Synonyms: Patch, Maintenance pack
A patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code: so patches are normally pieces of binary code that are ‘patched’ into an existing program (using an install program).
The term ‘patching’ refers to the process of downloading and installing additional code supplied by an application vendor. However, the terms used may vary. Typically, a minor fix is referred to as a patch, while a significant fix is referred to as a Maintenance Pack or Service Pack.
Patching has become an integral part of computer security, since vulnerabilities in popular operating systems and applications are among the primary targets for virus writers and hackers. It is crucial to patch in a timely manner. During recent years, the time-lag between the discovery of a vulnerability and the creation of exploit code that makes use of it has diminished. The worse-case scenario, of course, is a so-called ‘zero-day exploit’, where an exploit appears immediately after a vulnerability has been discovered. This leaves almost no time for a vendor to create a patch, or for IT administrators to implement other defensive measures.
Stealth viruses attempt to evade antivirus scanners by presenting clean data when queried by an antivirus product. Some of these viruses display a clean version of the infected file during scans. Other stealth viruses hide the new size of the infected file and display the pre-infection size.
Social engineering refers to a non-technical breach of security that relies heavily on human interaction, i.e. tricking end users into breaking normal security measures.
Virus writers and spammers alike depend heavily on disguising malware and spam as innocent messages or software, which may even pretend to be fighting against the very form of cyber crime that is about to be committed. The objective is to get the user to respond: click on an infected e-mail attachment, click on a link to a compromised web site, or respond to a fake unsubscribe notice ... the list is endless.
Synonyms: Registry key, Key
In Microsoft® Windows®, registry keys are used to store configuration information: the value of a relevant key is changed every time a program is installed or when its configuration settings have been modified.
Many malicious programs change key values, or create new ones, to ensure that their code runs automatically: in addition, they can have an adverse effect on legitimate programs.
Synonyms: Windows registry
The Windows system registry is a database used by all modern Windows platforms. This database contains the information needed to configure the system.
Windows constantly refers to the registry for information ranging from user profiles, to which applications are installed on the machine, to what hardware is installed and which ports are registered.
Registry keys replace .ini files in previous version of Windows. The registry data is stored as binary code.
SMTP is a protocol for sending e-mail across the Internet. While any individual organization may implement a specific application for handling e-mail internally (Microsoft® Exchange, Lotus Domino®, etc.), SMTP is the common format into which all messages are converted before being sent over the Internet.
In situations where e-mail is stored on a remote server and then forwarded to the user (where a home user connects to the Internet through an ISP and downloads e-mail periodically, for example), POP3 or IMAP protocols are often used also.
Synonyms: Boot disk
A disk containing the system files required to load an operating system. These files may be located on a hard disk or removable media (floppy disk, CD or USB memory storage device).
In the context of computer security, a sandbox provides a tightly-controlled environment in which semi-trusted programs or scripts can be safely run in memory (or with limited access to the local hard disk). The sandbox concept can be implemented in a web browser, to safeguard the user from potentially harmful content, or it can be used as a method for analyzing programs in order to determine if they are safe or harmful.
Synonyms: Disk sector
A sector is an area on a PC disk (hard disk or floppy disk) used to store data. Sectors, which resemble the slices of a cake, are laid down on the disk when it is prepared for use, or formatted. The size of each sector varies depending on the operating system and is defined in the disk’s boot sector.
A disk is also divided into cylinders (or tracks) and heads (or sides). Data on a disk is accessed, at a low-level, according to its cylinder, head and sector number. Of course, the user doesn’t need to worry about this low-level information, since the operating system handles the storage and retrieval of data in a user-friendly way.
The term shell describes the user interface of an operating system, used to launch programs and give other commands. By contrast, the term kernel refers to the core of the operating system that supports all other operations.
The term ‘smartphone’ is generally applied to a mobile device that combines the functions of a wireless phone with functions more typically associated with a PDA. These include wireless e-mail access, wireless access to online banking and other web browsing capabilities, wireless access to a network, calendar (and other personal information) functions, wireless and wired synchronization between the device and a PC. Symbian OS and Windows® CE are the most common operating systems installed on smartphones.
The general term used for programs that run on a computer. This includes system software (related to the operating system) and application software used to carry out specific tasks (word processors, spreadsheet software, etc.).
A SDK is a set of routines, modules and protocols that can be used to access a program’s functionality, through its Application Program Interface [API]. Although these two terms are distinct, they are often used interchangeably. An anti-virus engine SDK provides the tools necessary for third parties to integrate anti-virus scanning into their application or business process.
Source code refers to the statements created by a programmer using a text editor. Source code is human-readable, for anyone who understands the conventions used by that programming language (‘C’, ‘C++’, etc.), but can not be executed by a computer’s processor until it has been compiled.
The term binary code, by contrast, is applied to the compiled instructions contained within an executable file. Binary code is not human-readable and can only be ‘understood’ by the computer’s processor when the program is run.
Synonyms: UCE [Unsolicited Commercial E-mail], Junk e-mail
Spam is the name commonly given to unsolicited e-mail. It is effectively unwanted advertising, the e-mail equivalent of physical junk mail delivered through the post or from unsolicited telemarketing calls.
Synonyms: Potentially hostile programs, Malware-related programs
‘Spyware’ is something of a grey area, so there’s no copy-book definition for it. However, as the name suggests, it’s often loosely defined as software that is designed to gather data from a computer and forward it to a third party without the consent or knowledge of the computer’s owner. This includes monitoring key strokes, collecting confidential information (passwords, credit card numbers, PIN numbers, etc.), harvesting e-mail addresses or tracking browsing habits. There’s a further by-product, of course: such activities inevitably affect network performance, slowing down the system and thereby affecting the whole business process.
The reason ‘spyware’ is such a grey area is that it’s really just a catch-all term for a wide assortment of malware-related programs, rather than a defined category. Most ‘spyware’ definitions apply not only to adware, ‘pornware’ and ‘riskware’ programs, but also to many Trojan programs: Backdoor Trojans, Trojan Proxies and PSW Trojans. Such programs have been around for almost 10 years, when the first AOL password stealers appeared. However, they were not then called ‘spyware’.
Although such programs are not new, their use for malicious purposes has increased in recent years and they have received much greater attention, both from the media and from ‘spyware’-only vendors.
The ASC [Anti-Spyware Coalition] drafted a definition of ‘spyware’ in August 2005. The ASC defines ‘spyware and other potentially unwanted technologies’ as those that ‘impair users' control over material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information.’
This definition, like others, spans the whole range of maware-related programs.
Stealth is the term used to describe techniques used to make a virus inconspicuous – that is, to conceal any changes a virus makes to the infected system.
System files are operating system files, used to carry out basic functions on a computer.