definitions.

Below we list a set of definitons we commonly use when discussing security issues. This list is not exhaustive.

What is adware?

Adware is any software application that has the ability to display advertisements on your computer. Some adware may track your Web surfing habits. These advertisements may be displayed in many forms, including, but not limited to, pop-up, pop-under, and banner advertisements. Adware may slow your Web browser's performance. Worst case scenario: Some adware may have the ability to download third party software programs on your computer without your knowledge or consent.

What is anti-spyware software?

Anti-spyware software protects a PC from spyware infection. Spyware protection software will find and remove spyware without system interruption.

What is a browser hijacker?

Browser hijackers have the ability to change your Internet Explorer settings, redirect your Web searches through their own search engines, redirect mistyped or incomplete URLs, and change your default home page. They may redirect your searches to "pay-per-search" Web sites which are very often pornographic Web sites.

Worst case scenario: If a hijacker changes your Internet Explorer browser settings, you may be unable to change back to your preferred settings. You may also be unable to browse the Internet entirely.

What is a cookie (or Adware Cookie)?

Cookies are pieces of information that are generated by a Web server and stored on your computer for future access. Cookies were originally implemented to allow you to customize your Web experience. However, some Web sites now issue adware cookies, which allow multiple Web sites to store and access cookies that may contain personal information (surfing habits, usernames and passwords, areas of interest, etc.), and then simultaneously share the information with other Web sites. Adware cookies are installed and accessed without your knowledge or consent.

Worst case scenario: This sharing of information allows marketing firms to create a user profile based on your personal information and sell it to other firms.

What is a dialer?

Dialers have the ability to disconnect your computer from your local Internet provider and reconnect you to the Internet using an expensive pornographic, toll, or international phone number. They do not spy on you, but they may rack up significant long distance phone charges. They have the ability to run in the background, hiding their presence.

Worst case scenario: Dialers may rack up significant long distance phone charges of your bill.

What is a drive-by download?

When programs are downloaded without the user's knowledge or consent. Most often accomplished when the user clicks to close or eliminate a random advertisement or other dialogue box.

What is encryption?

Encryption is the scrambling of data so it becomes difficult to unscramble and interpret.

What is a firewall?

A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of a computer that acts as a barrier through which all information passing between the networks and the external systems must travel. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules. Firewalls provide effective protection against worm infection, but not against spyware like Trojans, which hide in legitimate applications, then install secretly on a user's PC when the application is launched.

What is a home page hijacker (or Browser Hijacker) ?

A program that can change settings in your Internet browser; most often including your search page to redirect all searches to a specified pay-per-search site, and your default home page to the company page - often a pornography site.

What is information privacy?

The interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves.

What is a keylogger?

A keylogger is a type of system monitor that has the ability to record all keystrokes on your computer. Therefore, a keylogger can record and log your e-mail conversations, chat room conversations, instant messages, and any other typed material. They have the ability to run in the background, hiding their presence.

Worst case scenario: A third party may be able to view your personal conversations and may gain access to private information such as your usernames, passwords, credit card numbers, or your Social Security number.

What is a layered socket provider (LSP)?

A Layered Service Provider is a system driver that is linked into the Networking system for Microsoft Windows computers. It has the ability to access all data entering and leaving through the network interfaces.

What is a operating system?

The operating system is usually the underlying software that enables you to interact with the computer. The operating system controls the computer storage, communications and task management functions. Examples of common operating stems include: MS-DOS, MacOS, Linux, Windows. Also: OS, DOS.

What is personally identifiable information (PII)?

Information such as name, address, phone number, credit card information, bank account information, or social security number.

What is privacy?

The interest that individuals have in sustaining a 'personal space,' free from interference by other people and organizations.

What is privacy policy?

The responsibilities of the organization that is collecting personal information and the rights of the individual who provided the personal information. Typically, this means that an organization will explain why information is being collected, how it will be used, and what steps will be taken to limit improper disclosure. It also means that individuals will be able to obtain their own data and make corrections if necessary.

What is "Remove me"?

Options on spam that are often fake. That is, if you respond to request removal, you very well may be subjecting yourself to more spam, because by responding, the sender knows that your email account is active. A 2002 study performed by the FTC demonstrated that in 63% of the cases where a spam offered a "remove me" option, responding either did nothing or resulted in more email.

What is shareware?

Software distributed for evaluation without cost, but that requires payment to the author for full rights. If, after trying the software, you do not intend to use it, you simply delete it. Using unregistered shareware beyond the evaluation period is pirating.

What is spam?

Unsolicited commercial email. It is sent, usually in bulk, through "open-relays" to millions of persons. Spam is cost-shifted advertising. It takes a toll on Internet users' time, their resources, and the resources of Internet Service Providers (ISP). Most recently, spammers have begun to send advertisements via text message to cell phones.

What is spyware?

Spyware is software that transmits information back to a third party without notifying the user. It is also called malware, trackware, hijackware, scumware, snoopware or thiefware. Note: Some privacy advocates also call legitimate access control, filtering, Internet monitoring, password recovery, security or surveillance software "spyware" because it could be used without notifying the users.

What is a system monitor?

System monitors have the ability to monitor all of your computer activity. They range in capabilities and may record some or all of the following: keystrokes, e-mails, chat room conversations, instant messages, Web sites visited, programs run, time spent, and even usernames and passwords. The information is gathered via remote access or sent by e-mail, and may then be stored for later retrieval.

Worst case scenario: A third party may be able to view your personal conversations and may gain access to private information such as your usernames, passwords, credit card numbers, or your Social Security number.

What is a trojan horse (also known as Trojan or Backdoor Trojan)?

A Trojan horse is a program that allows a hacker to make changes to your computer. Unlike a virus, a Trojan does not replicate itself. It is generally disguised as a harmless software program and distributed as an e-mail attachment. Once you open the attachment, the Trojan may install itself on your computer without your knowledge or consent. It has the ability to manage files on your computer, including creating, deleting, renaming, viewing, or transferring files to or from your computer. It may utilize a program manager that allows a hacker to install, execute, open, or close software programs. The hacker may have the ability to open and close your CD-ROM drive, gain control of your cursor and keyboard, and may even send spam by sending mass e-mails from your infected computer. They have the ability to run in the background, hiding their presence.

Worst case scenario: A third party may gain access to your computer and do whatever the author has designed it to do.

What is a virus?

A program or code that replicates, that is infects another program, boot sector, partition sector or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, many also do damage.

What is a worm?

A program that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down. The name is an acronym for "write once, read many." A recent example of a worm is the Sasser worm (or W32.Sasser.A and its variants) that affected millions of corporate and private computer systems. Earlier in 2004, the Netsky worm (or W32/Netsky) spread by mass email using addresses obtained from an infected computer. It also spreads via local networks by trying to copy itself to shared folders on drives C: to Z:.

What is spyware?

Software that sends information about your Web surfing habits to its Web site. Often quickly installed in your computer in combination with a free download you purposely selected from the Web, spyware transmits information in the background as you move around the Web. Also known as "parasite software," "scumware," "junkware" and "thiefware, spyware is occasionally installed just by visiting a Web site (see drive-by download).

The license agreement that everyone accepts without reading may or may not divulge what the spyware does. For example, it might say that the program performs anonymous profiling, which means that your habits are being recorded, not you individually. Such software is used to create marketing profiles; for example, people who go to Web site "A" often go to site "B" and so on. Spyware may deliver competing products in realtime. For example, if you go to a Web page and look for a minivan, an ad for a competitor's vehicle might pop up (see adware).

Merchants place ads with spyware advertisers because they feel their promotions are focused. In fact, many feel that the Internet has opened up the most intelligent marketing system the world has ever seen. Merchants say they are targeting prospects who are really interested in their products, and spyware vendors argue that as long as they treat users anonymously, they are not violating privacy.

There are also spyware programs that keep changing the home page in the browser to a particular Web site or just keep popping up their ads all the time. Nevertheless, once you detect spyware, it can be eliminated, albeit sometimes with much difficulty. The downside is that people become suspect of every piece of software they install, and some even go so far as to "read the dreaded software license.

What is adware?

(ADvertisementWARE) Software that periodically pops up ads in a user's computer. Adware is considered "spyware" and is installed without the user's knowledge. It typically displays targeted ads based on words searched for on the Web or derived from the user's surfing habits that have been periodically sent in the background to a spyware's Web server. See popup and spyware.

(AD supported softWARE) Software that is given away for free because it contains advertising messages. See adserver.

What are malware definitions?

Malware is the name commonly used to describe any kind of Malicious Software. It is any piece of code that was designed with malicious intent in mind.

The most famous types of Malware are:

Viruses

Programs executed on the 'infected' machine with malicious intent. Viruses contain self-preservation mechanisms (such as 'infecting other executables') but usually need user intervention to propagate (for example, a user needs to open an attachment)

Worms - Self-Replicating Viruses that propagate automatically without any user intervention (for example, using a Buffer Overflow vulnerability present on an exposed service)

Backdoors - Programs that allow the malicious attacker remote access to the 'infected' machine without requiring normal user authentication and authorization

Trojans - Programs that contain a benign functionality (for example, a game) and a malign feature (for example, a backdoor). As in the original story, a Trojan program is designed in such a way that it bypasses normal defences and is knowledgeably executed by the user

User-Level RootKits - Programs that 'infect' program files that are executed by the user and run under the user account's privileges (for example, the Explorer.exe or Word.exe program)

Kernel-Level RootKits - Programs that 'infect' functions belonging to the Operating System kernel (i.e. the core Windows operating system) and are used by hundreds of applications (including the Windows API). Kernel-Mode RootKits will modify (i.e. hijack) internal operating system functions that return lists of files, processes, and open ports (use the 'DependencyWalker' program to see Kernel functions on the 'NTDLL.dll', 'Kerner32.dll', and 'NTOSKRNEL.exe' files) For example, in an infected machine, although the RootKit program is active and running in its own process, the 'Task Manager' won't show it because 'Task Manager' relies on Windows Kernel functions to retrieve the list of running Processes (that can be changed so that the results won't include the RootKit's own process).

There are several ways in which these Malware programs can be propagated:

• Infecting executables with the Malware code
• Exploiting known vulnerabilities (for example, buffer overflows)
• E-mailing itself to the victim's entire contact list
• Infecting an application's source code with the Malware code
• A V.W.T.B.R.M. (Virus.Worm.Trojan.Backdoor.RootKit.Malware)
• In my example, your machine is attacked by a V.W.T.B.R.M. (Virus.Worm.Trojan.Backdoor.RootKit.Malware) program. The original infection occurs through an e-mail attachment sent to your company's sales department (although, as you read in Part 1, there are other available paths to 'Infection').