Dictionary of Computer Security Terms
When browsing the Emsi Software web pages you may encounter terms that need further explanation. These terms are explained in the following short reference. All terms with hyperlinks have a more detailed article available.
- Adware Adware describes programs that contain advertisements, for example banners. This is often used to finance development costs. In general, Adware has a poor reputation because some programs do not adequately mention the presence of advertising or are too intrusive. Adware modules that constantly download new advertising data can also create user profiles by monitoring user activity on the PC and thus endanger your data privacy.
- Backdoor A “Backdoor” means exactly what it says, an alternative entry point to your computer. Programmers intentionally build Backdoors into supposedly useful programs to allow access via the “back door” to the computer where they are installed. This allows an infected PC to be completely remotely controlled, e.g. for sending Spam.
- Badware Describes software exhibiting deceptive behavior and which is difficult to remove or exhibits undesired behavior. See “Malware”.
- Behavior Blocker In contrast to signature-based scanners, Behavior Blockers do not use signatures and heuristics to recognize damaging software but rather the behavior of the software.
- Botnet A Botnet describes a large network of computers infected with a particular Trojan. The author of the Trojan controls the infected computers, which then behave quasi-automatically like robots. Larger Botnets can consist of thousands of PCs – all unknown to their owners.
- Buffer Overflow So-called “buffer overflows” represent the most common security holes in programs and operating systems. They occur when too much data is loaded into a particular storage area intended for a smaller amount of data, which can cause errors or crashes. In the worst case, an attacker can use this to obtain control over another PC. The most important protection measures are regular software updates.
- Captcha Is used to decide whether a program or online service is being operated by a human or machine user. The most common form of Captchas are randomly generated images containing codes that are to be manually entered. A machine cannot decode the intentionally distorted letters and numbers. This ensures that (e.g.) a program cannot be switched off by another program or a Bot.
- Cookie This is a small snippet of information sent from a web server to a user’s browser, which then stores it. On subsequent access to the same web server this server can then read back this information snippet and use it to “recognize” the user. This method is ideally suited to recording user profiles (what was clicked?).
- Dialer Dialers are a particular type of Malware that dial expensive telephone service numbers without permission. In the days when Internet access occurred mainly via Modems and ISDN connections Dialers represented a great danger in the form of horrendous telephone bills. In the days of DSL they have become less common because DSL does not use a simple dial-up connection.
- Exploit An Exploit is the technical term for a damaging program that exploits specific weak points in a piece of software (for example Buffer Overflows). Attackers can gain control of an attacked computer via weak points in the operating system or applications.
- False positive A false positive is a term applied to a failure in an alerting system – most commonly in an anti-malware product or intrusion detection system. It can occur when file layouts or behavior patterns of good and bad software are similar. Once reported, false alerts are usually quickly fixed by the software authors.
- Heuristic This describes the mathematical analysis of scanned files on the hard drive. The program code is used to perform a probability calculation of damaging actions.
- Hoax Describes an intentionally distributed false warning that is treated as true and passed on by many users. A well-known hoax told users to delete supposedly Malware files such as SULFNBK.EXE and JDBGMGR.EXE, despite the fact that these are important system files.
- Guard This means exactly what it says. Guards are programs or program elements that have a protective role, meaning that they protect the computer or parts of the computer from particular attacks.
- HIPS/IDS The abbreviations HIPS and IDS stand for “Host (based) Intrusion Prevention System” and “Intrusion Detection System”. These are programs or program elements that detect and prevent the execution of damaging code. Their main advantage is signature-free recognition, which allows detection of new Exploits and Zero-day attacks for which no signatures currently exist.
- Keylogger Keyloggers are small programs invisibly installed on a computer that record all keyboard input. An attacker can use this to (e.g.) record passwords.
- Malware The word Malware is composed from the words “malicious” and “software”. This is a collective term for all types of damaging software such as Trojans, Spyware or Viruses.
- Phishing Attackers use forged websites to obtain secret passwords. The term comes from “Password Fishing”. The Internet addresses are disguised so that they are almost identical to the originals. This mainly affects online banking access.
- POC/Proof Of Concept A “Proof of Concept” is the prototype of a new attack that usually does not contain distribution routines. When a programmer discovers a new hole in a program (see Exploit) then they provide evidence of this with a POC. Proofs of Concept are also created by hackers for negative reasons, but also by employees of security companies and private programmers.
- Riskware Riskware comes from the words “risk” and “ware”. Simply put, this is software whose installation presents a possible but not definite risk for the PC.
- Rootkit Rootkits currently represent the greatest threat to PC users. They install themselves invisibly on a target system and give the attacker full control over the system. Once installed, clever hiding mechanisms make Rootkits very difficult or even impossible to detect. If you detect a Rootkit installation, then a new installation of the operating system is usually unavoidable because you can no longer trust the PC.
- Scanner Alongside the hardware of the same name used for digitizing pictures, the term Scanner also describes a program used for searching a computer. Malware scanners use signatures and heuristics to detect damaging software.
- Security hole An attacker can use a security hole to gain access to a PC and install their own software. See “Exploit”. Regular software updates and a Behavior Blocker are useful against security holes.
- Signature A signature represents the unique fingerprint of a program. Signatures are especially used by scanners for recognizing damaging software. Their major disadvantage is the exponential growth of the number of different versions of damaging software and the fact that a particular piece of Malware must first be known before a signature can be created.
- Spyware Spyware is software that literally spies on the activities of the user of the computer where it is installed. All possible personal data is gathered and then sent to the author of the Spyware.
- Trojan This term comes from the Trojan Horse in Greek mythology. The user thinks that he or she is installing a useful program such as (e.g.) a small game on his or her computer. However, Malware is concealed behind the useful program, which is then also installed on the PC and gives the attacker control over the system.
- Virus Viruses are the oldest form of damaging software and these are sadly still a current threat. In contrast to all other types of Malware, a Virus infects a normal program by injecting its own code into the normal program (comparable to a biological virus that injects its own genetic information into a human cell). Once run, the virus attempts to distribute copies of itself and can cause damage in a wide range of possible ways. A Virus usually requires a “host” and cannot run alone.
- Vulnerability See “Security hole” and “Exploit”.
- Worm A Worm uses higher-level applications such as a network or email system to distribute copies of itself in an uncontrolled manner. A Worm can contain damaging routines but this is not absolutely necessary. A typical distribution path is (e.g.) via email attachments. When the user opens the attachment, this is automatically sent to all recipients in the address book.
- Zero-Day Attack A Zero-Day Attack describes Malware on the first day of distribution. New Malware is especially dangerous in the first few days because it usually takes a while for the anti-virus companies to obtain a sample and create a suitable signature. So-called Behavior Blockers offer better protection here.
- Zombie Computer A computer infected with a Backdoor Trojan that listens for remote commands and carries out remotely controlled actions.
Have a Great (Malware-Free) Day!
Emsisoft Mamutu Tutorial