Synonyms: Virus, Computer virus, Classic virus
Today the term virus is often loosely used to refer to any type of malicious program, or is used to describe any ‘bad thing’ that a malicious program does to a host system. Strictly speaking, however, a virus is defined as program code that replicates.
Of course, this simple definition leaves plenty of scope for further sub-division. Sometimes viruses are further classified by the types of object they infect. For example, boot sector viruses, file viruses, macro viruses.
Or they may be classified by the method they use to select their host. ‘Indirect action file viruses’ load into memory and hook into the system such that they can infect files as they are accessed. Conversely, ‘direct action file viruses’ do not go memory resident, simply infecting a file (or files) when an infected program is run and then ‘going to sleep’ until the next time an infected file is run.
Another way of classifying viruses is by the techniques they use to infect. There are ‘appending viruses’ that add their code to the end of a host file, ‘prepending viruses’ that put their code at the start of a host file and overwriting viruses that replace the host file completely with their own code. By contrast, companion viruses and link viruses avoid adding code to a host file at all.
Then there are stealth viruses that manipulate the system to conceal changes they make and polymorphic viruses that encrypt their code to make it difficult to analyze and detect.
Of course, there are also viruses that fail to work: they either fail to infect or fail to spread. Such would-be viruses are sometimes referred to as ‘wanabees’.
Synonyms: Patch, Service pack
A patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code: so patches are normally pieces of binary code that are ‘patched’ into an existing program (using an install program).
The term ‘patching’ refers to the process of downloading and installing additional code supplied by an application vendor. However, the terms used may vary. Typically, a minor fix is referred to as a patch, while a significant fix is referred to as a Maintenance Pack or Service Pack.
Patching has become an integral part of computer security, since vulnerabilities in popular operating systems and applications are among the primary targets for virus writers and hackers. It is crucial to patch in a timely manner. During recent years, the time-lag between the discovery of a vulnerability and the creation of exploit code that makes use of it has diminished. The worse-case scenario, of course, is a so-called ‘zero-day exploit’, where an exploit appears immediately after a vulnerability has been discovered. This leaves almost no time for a vendor to create a patch, or for IT administrators to implement other defensive measures.
Viruses are often classified according to the objects they infect. Macro viruses, as the name suggests, are designed to add their code to the macros associated with documents, spreadsheets and other data files.
The first macro virus, called Concept, appeared in July 1995 and macro viruses subsequently became the dominant type of virus. There were three major reasons for this. First, they were the first type of virus to deliberately add their code to data files: this meant they weren’t just reliant on the exchange of floppy disks or programs. Second, they were very easy for would-be virus authors to write (or copy), so a new macro virus spawned many new variants. Third, they ‘cashed-in’ on the emergence of e-mail as a key business tool, so that infected users inadvertently spread them quicker than any other type of virus had spread before.
The vast majority of macro viruses were designed to spread on the back of Microsoft® Office data files (Word, Excel, Access, PowerPoint and Project), although there were a few ‘proof-of-concept’ macro viruses for other formats (Lotus AmiPro®, for example).
Macro viruses dominated the scene until the appearance of the first ‘mass-mailers’ early in 1999.
Malicious code refers to any program that is deliberately created to perform an unauthorized, often harmful, action.
Malware (short for malicious software) refers to any program that is deliberately created to perform an unauthorized, often harmful, action.
Mass-mailing refers to the technique, used by many worms, of ‘hijacking’ the e-mail system to send malicious code automatically to e-mail addresses harvested from an already infected computer.
Synonyms: Partition sector
The MBR is the first sector on a hard disk and contains the partition table, which holds information on the number of partitions, their size and which one is ‘active’ (i.e. which one contains the operating system used to boot the machine).
A megabyte [MB] is a unit of measurement for computer storage and is equivalent to a thousand kilobytes, or 1,048,576 bytes.
MSN Messenger is a specific implementation of IM [Instant Messaging].
Short for Microsoft® Disk Operating System, MS-DOS was a command line driven operating system developed for the PC. MS-DOS 1.0 was released ion 1981 and the final version, MS-DOS 6.22, was released in 1994. Microsoft® Windows® also provides command line access through its Command Prompt.
A modem converts digital signals from a computer into to analog signals that can be transferred across a standard telephone line and vice versa.
The capacity of modems has increased considerably in recent years from 14.4Kbps (Kilobits per second), to 28.8Kbps, to 56Kbps.
However, even higher capacity can be achieved using a digital IDSL [Integrated Services Digital Network] adaptor (up to 128Kbps) or a broadband connection (these days measured in Mbps).
Multipartite viruses are those that use multiple attack methods. In the days when MS-DOS was the primary PC operating system, the term multipartite was used to describe viruses that infected programs and system sectors.
Synonyms: RAM [Random Access memory]
RAM is used by the operating system and other software to hold data that is currently being used. Applications and data held on the hard disk or removable media are loaded into RAM before being processed. It’s faster to read from, and write to, RAM than a hard disk or removable media. However, RAM can be used only for temporary storage: it is cleared whenever the PC is switched off.
Synonyms: Spyware, Potentially hostile programs
‘Spyware’ is something of a grey area, so there’s no copy-book definition for it. However, as the name suggests, it’s often loosely defined as software that is designed to gather data from a computer and forward it to a third party without the consent or knowledge of the computer’s owner. This includes monitoring key strokes, collecting confidential information (passwords, credit card numbers, PIN numbers, etc.), harvesting e-mail addresses or tracking browsing habits. There’s a further by-product, of course: such activities inevitably affect network performance, slowing down the system and thereby affecting the whole business process.
The reason ‘spyware’ is such a grey area is that it’s really just a catch-all term for a wide assortment of malware-related programs, rather than a defined category. Most ‘spyware’ definitions apply not only to adware, ‘pornware’ and ‘riskware’ programs, but also to many Trojan programs: Backdoor Trojans, Trojan Proxies and PSW Trojans. Such programs have been around for almost 10 years, when the first AOL password stealers appeared. However, they were not then called ‘spyware’.
Although such programs are not new, their use for malicious purposes has increased in recent years and they have received much greater attention, both from the media and from ‘spyware’-only vendors.
The ASC [Anti-Spyware Coalition] drafted a definition of ‘spyware’ in August 2005. The ASC defines ‘spyware and other potentially unwanted technologies’ as those that ‘impair users' control over material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information.’
This definition, like others, spans the whole range of maware-related programs.