Popular Online Security
Terms
Article Published By
Marc Liron - Microsoft MVP
|
|
|
There are many terms used when talking about the important topic of
Online Security.
Every Internet user should at least have a basic understanding of
the terms used and so I have collected a few of the more popular
ones and put them in this article with a brief explanation of each. |
Adware means "Advertising
Supported Software". It refers to placing adverts in software or
distributing them along side a software downlaod. Distributing a
program that has adverts for third parties such as a finance company
is Adware. Whilst generally harmless they are non the less annoying.
Bots are software applications that run automated
tasks over the internet. Bots perform tasks that are both simple and
structurally repetitive, at a much higher rate than would be
possible for a human editor alone. Bots are used in a malicious way
by criminal gangs to coordinate attacks on networked computers for
financial gain. (Thousands of infected PC's around the world can all
be used at the same time for an unlawful act.)
Botnet This is the name given to a collection of
these bots.
Cross-site scripting This is a method of placing
malicious scripts on websites that are then "executed" inside the
web browser of the person viewing the website. These scripts can be
dangerous at times. These scripting vulnerabilities can be used by
attackers to bypass the access controls, however as soon a new
vulnerability becomes known both the Internet Explorer and FireFox
browsers are "patched" quickly. This is why it is essential to be
using the latest brwoser version. Since 2005 there have been
multiple instances of the cross-site scripting, most notable sites
affected have been MySpace and Yahoo.
DDos stands for Distributed Denial of Service. A
DDos attack attempts to consume the target resources so that it can
not provide the service. The resources consumed are either an
internal host resource on the target system or data transmission
capacity in the local network to which the target is attacked. In
plain English this means a website can be brought down by aiming
1,000's of page requests a minute until the website can no longer
cope and fails! Criminal gangs will use this kind of attack to
threaten website owners into paying "protection" money.
A drive-by download is a program that is
involuntarily downloaded to your computer, without your permission
or even your awareness. A drive-by download can be commenced by
simply visiting a Web site or viewing an HTML e-mail message.
Exploit This is name given to any process that
seeks to take advantage of a code vulnerability, usually in a web
browser such as Internet Explorer or FireFox.
Firewall In its simplest form it is a software
security mechanism that prevents unwanted/unauthorised internet
traffic from entering your computer. A firewall can also block
software on your computer from sending out data as well. Having a
software firewall on your computer is ESSENTIAL if you are connected
to the Internet.
Honeypots are decoy systems that are designed to
lure a potential attacker away from critical systems. Honeypots are
designed to divert an attacker from accessing critical systems,
collect information about the attacker’s activity and encourage the
attacker to stay on the system long enough for systems administrator
to respond.
A keylogger is a hardware tool or small program
that monitors each keystroke a client types on a specific computer's
keyboard. As a hardware device, a keylogger is a tiny battery-sized
plug that sits between the between the user's keyboard and computer.
Keyloggers can steal valuable information that can allow a theif
access to your online banking account etc.
Malware is software that is designed to damage a
computer system without the owner’s informed permission. It is a
combination of the words malicious and software. The expression is a
general term used by computer professionals to mean a variety of
forms of hostile, intrusive, or annoying software or program code.
Phishing is the act of deception by giving someone
secret information or tricking them into doing somewhat that they
normally wouldn’t do or shouldn’t do. For example: distributing
e-mails to a number of users falsly claiming to be your bank etc..
in an endeavor to cheat the users into yielding private information
like passwords. The lateste versions of Internet Explorer 7 and
FireFox 2 have built in phishing filters to help spot this kind of
activity.
Root Kit is a set of tools that hackers embed in a
victim’s computer. They can act as a "back door" entrance onto your
computer and provide information for the person who put them there.
These tools have been especially designed to allow malicious
processes/applications to run on your computer but evade detection.
Spyware is any technology that assists in
collection of information about a computer user without their
knowledge. Spyware is software that is put in someone's computer to
secretly gather information about the user and relay it to
advertisers or other interested parties. Spyware can get in a
computer as a virus or as the result of installing a new program. If
you have some annoying advertising that appears on your computer all
the time you are likely infected with a spyware applcation.
Trojan is a software application that installs
malicious software while under the guise of doing something else.
These are nasty things to get infected by and are used to steal data
from you as you use your computer!
Virus is a computer program that can copy itself
and infect a computer without permission or knowledge of the user. A
virus can only spread from one computer to another when its host is
taken to the uninfected computer, for instance by a user sending it
over a network or carrying it on a removable medium such as a CD,
USB drive or by the Internet and eMail. Not all viruses are harmful
BUT they all cause problems on the infected PC.
Worm is similar to a virus but with a different
implementation. It is a self-replicating computer program. It uses a
network to send copies of itself to other PC's and it may do so
without any user intervention. Unlike a virus, it does not need to
attach itself to an existing program. Worms can bring a PC down to
the point where it is impossible to use it because it it too slow.
Worms can also harm a company network by consuming most of the
available network bandwidth, so that the connected PC's can not
speak with each other.
A zero-day exploit is the one that takes advantage
of security vulnerability on the same day that the vulnerability
becomes generally known. Ordinarily, after someone detects that a
software program contains a potential exposure to exploitation by a
hacker that person or company can notify the software company and
sometimes the world at large so that action can be taken to repair
the exposure or defend against its exploitation.
Zombie is a program that secretly takes over
another Internet attached computer and then uses that computer to
launch attacks that are difficult to trace. Zombies are typically
used in denial of service attacks (DOS), typically against targeted
Websites. 10,000 zombie PC's can be used in a single attack! What
usual happens is a criminal gang will approach the "owner" of the
zombie PC's and pay them to perform an "attack."
If you have just read all of the above it is easy to become nervous
of using the Internet and email ever again!!!
However you can generally remain safe if you:
Use an up to date AntiVirus package, AntiSpyware package, make sure
your Windows Fifewall is on and have Windows Updates set to
automatically receive any updates from Microsoft as they become
available.
In addition if you have not yet moved to
Internet Explorer 7 or
FireFox 2,
from an older version, do so now!
Security Software:
If you do NOT have any up to date security software then get some...
You might like to take a look at these popular programs from PCTools.
They are market leaders and I fully endorse them! I also need to
mention that I get a small payment (a few dollars) if you end up
purchasing these products and that helps support this website and my
newsletter :-)
Spyware Doctor:
Download a Free Trial Here
PC Tools AntiVirus:
Download a Free Trial Here
Spam Monitor:
Download a Free Trial Here
...these links above will download a small .exe file that when run
will download the full up to date software (rather then put a link
to some software that will be out of date very quickly) - they are
perfectly safe!
...and stay up to date with any major threats via my free newsletter
service, see below!
Finally a quality Newsletter!
FACT:
There are dozens of Windows newsletters - BUT this one is different!
www.marctalkstech.com
Kind Regards
Marc Liron -
Bio
Microsoft Digital Media MVP
Your Guide to using Windows XP
A Unique Windows Newsletter:
Sign Up Now!
----------------------------------------------
Other Websites By Marc Liron - Microsoft MVP
News and Articles on Windows Vista:
www.instantvista.com
-----------------------------------------------------------------------------------------
| 
