A

Active Content
This term is used to describe any code that is delivered and executed on a desktop host during network access. Users may not be aware of the Active Content activity. Active Content is typically driven by (but not limited to) HTML documents. It can be delivered by various tools (e.g., browser, email, office application) and protocols (e.g., HTTP, FTP, and SMTP). Finjan’s Vital Security™ products provide proactive protection against potentially harmful Active Content such as ActiveX, Java, executables, JavaScript, VBScript, Screen Savers, and plug-ins, delivered via HTTP, FTP over HTTP, and Native FTP.

Active Content Object
A generic name for a specific Active Content unit. This may refer to Java Applets, ActiveX Controls, JavaScript scripts, VBScripts, plug-in modules, etc. Active Content objects may also be referred to as "downloadables", or simply as “objects".

Adware
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.

Adware can be downloaded from websites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger Adware by accepting an End User License Agreement from a software program linked to the Adware or from visiting a website that downloads the Adware with or without an End User License Agreement.

Applet
A program written in the Java programming language and implemented as a Java Applet.
A browser that supports Java may download and run the applet automatically.
Any miniature application transported over the Internet, especially as an enhancement to a Web page. Authors often embed applets within the HTML page as a foreign program type.

ActiveX
A native-code program that conforms to the ActiveX Control specifications. A browser that supports ActiveX may download and run it automatically. ActiveX controls are software modules based on Microsoft's Component Object Model (COM) architecture. They add functionality to software applications by seamlessly incorporating pre-made modules with the basic software package. Modules can be interchanged but still appear as parts of the original software. On the Internet, ActiveX controls can be linked to Web pages and downloaded by an ActiveX-compliant browser. ActiveX controls turn Web pages into software pages that perform like any other program launched from a server. ActiveX controls can have full system access. In most instances this access is legitimate, but one should be cautious of malicious ActiveX applications.

Anti-Virus
Detects and blocks known viruses attempting to enter the network via the web.

Attack
An attempt to subvert or bypass a system's security. Attacks may be passive or active. Active attacks attempt to alter or destroy data. Passive attacks try to intercept or read data without changing it.

Back to top

B

  
Behavior Based
Proactively protects networks against web threats by monitoring actual code behavior and blocking any action that violates corporate security policies. It is the only technology on the market that can stop both known and unknown threats at the gateway, before they enter your network.

Behavior Profile
All the operations that an Active Content object has the potential to invoke on the resources of the client computer.

• Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
• Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
• Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
• Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
• Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.

Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.

Back to top

C

Cluster Virus
Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk.

Compromise security settings
This payload may attempt to gain access to passwords or other system-level security settings. It may also search for openings in the Internet-processing components of the computer to install a program on that particular system, which an individual could remotely control over the Internet.

Content Filtering
A subcategory of a security policy that pertains to the semantic meaning of words in text. It can also include URL filtering.

Cookie
Cookies are blocks of text placed in a file on your computer's hard disk. Web sites use cookies to identify users who revisit the site. Cookies might contain login or registration information, "shopping cart" information or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the Web site for the user. Cookies can be used to gather more information about a user than would be possible without them.

Back to top

D

Damage potential
A malware's damage potential rating may be high, medium, or low based on its inherent capacity to cause both direct and indirect damage to systems or networks. Certain malware are designed specifically to delete or corrupt files, causing direct damage. Denial of service (DoS) malware may also cause direct and intended damage by flooding specific targets. Mass-mailers and network worms usually cause indirect damage when they clog mail servers and network bandwidth, respectively.

Distributed Denial of Service (DDoS)
Attempts to bring down large sites through DoS attacks are often not feasible for a single attacking machine due to the large amount of resources available to the attacked site. Thus, hackers have developed the distributed denial of service approach, whereby a number of machines are simultaneously commanded to attack a target system. Each of these DDoS 'agents' contributes part of the total 'load' that eventually brings down the attacked service or server, or, alternatively, each agent machine contributes part of the bandwidth necessary to clog the network connections to the attacked server.

Dialer
Software that dials a phone number. Some dialers connect to local Internet Service Providers, while others connect to toll numbers without user awareness or permission. Dialers are used by Spyware to silently dial one of several ISPs to download a hostile executable or to dial highly charged international phone numbers often associated with pay porn sites.

Disinfection
Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system and, whenever possible, any affected data is recovered.

Back to top

E

Encryption
A change made to data, code, or a file such that it can no longer be read or accessed without processing (or un-encrypting). Viruses may use encryption in order to hinder detection by hiding their viral code.

Encryption Virus
An encrypted virus' code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus. Each time it infects, it automatically encodes itself differently, so its code is never the same. Through this method, the virus tries to avoid detection by anti-virus software.

Exploit
An exploit is code that takes advantage of a software vulnerability or security hole. Exploits are often incorporated into malware, which are consequently able to propagate into and run intricate routines on vulnerable computers.

Exploit ShellCode
A piece of software which is used inside exploits to execute code on the victim.

Exposure
An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:

• Allows an attacker to conduct information gathering activities
• Allows an attacker to hide activities
• Includes a capability that behaves as expected, but can be easily compromised
• Is a primary point of entry that an attacker may attempt to use to gain access to the system or data
• Is considered a problem according to some reasonable security policy

Back to top

F

False Positive, False Negative
From a security perspective, false positives refer to identification of a virus or malicious piece of content when in fact the content is clean. Conversely, if a virus or piece of malicious code passes through the security scanner (e.g., is not detected as being malicious), a false negative error has been made. False negatives probably seem more serious than false positives, but both are undesirable. False positives can cause a great deal of down-time and lost productivity. With good security scanners, false positives are rare. False negatives are a more common problem with virus scanners because known-virus scanners tend to miss completely new or heavily modified viruses. False positives have, historically, been quite a problem for scanners that make heavy use of heuristic detection mechanisms.

FTP File Transfer Protocol

H

Hacking
The operation of gaining access without the proper permission to a secure system or performing actions in a system without sufficient security privileges

HTML HyperText Markup Language

 HTTP HyperText Transfer Protocol

 HTTPS Secure HTTP

Back to top

I

J

L

Load Balancing
A group of two or more servers linked together to balance variable workloads or provide continued operation in the event that one server fails.

Back to top

M

Malicious Code
A piece of code designed to damage a system or the data it contains, or to prevent the system from being used in its normal manner.

Back to top

P

Packer
A utility which compresses and encrypts a file, in order to avoid detection by anti-virus software. Packers add a header that upon execution automatically expands the file in memory, and then transfers control to that file. Some packers can also unpack without starting the packed file. Packers are often used by writers of Trojan horses to foil anti-virus products.

 
Payload
Payload refers to what the virus does (dialer, keylogger, hijacker) in terms of damage, rather than how it spreads. Similar to military jargon, the virus is seen as the delivery vehicle' (e.g., the missile) and the damage routine is the payload (also known as warhead).

Proof of Concept
The first implementation of an idea that had previously only been discussed as a theoretical possibility or concept. In the anti-virus context, Proof of Concept describes a virus that is the first to infect a given platform or implement a given infection technique. Proof of Concept is sometime used to described a virus that is very simplistic or bug-ridden (or both), and thus unlikely to pose a real-world threat itself.

Back to top

R

Real-time Scanner
An anti-virus software application that operates as a background task, allowing the computer to continue working at normal speed, with no perceptible slowing.

• Attempt to remain unnoticed, either by actively hiding or simply not making their presence on a system known to the user, and/or
• Attempt to hide any evidence of their being accessed remotely over a network or Internet Means by which these programs provide access may include notifying a remote host of the machine by sending its address or location, or employing functionality that wholly or partially automates access to the computer on which the program is installed.

Back to top

S

Security Policy
The set of operations that is allowed to be performed on the resources of desktop computers. A security policy may be defined for each user or group within an organization.

Signature
A search pattern, often a simple string of characters or bytes, expected to be found in every instance of a particular virus. Usually, different viruses have different signatures. Anti-virus scanners use signatures to locate specific viruses.

SMTP Simple Mail Transfer Protocol

SSL (Secure Sockets Layer)
A program layer created by Netscape for managing the security of message transmissions in a network. The programming for keeping messages confidential is contained in a program layer between the application layer (such as Web browser or HTTP) and the Internet's TCP/IP layers. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer.

Back to top

T

Trojan
A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses.

Back to top

U

URL Universal Resource Locator

URL Filtering
These products filter Web traffic based on content category, specific URL and time of day in order to give organizations full control over the web browsing activities of their employees. Unmanaged access to inappropriate or distracting Web content involves legal risks, compromises network security and reduces employee productivity.

Back to top

V

Virus
A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies or creates the files. Some viruses display symptoms, and some viruses damage files and computer systems, but neither symptoms nor damage is essential in the definition of a virus; a non-damaging virus is still a virus.

Vulnerability Anti.dote™
Identifies and blocks content that tries to exploit known software vulnerabilities

Back to top

W

Window-of-Vulnerability™
The time span between when either a new vulnerability is published or when an Internet attack is launched until a signature update or patch to combat that virus is delivered. During the Window-of-Vulnerability, computers exposed and vulnerable for hours, and sometimes days, to new attacks.

Worm
A piece of self-replicating malicious code that spreads throughout a network without human interaction. Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network. Worms often spread via IRC (Internet Relay Chat).

Back to top

Z

 
Zero-Day Detection
To be able to detect and prevent an item of malware or other undesired attack at first strike. To close the Window-of-Vulnerability by identifying and providing protection from viruses before they are known and before signatures are published.

Zoo
A collection of viruses used for testing by researchers. See also: In the Wild