ICQ [‘I Seek You’] is a specific implementation of IM [Instant Messaging].
IM is a generic term that describes a system that allows users to see if a contact is online and communicate with them in real time, over the Internet. IM may be text-only, although some IM systems support HTML or file sharing.
Examples of IM implementations are AIM, ICQ, IRC and MSN Messenger.
The Internet (sometimes referred to simply as ‘the net’) is a global system of connected networks.
The Internet developed out of ‘ARPANET’, set up in 1969 by the US government agency ARPA [Advanced Research Projects Agency] to provide a network of computers that would connect various academic and research organizations.
Today the Internet is the sum total of the countless computers around the world that connect to each other using the public telecommunications infrastructure. The ‘glue’ that holds the Internet together is TCP/IP [Transmission Control Protocol/Internet Protocol]. ‘TCP’ splits data into packets for transmission across the Internet and re-assembles them at the other end. ‘IP’ addresses the packets to the right location.
Sitting on top of TCP/IP are other protocols that provide specific functions to users on the Internet. These include FTP (for file transfer) SMTP (for e-mail) and HTTP (for transferring data across the World Wide Web).
IMAP is a protocol for receiving e-mail. IMAP is useful where e-mail is stored on a remote server and then forwarded to the user. This is useful, for example, where a home user connects to the Internet through an ISP and downloads e-mail periodically. In this case, SMTP is used to send e-mail across the Internet to the ISP, while IMAP is used to download the e-mail from the ISP.
IMAP is similar to, but more sophisticated than, POP3.
An IP [Internet Protocol] address is a 32-bit number used to identify a computer sending or receiving packets across the Internet. The number, normally expressed as four numbers separated by full stops (each representing eight bits) identifies the network on the Internet and the host machine within that network. Of course, few of us can easily remember long numbers so, to make things easier, we use domain names that map to each IP address. The domain name ‘kaspersky.com’, for example, maps to the IP address ‘18.104.22.168’.
IRC is a specific implementation of IM [Instant Messaging].
ISPs provide users and organizations with access to the Internet. The ISP typically has what’s known as a ‘point of presence’ on the Internet: they have the equipment necessary to provide Internet access to many users and a dedicated IP address. Some ISPs rely on the infrastructure of telecoms providers, other have their own dedicated leased lines. Increasingly, ISPs provide value-add services along with Internet access: such as anti-virus and anti-spam filtering.
Synonyms: Intrusion detection, IPS [Intrusion Prevention Systems]
Intrusion detection is designed to prevent an attack on a computer system by analyzing traffic into, and through, a network.
Originally, intrusion detection was restricted to information gathering: the IT administrator was required to assess the data and take any remedial action required to secure the system. These days, IDS applications often provide an automated response to attacks based on a set of pre-defined rules. This is referred to as IPS [Intrusion Prevention Systems] and may be seen as a development of behavioral analysis.
IDS (and IPS) fall into two categories. ‘Host-based’ systems are designed to protect individual computers and typically employ behavioral analysis to detect malicious code. They do this by monitoring all calls made to the system and matching them against policies based on ‘normal’ behavior. Such policies can be quite granular, since behavior may be applied to specific applications. In this way, activity such as opening ports on the system, port scanning, attempts to escalate privileges on the system and injection of code into running processes can be blocked as ‘abnormal’ behavior. Some systems supplement behavioral analysis using signatures of known hostile code.
‘Network-based’ systems are deployed inline to protect each network segment. They filter packets for malicious code, looking for ‘abnormal’ bandwidth usage or for non-standard traffic (such as malformed packets). Network-based systems are particularly useful for detecting DoS attacks, or the traffic generated by network worms.
Synonyms: Worm, Computer worm, Email worm, Network worm
Worms are generally considered to be a subset of viruses, but with key differences. A worm is a computer program that replicates, but does not infect other files: instead, it installs itself on a victim computer and then looks for a way to spread to other computers.
From a user’s perspective, there are observable differences. In the case of a virus, the longer it goes undetected, the more infected files there will be on the victim computer. In the case of a worm, by contrast, there is just a single instance of the worm code. Moreover, the worm’s code is ‘self-standing’, rather than being added to existing files on the disk.
Like viruses, worms are often sub-divided according to the means they use to infect a system. E-mail worms are distributed as attachments to e-mail messages, IM worms are attached to messages sent using instant messaging programs (such as IRC or ICQ). P2P [peer-to-peer] worms use file-sharing networks to spread. Network worms spread directly over the LAN [Local Area Network] or across the Internet, often making use of a specific vulnerability.
The term ‘worm’ was coined by sci-fi writer John Brunner in his 1975 novel Shockwave Rider. The hero, a talented programmer, created self-replicating computer programs that tunneled their way through a worldwide network.