjustifiably detailed analysis in a direction that does not reveal the main reasons for the current situation. The analogy method is often called synectic.

A group of methods that use assessment criteria include target assessment, web, typology and repertory grids.

Target assessment - assessment of objects of analysis according to certain criteria (components of the target system). When using it:

• o criteria (components of the target system) for evaluating alternatives are selected;
• o all decision options for each criterion are assigned a preference rank (ordinal number of acceptability);
• o for each alternative, the total rank is calculated for all criteria;
• o the options are ranked by total rank.

A method for multicriteria comparison of alternatives is the graphical quantitative-qualitative “spider web” method. It can be used in all cases where it is advisable to evaluate objects of analysis using a variety of quantitative and qualitative criteria. The main advantage of the method is the visualization of the analysis results, which is especially valuable when presenting research materials not to narrow specialists, but to managers.

Heuristic methods of analysis, which involve both the generation of options for analytical solutions and their evaluation, include: brainstorming (brainstorming), commissions and conferences, a bank of ideas, a collective notebook, active sociological tested analysis and control, functional-cost analysis, business games and etc.

The brainstorming method can be very effective for analyzing particularly complex situations. Brainstorming is the free generation of ideas expressed in a group of interested experts. As a rule, effective brainstorming is quite short (no more than an hour). Not only highly qualified specialists can take part in it, but also young people who can make unexpected, extraordinary proposals. However, in order for the brainstorming results to be actually used, it is important that the decision makers participate in it. In this case, having systematized the proposals of the participants, some of them can be immediately discarded as ideal, and the rest can be discussed in more detail with specialists of the relevant profile.

The selection of ideas is carried out gradually. At the first stage, none of them is discarded and, as a rule, no assessments are made at all. Then the ideas are assessed based on the level of elaboration, timing and cost of implementation, efficiency, etc. At the second stage of the analysis, one or more of the previously discussed methods for assessing and selecting solutions can be used. Brainstorming can be an integral part of analytical work, especially in forward-looking analysis.

Brainstorming is a way to find new solutions to a problem situation. It is based on the separation in time of the process of searching for ideas and their evaluation. It is a relatively quick and economical method of analysis designed to resolve difficulties and contradictions that management personnel have encountered or are likely to encounter in the near future, as well as to eliminate bottlenecks that are holding back the development of the management system. The method is effective in solving non-traditional strategic search problems. Brainstorming should be organized when the problem does not lend itself to a traditional solution. First of all, we are talking about structural policy, improving existing ways of working.

The method of commissions and conferences is the most common form of group work, during which ideas are freely put forward and criticized. It is based mainly on the habit of critical assessment of new and insufficiently substantiated ideas, acquired in the process of numerous meetings and discussions. The disadvantage of the method is that analysts in their judgments are initially focused on compromise, which increases the risk of obtaining distorted analysis results.

The collective notebook method ensures that team members put forward independent ideas and then evaluate the proposals. For this purpose, each team member receives a notebook that outlines the essence of the issue being analyzed and provides the necessary auxiliary and reference materials (for example, document flow diagrams, job descriptions, etc.).

For a predetermined time, they write down their analysis and suggestions in their notebooks, and finally evaluate their ideas, highlighting the best ones. The notebooks are handed over to the coordinator to prepare a summary note. Evaluation of group analytical alternatives is carried out by any of the previously discussed evaluation methods.

The collective notebook method is convenient in cases where it is impossible to organize long-term joint work or attract experienced consultants. To use the method, it is necessary to have creatively thinking, experienced specialists in the organization’s team.

This method of work, like a bank of ideas, involves accessing a card index or an automated database created in the process of practical activity. In these repositories, the most interesting examples of problem solving are collected and systematized. This includes both original and typical options with an assessment of their applicability. The method can be useful in solving search problems of current (more often) and strategic (less often) analysis.

The method of active sociological tested analysis and control (MASTAC) consists in the development and application of a manual containing specific recommendations for improving the activities of users of this material. The game-based team method of developing a manual involves several steps:

• 1) the organizer announces a topic for developing recommendations based on the results of the analysis, for example: “Organizational structure of the enterprise”;
• 2) each member of the expert group, within a predetermined time, formulates recommendations on the specified topic, trying to work them out stylistically accurately and clearly;
• 3) each expert in turn names the number of his recommendation (first, second, etc.) and reads it out loud. The rest of the team gives a score to this recommendation. The point system can be arbitrary - from 7 to 10, but pre-established by the organizer. If the rating members of the group consider the recommendation to be extremely useful, they give it one of the highest points; if it is absurd, then they indicate zero points. Then the next developer reads his recommendation. And so on until all the differing advice is announced and evaluated. The organizer makes sure that everyone calls out their numbers and that the order is observed;
• 4) the coordinator collects all the proposals of the group members, calculates the total score of each recommendation, distributes the proposals into rubrics, placing them within the rubrics in a sequence corresponding to the decreasing of the points received. Recommendations that receive a low number of points compared to other proposals are excluded from consideration.

SWOT analysis occupies a special place in heuristic methods. The name of the analysis consists of the first letters of the expressions: strength - strength, weakness - weakness, opportunity - opportunity, threats - risks and limitations.

This method, which is a special type of expert methods, has shown high efficiency in developing solutions in systems that are characterized by dynamism, controllability, dependence on internal and external factors, cyclicality, etc.

SWOT analysis is the determination of the strengths and weaknesses of an organization, as well as the opportunities and threats emanating from its market environment (external factors). These components mean:

• o strengths - advantages of the organization;
• o weaknesses - shortcomings of the organization;
• o opportunities - external environmental factors, the use of which will create advantages for the organization in the market;
• o threats - factors that could potentially worsen the organization's position in the market.

Carrying out a SWOT analysis comes down to filling out a matrix, the corresponding cells of which reflect the strengths and weaknesses of the organization, as well as market opportunities and threats (Fig. 2.3).

Stages of conducting a SWOT analysis:

• 1) a group of enterprise specialists is selected who will act as experts when conducting a SWOT analysis, and a group leader is appointed;
• 2) at a group meeting, a system of indicators is determined by which each component of the analysis will be assessed;
• 3) questionnaires are prepared to evaluate selected indicators for each component of the analysis;
• 4) a survey of experts is conducted and an assessment of each indicator is provided;
• 5) ratings are ranked for each component of the analysis;
• 6) based on the ranking, a development strategy for the organization is developed.

Rice. 2.3.

Filling out the matrix is ​​a complex process that requires highly qualified experts. This is because the same organizational performance indicator can be both a threat and an opportunity. But when the matrix is ​​completed and a consensus of expert opinion is expressed, the organization has sufficiently complete information about the situation in which it finds itself to determine its prospects.

To make the matrix more objective, when filling it out, it is necessary to characterize all aspects of the organization’s activities, including production, financial, marketing, organizational, and investment. With this approach, SWOT analysis will allow you to choose the optimal path for the development of the organization, avoid dangers and make the most efficient use of available resources.

As noted, in recent years, significant attention has been paid to the use of functional cost analysis (FCA) as a method for systematically studying the functions of an object (product, process, structure), aimed at minimizing costs at all stages of the life cycle while maintaining (increasing) the quality and usefulness of the object for consumers.

FSA produces the greatest results at the product development stage. But this type of analysis can also be used when the product has already been introduced to the market. This is due to the need to support the competitiveness of products, and at this stage, the use of FSA helps to improve its cost characteristics.

FSA is aimed at detecting, preventing, reducing or eliminating unnecessary costs. This is achieved through a comprehensive study of the functions performed by the facility and the costs required to carry them out. In this case, it is customary to highlight:

• o main functions - ensure the operability of the object;
• o auxiliary functions - contribute to the implementation of the main functions or complement them;
• o unnecessary functions - do not contribute to the performance of basic functions, but, on the contrary, worsen the technical parameters or economic performance of the object.

Identification of functions requires high professional training of experts, knowledge of the essence of the object being studied and analysis techniques.

The work of experts is usually based on a checklist of questions.

When conducting FSA, it is customary to distinguish several stages: preparatory, informational, analytical, creative, research, recommendation and implementation.

At the first two stages, general preparation for conducting FSA is carried out: the object of analysis is clarified; a group of competent specialists is selected to solve the task; data about the object under study is collected and summarized.

At the next three stages, the object under study is detailed into functions, their classification and determination of the cost of each of them; the tasks of combining functions, eliminating unnecessary functions, reducing the cost of object elements and selecting the most realistic options in terms of their implementation are solved.

At the final two stages, all the necessary documentation for the selected option of the improved facility is prepared, its economic effect is determined and a report on the results of the FSA is drawn up.

The main thing when carrying out FSA is the analytical stage, at which the functions of the object (product) are studied in detail and the possibilities of reducing the costs of their implementation are analyzed by eliminating or rearranging (if possible) secondary and unnecessary functions.

Reducing costs as a result of conducting FSA can have a significant impact on profits at all stages of the organization's development. If we assume that as a result of the FSA, the costs of the product at the stage of its development were reduced, then it will enter the market with a lower cost.

Thus, the use of heuristic methods of analysis makes it possible to effectively conduct both current and strategic analysis in conditions of an unstable operating environment and high innovative development of organizations; give a balanced assessment of the property and financial condition of the organization and justify the prospects for its development.