Glossary

Developed by Microsoft, ActiveX technology is a group of functions allowing programs to share information. Many legitimate programs use ActiveX, but some spyware programs also use ActiveX to install themselves.

Adware is a type of software that may display advertisements on your system. Some adware may also hijack Web searches, meaning it may reroute your Web searches through its own Web page. It may change your default home page to a specific Web site. Adware generally propagates itself using dialog boxes, various social engineering methods, or through scripting errors. Adware and BHOs are often bundled with various free software programs, such as clocks, messengers, alerts, and software such as screensavers, cartoon cursors, backgrounds, sounds, etc. Removing adware bundled with free software programs may cause the software to stop operating. These adware programs may also cause slowing of your Web browser and system performance issues.

An Alternate Data Stream is a highly technical way to hide images, data, or code in a file and can be used to hide malicious code. The hidden content is impossible to detect using regularly available tools, such as Windows Explorer.

Application Program Interface. API is a language and message format used by an application program to communicate with the operating system, a program, or a communications protocol. The Windows API, also called WinAPI, is the core set of APIs available in the Microsoft Windows operating systems.

An application is a set of files that work together to make a software program. Some applications, like Internet Explorer, access the Internet and allow traffic to flow in and out of your computer.

Additional protection against programs that may not match a threat definition, but exhibit behavior typical of malware. The Webroot software stops the program from executing before it can cause damage. This option can locate many emerging threats, but on very rare occasions, a legitimate program could be classified as malicious because it shows malware-like behavior.

Browser Helper Objects are add-on programs that work with your browser. Some spyware programs add BHOs without your knowledge.

A temporary storage area where data that you access frequently can be stored for rapid retrieval.

A digital certificate identifies an entity and verifies its credentials so that information it sends can be trusted. Certificates are issued by a Certificate Authority (CA), who attest that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate.

A computer process that is linked to a parent process and inherits most of the parent’s attributes. Malware writers can sometimes create a child process and attach it to a legitimate parent application. For example, Internet Explorer is used quite often by malicious processes to circumvent security. Since Internet Explorer is usually “allowed” in security products, a malicious process can spawn a child process and instruct it to perform some malicious task.

Cookies are small files that are generated by a Web server and stored on your computer for future access. When you visit some Web sites, a cookie may be placed on your system to track your personal preferences and Web surfing habits through uniquely identifiable information (browsing habits, usernames and passwords, areas of interest, etc.). Some cookies may just track which ads the site displayed while you were there to make sure the site does not display the same ads. Other cookies may store preferences that you set, passwords you create for the site, and information about the pages you visited. Some cookies can be helpful, because they contain user names and passwords that let you log in to a Web site automatically or contain preferences you set for a Web site.

Central Processing Unit. The CPU performs the computer processing and is usually contained on a single chip. A complete computer system is comprised of the CPU, clock, main memory, operating system, storage devices, and other controls.

A Custom Sweep lets you select options to meet your needs. The Webroot software saves your custom sweep settings and uses them as the basis for any scheduled custom sweep that you configure.

A group of computer systems and associated components used to store a repository of data.

An option that automatically appears or is pre-selected.

A security definition is a set of fingerprints that characterize a potentially unwanted program, such as spyware or adware, or that identifies types of viruses. Webroot regularly updates these definitions to provide better protection against the latest versions of spyware and other unwanted items.

Dialers may disconnect your computer from your Internet Service Provider (ISP) and reconnect you to the Internet using an expensive toll or international phone number. Dialers can accrue significant phone charges and can run in the background, hiding their presence. They generally propagate themselves using dialog boxes, various social engineering methods, through scripting errors, or may be delivered with a Trojan horse. The Federal Trade Commission recommends that you dispute the charges with your telephone company and report the incident.

A name that identifies a Web site (for example, “webroot.com”). You can use either the domain name or an IP address to access a Web site; in most cases, the domain name and the IP address are interchangeable. Other times, a server can host several different Web sites (each with unique domain names).

An executable file contains a program that can be launched when you double-click the file name in Windows Explorer. Typically, executable files have an .exe file extension, but they can also have other extensions, such as .bat or .com.

A filter is a set of firewall rules for what packets to allow or deny. To monitor packets, filters use a variety of screening methods, such as looking at the IP addresses, protocols, and ports that the packets are using.

A thorough sweep of all internal drives and drives directly attached to your computer.

The name assigned to a computer so it can be identified on the Internet or a network. Computers on the Internet are often named WWW. Computers on a network are usually single names that describe the computer, such as “accounting1.” Host names can be part of a fully qualified domain name (FQDN). For example, in “www.webroot.com,” the “www” is the host name and “webroot.com” is the domain name.

HyperText Markup Language. The method used to display content in Web pages.

An Internet Protocol address identifies a machine (computer or server) on the Internet. The address is a series of four numbers separated by periods (for example, 64.78.182.210). Your own computer’s IP address may be the same address during every Internet connection (called a static IP, used in most T1/DSL connections) or it may change for each Internet connection (called a dynamic IP, used in most cable/dial-up connections).

A keylogger is a type of system monitor that has the ability to record all keystrokes on your computer. Therefore, a keylogger may monitor keystrokes, e-mails, chat room dialogue, instant message dialogue, Web sites visited, usernames, passwords, programs run, and any other typed material. They may have the ability to run in the background, hiding their presence. Keyloggers and system monitors may be used for legitimate purposes but can also be installed by a user to record sensitive information for malicious purposes.

Someone with administrative access to your computer, such as a system administrator or someone who shares your computer, typically installs commercial system monitors. This program may be installed on the machine without your knowledge or consent, and may allow an unauthorized, third party to view potentially sensitive information.

Worst case scenario: A third party may be able to view your personal conversations and may gain access to private information such as your usernames, passwords, credit card numbers, or your Social Security number.

A drive on your computer system, such as a CD, DVD, or disk drive (hard drive), that is connected directly to the computer.

Malicious software that is designed to destroy or harm your computer system, such as a virus.

The part of an IP address that identifies the host by filtering out (masking) the network address. (An IP address has two components: the host address and the network address.) Also called a subnetmask.

Chunks of data that travel between machines on the Internet. When you send or receive data over the Internet, the Transmission Control Protocol (TCP) divides the message into manageable packets, which are efficient for routing. When the packets arrive on the receiving end, TCP reassembles the message into its original form.

A computer process that has subprocesses (or “children”) associated with it.

Ports are numbers that identify the entry and exit points of your computer. Computers divide one physical port connection into thousands of virtual port connections, most of which are never used. All communications protocols have designated entrance ports to your computer. For example, traffic sent using HTTP for Web pages generally travels through port 80. Your computer’s ports are either open or closed. An open port allows any information to flow through it and can make your computer vulnerable to hackers. A closed port blocks incoming traffic.

A potentially unwanted program is a program that may change the security or privacy state of your computer and online activities. These programs can (but do not necessarily) collect information about your online activities and send it to a third party without your knowledge or consent. A potentially unwanted program may arrive bundled with freeware or shareware, various social engineering methods, or by someone with access to your computer.

A process refers to the actual running of a program module. When a computer is booted, numerous processes are started. Some are parts of the operating system, while others are applications that have been designated to run at startup. Several processes may be associated with the same application. In Windows, you can view a list of running processes in the Task Manager (press Ctrl-Alt-Delete, then click Task Manager).

Rules that govern the way information is transmitted from one device to another. For example, the standard communications protocol for the Internet is TCP/IP and the standard protocol for local networks is Ethernet.

A computer system or router that acts as a relay between a client and server. Proxy servers are used to help prevent an attacker from invading the private network and are often used in building a firewall.

A holding area for spyware, viruses, and other potentially unwanted programs found during a sweep. The quarantine process does not delete items from your computer. Rather, it keeps the items in a safe place until you decide whether to delete them permanently or restore them.

A fast sweep of only locations where potentially unwanted programs are commonly found. This type of sweep maximizes use of your computer’s processing power, to make the sweep as fast as possible.

The main memory that acts as the computer’s workspace for running programs. Spyware and other unwanted programs can steal the computer’s memory resources, which can lead to system crashes, slower performance, or instability.

A database of hardware and software settings about your computer’s configuration, such as the types of programs that are installed. Spyware can create entries in the Windows registry, which can ultimately slow down your computer and cause problems in your system.

A copy of the computer’s contents that allows you to restore your computer to a previous state.

Rootkits use file obfuscation techniques to allow spyware and other malicious software to avoid detection and removal. Rootkits typically hide logins, processes, files and logs, and may include software to capture information from desktops or a network. A rootkit’s abilities to hide the presence of an intruder and the intruder's actions explain the increase in use of this method.

A certificate from an authorized certificate verification service (such as from VeriSign), which ensures that an application, service, or driver is from a trusted source and has not been tampered with.

Spyware is a program that may either monitor your online activities or possibly install programs without your consent. Information about online activities may be subsequently sent to a third party for malicious purposes without your knowledge. Spyware may arrive bundled with freeware or shareware, through e-mail or instant messenger, may propagate itself using dialog boxes, various social engineering methods, scripting errors, or by someone with access to your computer. Spyware is difficult to detect, and difficult (if not impossible) for the average user to remove without the use of a top-quality antispyware program.

System monitors, typically non-commercial, may monitor and capture your computer activity, including recording all keystrokes, e-mails, chat room dialogue, instant message dialogue, Web sites visited, usernames, passwords, and programs run. This type of program may be capable of taking screen shots of your desktop at scheduled intervals and storing the information on your computer in an encrypted log file for later retrieval. These log files may be sent to a pre-defined e-mail address. A system monitor can run in the background, hiding its presence. These programs typically install via other threats, such as music downloads and Trojan downloaders. These system monitors may allow an unauthorized, third party to view potentially sensitive information, such as passwords, e-mail, and chat room conversation.

A thread represents a single process in a multitasking application, allowing that application to split itself into two or more tasks running simultaneously.

Individual elements that make up the security definition database. The more traces found and put into the definitions, the more complete the removal of the potential threats.

A firewall function that analyzes the normal activities of your computer’s applications and processes. The firewall uses this training period as a baseline, so that later, it can more easily determine what activities deviate from normal. (If you do not enable a training period, numerous alerts may display for all Internet applications and WinAPI processes as they launch, which may require you to take action by selecting “allow” or “block” each time one of these events first occurs.)

A Trojan horse may take control of your computer files by using a program manager that allows a hacker to install, execute, open, or close programs. The hacker can gain remote control of your cursor and keyboard and can even send mass e-mails from your infected computer. It can run in the background, hiding its presence. A Trojan is usually disguised as a harmless software program and may also be distributed as an e-mail attachment. Opening the program or attachment may cause an auto-installation process that loads the downloader onto your computer and download third-party programs on your computer, resulting in the installation of unwanted programs without your knowledge or consent, and jeopardizing your privacy. Trojans can also open a port on your computer that enable a hacker to gain remote control of your computer.

A procedure that removes infected portions of a file, when a virus is detected during a sweep. If the Webroot software can remove the virus successfully, it restores the cleaned file to your computer in its original location and places a copy of the corrupted file in Quarantine. The cleaned file is safe to use; the file in Quarantine is not safe to use.

Uniform Resource Locator. The URL is the unique address for a file that is accessible on the Internet. To access the home page of a Web site, you can enter the URL of the home page (for example: http://www.webroot.com) in the browser’s address line. You can also access specific files using URLs (for example: ftp://www.webroot.com/sample.txt). The URL contains the name of the protocol to be used to access the file resource, a domain name that identifies a specific computer on the Internet, and a pathname for a specific file.

A virus is a self-replicating program that can infest computer code, documents, or applications. While some viruses are purposefully malignant, others are more of a nuisance, replicating uncontrollably and inhibiting system performance.