Glossary

adware. Software installed with some shareware or freeware, that displays web-based advertisement usually via a pop-up window, on a user' computer.

API (application programming interface). A standardized interface whereby an application program can use services provided by the operating system or subsystems.

applet. Specifically, Java programs. An HTML-based program that uses a web browser to provide a user interface.

attack vector. The route or means used by a hacker to carry out an attack.

authorization. Approval or permission to do something.

backdoor. A backdoor is a secret or undocumented method of accessing a computer. It can also be the software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

bit. In computing, the smallest unit of storage. Bit is a contraction of the term "binary digit".

browser. A program that can retrieve and display information from servers on the World Wide Web (WWW).

buffer. A temporary storage area in a computer's memory.

buffer overflow. A buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold. Since buffers are created to contain a finite amount of data, any extra information has to go somewhere. This usually results in an overflow into adjacent buffers, corrupting or overwriting the valid data held there.

byte. In computing, a fundamental unit of storage. A byte usually holds one character of information, and usually means eight bits. The word 'byte' is derived from the term 'Bit x Eight'.

cache. A special high-speed storage area. A cache can either be part of main memory or on an independent storage device.

client. A computer on a network that uses services provided by a server.

chroot. A technique under UNIX whereby a process is permanently restricted to an isolated subset of the file system.

cookie. A small file containing data about a visitor to a website. It's main purpose is to identify users  when they return to that website.

CRC (cyclic redundancy check). A type of checksum used implement data integrity as a check against accidental changes or corruption to data.

checksum. A one-way function applied to a file to produce a unique 'fingerprint' of that file for later reference. Checksum systems are a primary means of detecting file system tampering on UNIX.

cybercrime. Any criminal activity which uses network access to commit a criminal act.

DOS (denial of service). A type of attack strategy used by hackers with the aim of closing down a website by bombarding it with fake page requests from a number of different locations.

DDOS (distributed denial of service). An attack that pits many computers against a single victim. This type of attack causes a computer to crash or to become so busy processing data that it becomes unusable. It is possible for a home computer to be used as a participant in a denial-of-service attack on another system without the owners knowledge..

domain hijacking. A type of attack where an attacker takes over a domain by first blocking access to the DNS server and then putting another server up in its place.

DNS (domain name system). DNS is how Internet domain names are located and translated into Internet Protocol (IP) addresses. A domain name is a way of using meaningful words to remember an Internet address, rather that IP address numbers.

DLL (dynamic link library). A DLL is a relatively small program which can be called by another program only when needed, and therefore can be shared between many programs.

event. In Prevx terms, essentially a violation of a security setting (or policy).

exploits. An exploit is a way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Most exploits can be classified into categories including buffer overflow, directory climbing and Denial of Service.

firewall. Security devices used to restrict access in communication networks. They prevent computer access between networks (for example, from the Internet to a corporate network), and only allow access to services which are expressly registered. They also keep logs of all activity, which may be used in investigations.

granularity. The relative fineness or coarseness by which a mechanism can be adjusted.

hack. Any software in which a significant portion of the code was originally in another program.

hacker. An individual whose primary aim is to penetrate the security defenses of computer systems. A skilled hacker can penetrate a system and withdraw again, without leaving any trace of activity. Proto-hackers are those who aspire to be 'true' hackers but have not yet acquired the necessary skills to get past serious security measures without setting off alarm systems. The term is also applied to individuals who do not attack or attempt to penetrate computer systems, but use their skill to hack commercially available packages. Hackers, of whatever variety, are a threat to all computer systems.

heap. In computing, an area of memory where the operating system can dynamically allocate blocks of arbitrary size or order. The name signifies a lack of order, as opposed to ordered (such as a stack).

host-based intrusion prevention [software].  Generally used to describe software installed on a system that is designed to detect and block external attacks on that system.

host-based security. The technique of securing an individual system from attack. Host-based security is operating system and version dependent.

hijacker. In software terms, some code that resets your browsers settings to point to other sites. Hijackers may reroute your information and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but slower.

intrusion detection. Detection of unauthorized access to a network by using some form of analysis and behavior patterns.

intrusion prevention. Prevention of actual or attempted attacks to a computer or a network by monitoring key system components and looking for suspicious behavior.

IP (internet protocol). The method or protocol by which data is sent from one computer to another computer on the Internet.

intranet. A computer network, usually based on Internet technology, that an organization uses for its own internal use.

key logger (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack.

macro virus. A virus containing a malevolent macro. Depending upon the way the virus is delivered it may sometimes be known as a Trojan, or a Worm.

malicious code. A program that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into running another program.

malware. A generic term for a number of different types of malicious code.

network worm. A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability. A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.

operating system. Computer programs that are primarily or entirely concerned with controlling the computer and its associated hardware. Computers can operate without application software, but cannot run without an operating system.

one-way encryption. Irreversible transformation of plain text to cipher (i.e. encrypted) text.

patch. A small program update released by a software manufacturer, usually to fix bugs.

patching. The process  of applying a patch.

personal firewall. A firewall which is intended to run on an individual computer.

port. A communications channel on a computer identified by a number known as a Port Number. Hackers often use an open port to gain unauthorized access to a computer.

program infector. Malware that attaches itself to existing program files.

registry. Central part of the Microsoft Windows operating system where essential hardware and settings are stored.

RAT (remote administration tool). A Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine. What happens when a server is installed in a victim's machine depends on the capabilities of the Trojan, the interests of the attacker, and whether or not another attacker ever gains control of the server - who might have entirely different interests.

rootKit. A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or network.

scalability. The ability to expand a computing solution to support large numbers of users without impacting performance.

SSH (secure shell). A program used to log on to another computer over a network, to run commands on a remote computer, and to move files from one computer to another.

SSL (secure sockets layer). A protocol used for secure Internet communications.

shell. In UNIX, a Shell is the interface with which the user interacts with the operating system. In some systems, the Shell is called a command-line interpreter.

SNMP (simple network management protocol). A protocol governing network management and the monitoring of network devices and their functions.

security policy. Security Policies are how Security Settings are known in Prevx Enterprise terms. They are sets of rules which define good or bad system behavior. Prevx constantly monitors your system and checks for behavior that contravenes the security policies.

security setting. Security settings are how Security Policies are know in Prevx Home terms, but they work in the same way. See 'Security Policy'.

server. The control computer on a that controls software access to workstations, printers and other parts of the network.

stack. In computing, a data structure where the first element that can be removed was the last one added. Sometimes know as Last In, First Out (LIFO).

spyware. Software installed with some shareware or freeware that collects and transmits information about users browsing habits to a third party and usually without their knowledge or consent.

TCP/IP (transmission control protocol/internet protocol). The basic communication language or protocol of the Internet.

threat. A potential for a security violation

threat vector. The route or method that a threat uses to get to it's target.

trojan [horse]. Either, (a) any program designed to do things that the user of the program did not intend to do or that disguises its harmful intent or (b) a program that installs itself while the user is making an authorized entry; which is used to break-in and exploit a system. Unlike viruses and worms, Trojans do not replicate.

URL (uniform resource locator). The addressing system used on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.

Unix. An operating system, initially designed to be a small, flexible system used exclusively by programmers.

update. In Prevx terms, update means getting the latest security settings and product enhancements. Update does not refer to getting signature file updates as Prevx does not use signature files.

virus. A self-replicating program that infects other computer programs. A virus inserts its code into a file, so that when that file is executed the virus is executed as well. A virus can be malicious or harmless depending on it's payload.

vulnerability. A flaw or weakness. Vulnerabilities are sought out and exploited by hackers.

worm. Classified as a type of virus. A self-replicating program that propagates by attacking other machines and copying itself to them. It can be destructive or harmless, depending on it's payload. A worm may replace files but does not insert itself (as happens with a virus).

zero-day.  Literally less than 24 hours old.  Often used to describe attacks that have just appeared on the internet and sometimes used to describe a vulnerability (a security hole that could be exploited by an attacker) that has just been discovered.

zero-day attacks. Literally, "An attack that has been launched for the first time within the last 24 hours".   More commonly, this refers to attacks that are so new that security products vendors (for example, anti-virus vendors) have not yet had time to produce a signature to recognize the attack.  Can also refer to an attack that exploits a previously unknown vulnerability in a program for which there is no patch available.