Online Armor
 |
Common Computer Security Terms, Threats, & Exploit Definitions
While the Internet is an extremely useful tool, the "Information Superhighway" contains many dangers for the unwary or protected user.
Though by no means an all-inclusive list, the following information may help you better understand
some of the more common computer security threats and exploits.
|
Also Autoruns Also Tracking cookies, session cookies, persistent cookies Also ActiveX, Browser helper objects, toolbar, IE Extensions Also Dynamic Link library, .dll files Also Domain Name System, DNS Checker Also Drive by download, Drive-by downloads Also Drivers, device driver Also Personal firewall Also Slo, flash tracking Also Crackers |
|
Also Internet Explorer, BHO, browser helper object, toolbar Also Keystroke recorder, keyboard sniffer Also Malicious code Also Stealth bomb attack Also Spoof sites Also Ransom ware Also Exploit, security hole Also Signatures, patterns, fingerprints, integrity check, vaccine-based |
Anti-virus program
An anti-virus program is an application that detects and identifies known viruses on your computer. Anti-virus programs typically identify a virus by its signature, and compare this signature to a database of known threats. Some work automatically, scanning your computer and files and alerting you to any viruses detected. Others must be run periodically. In most cases, once a virus is identified, the anti-virus program will prompt the user to take action to "clean" the virus, "quarantine" it so that it cannot spread, or delete the virus or the file containing it. New viruses are created and discovered virtually every week, so when using a signature-based program, it is important to purchase one which can be regularly updated to recognize these new threats.
Automatic updates
Some programs will automatically update themselves to insure you have the most up-to-date security available. This is useful when new security holes or exploits are discovered, or in the case of antivirus and vaccine-based programs – required to update to the latest pattern databases.
Autorun
Autoruns
Some software, including many malware programs, will set themselves to automatically start when you first start up Windows®. Online Armor will alert you to any software registering itself to automatically start with Windows.
Back-door program
A "Backdoor" program is so named because it is designed to provide access to a victim's computer through non-standard means, without the victim becoming aware of it. It is, literally and figuratively, a back door to the private information on your computer. Some computer programs are written with a backdoor that provides access to the program by bypassing normal established security measures. Other backdoors are computer code written and used by a hacker which exploits a vulnerability discovered in the program.
Cookies
Tracking cookies, session cookies, persistent cookies
A browser "cookie" is a small bit of computer code used by websites to track user preferences and pages visited, to recognize the user's computer the next time that they visit the site, to create and display custom pages, and a host of other purposes. Cookies may contain anything from color and font preferences to personal usernames and passwords. The cookie is shared between the user's Internet browser and the website. Common cookies are generally not designed to capture personally identifiable information without the user's implicit permission, lest they be classified as a form of Spyware. However, if you enter personally identifiable information on the site, such as your name, address, e-mail address, user name, password, etc., many cookies can and do capture this information.
While cookies are not usually a threat, many people dislike them because they do not want third parties to track their viewing habits.
Session Cookies – Session Cookies are automatically deleted when your browser closes; they are used for improving the function of the website – for example, tracking which page you are on and viewing preferences. Session cookies are essentially harmless.
Persistent Cookies – As their name suggests, Persistent Cookies remain on your computer until they are manually removed, or until they expire (the length of time is set by the site that leaves the cookie). Persistent cookies can be used to provide features such as "remember my username and password" or to track preferences on your favorite sites between visits.
Online Armor's Cookie Cutter™ protects you by automatically converting persistent cookies into session cookies – thereby stopping potential privacy violations – without breaking the features of the website you are visiting. With Online Armor, only Trusted Sites are permitted to leave persistent cookies.
Dangerous objects
ActiveX, Browser helper objects, toolbar, IE Extensions
Some web page components, such as Java applets and ActiveX components, are prone to abuse by malicious individuals or unscrupulous companies. These components can compromise your system or your privacy if they are misused or modified through the insertion of additional malicious or privacy-invading code. Online Armor can filter these objects out of web pages that you visit.
DLL
Dynamic Link library, .dll files
DLL's are small programs (or extensions to programs) which are used to share features between programs, or to separate programs into logical pieces. Some DLL's can contain dangerous code which malware writers trick other software programs into loading and running.
DNS
Domain Name System, DNS Checker
When you manually type a website name into your Web browser (i.e. www.GlobalFraudSolutions.com), your computer must first call your ISP's "DNS server" to find the real (numerical) Internet address, so that your computer can find the website among the millions of computers on the Internet.
Some attackers will hack into your ISP's DNS server to enter false information, or change the settings on your computer to point to a DNS that they control. This sort of attack places the "address book" of the Internet under the control of the attacker (at least as far as the affected machines are concerned) so that when you enter "www.my-bank.com" into your Web browser, you actually load and visit a bogus or "spoofed" web page created by the attacker – who can then steal your online banking login information to compromise your account.
To counter this type of fraud, Online Armor verifies the Web address against it's trusted DNS server, and alerts you to any discrepancies. To take advantage of this security feature, add the site to the "Protected Sites" list in Online Armor.
Drive-by download
Drive by downloads, Drive-by downloads
When browsing the Internet, some Web pages contain exploits that automatically download a malicious file without your permission or your even knowing about it. Online Armor protects against this type of automatic attack by alerting you and verifying that you do actually intend to download a file before allowing it to download, thereby effectively stopping "drive-by downloads" from installing themselves simply by virtue of your having visited the website.
Driver
Drivers, device driver
A Driver is software that works with a computer's operating system to control a particular piece of hardware, such as a printer or scanner. An example is your video card driver, which instructs Windows on how to send data to your video card, and then on to the screen you are looking at now. Malware can also install drivers to work deep within Windows to do just about anything the malicious programmer wants, including stealing your personal information, recording keystrokes, or hiding from anti-virus programs.
Encryption
Encryption is a data security process by which the data you save or communicate is automatically converted into an indecipherable code to prevent unauthorized persons from viewing it if they were to somehow gain access directly to the location where the information is stored. Encrypted data cannot be used or viewed until it is re-converted back to its original form. Generally speaking, the higher the level of encryption, the more secure the data is. Most secure Internet sites use 128-bit encryption to protect the user's information.
Execution protection
Execution Protection is a way of stopping programs from running (executing) without the specific consent of the user. This can be used to automatically stop malicious programs before they gain a foothold on your computer.
In Online Armor, execution protection is performed by the Program Blocker – it will automatically let programs that you trust run on your computer, and it will automatically block programs that you do not trust from running.
In the event that an unknown program runs or attempts to run, Online Armor will prompt you before allowing the program to run.
Additionally, Online Armor features a centrally-managed trusted applications list. This means that programs that are known to be safe are also permitted to run automatically. This feature significantly reduces the number of alerts and warnings that users may receive.
Firefox
Firefox is a free Web browser, available from www.mozilla.org/products/firefox.
Though a matter of opinion, many consider Firefox more secure and easier to use than Microsoft Internet Explorer®, which comes included with Windows, and which is often the target of attacks and security exploits due to its widespread use.
Firewall
Personal firewall
A firewall is a software program that is used to protect a single computer from outside intruders who may attempt to gain access via the Internet. Personal firewall protection is especially recommended for those with 'always-on' Internet connections such as DSL. A personal firewall is designed to protect the computer system from attack by controlling Internet connections to and from the computer, filtering inbound and outbound traffic, and alerting the user to intrusion attempts.
Flash cookies
Slo, flash tracking
Macromedia Flash can, by default, store information on users' computers. Because of the general public rejection of cookies due to privacy concerns, many advertising agencies have begun using these types of cookies to defeat user's cookie protection methods.
Hackers
Crackers
Generally speaking, a "hacker" is a computer enthusiast who enjoys finding out how computer programs work, finding ways to get around software problems, or even attempting to gain access to information or computer systems that are supposed to be protected. There are both good and bad hackers.
A good hacker, usually referred to as an "Ethical Hacker" is an expert at testing the security of programs, systems, and computer networks. This is an important job because ethical hackers help discover vulnerabilities and assist in developing ways to make software programs and computer systems more secure.
In contrast, a bad hacker (or Cracker as they prefer to be called) is an individual who "hacks" their way through the security of a computer system or network in order to gain access. This may be through something as simple as breaking a password or as complex as writing a complete program to break in using a vulnerability discovered in another program or the system's security measures. These custom programs are often referred to in generic terms as a form of "malicious code", a category which also includes computer viruses, Trojan Horse programs, keystroke loggers, and a host of other undesirables. It is these types of hackers that require software manufacturers to constantly release security updates for their programs. As soon as a vulnerability is discovered, the manufacturer's programmers must find a way to overcome and close it.
Hackers typically prefer to target large businesses and organizations, rather than individual computer users. Government organizations, major corporations, and financial institutions are often the target of multiple hacking attempts a day.
HOSTS file
A HOSTS file is a file on your computer that is referenced before connecting to your Internet Service Provider's DNS server. The HOSTS file is a list of Internet addresses for websites that are used (visited) by your computer. Some Malware programs will add entries to the HOSTS file to misdirect you to "spoofed" websites, redirect you to other sites, or prevent access to certain websites.
Online Armor will automatically alert you if any programs make changes to your HOSTS file.
Identity Theft
Identity Theft is a very serious crime epidemic and occurs when criminals "steal" your identity and pretend to be you. It is incredibly simple to commit, difficult to resolve, and can occur in a wide variety of ways. For example, with only a small amount of your personal information, identity thieves are able to: obtain false identity documents created in your name; obtain credit cards, loans, open accounts, and purchase houses or vehicles; live and work as you ("cloning"); travel and avoid security watch lists; and even provide your information when contacted or arrested by law enforcement.
Internet Explorer extensions / IE extensions
Internet Explorer, BHO, browser helper object, toolbar
Internet Explorer supports a wide variety of "helpers", which are add-on functions or extensions to provide a better Internet experience. Unfortunately, these otherwise helpful components are often abused or exploited by Malware creators, and many are designed to automatically install without your permission. To protect against this, Online Armor will first verify that you intend to add these components to Internet Explorer before permitting them to be installed, and allow any existing or unauthorized IE objects to be removed.
Keylogger
Keystroke recorder, keyboard sniffer
A keylogger is a secretly installed malicious program that records every keystroke that is typed on your computer keyboard. Keyloggers can be used to collect sensitive personal information such as user names and passwords to online banking and other secure sites, account numbers, and other confidential information. Once a keylogger has collected the data from your computer, it is secretly transmitted via a variety of methods from your computer to a computer set up by criminals to receive it. The information can then be used to defraud you or even commit Identity Theft.
Malware
Malicious code
Malware is a term for "Malicious Software", or malicious computer code, such as a virus, worm, spyware, or other type of computer program that is designed to do something ranging from the annoying or undesirable, to an action that is harmful to software or hardware, and even those designed to steal and communicate personal and confidential information. Malware can be transmitted in a multitude of ways, such as through e-mails and e-mail attachments, visiting bogus websites, and programs downloaded from non-secure locations on the Internet.
No-click attack
Stealth bomb attack
These attacks use HTML, the computer code typically used to create Web sites. Malicious code is embedded within the standard HTML code, and executes when a visitor goes to the website. HTML code is not only found in websites but is also regularly used to format the text of an e-mail. This means that it is possible for a malicious code attack to execute even if the recipient does not open an e-mail attachment, and merely opens the e-mail itself.
Phishing
"Phishing" is the common name given to a scam wherein a fraudster or scam artist sends an email purporting to be from a financial institution or other organization that generally includes a claim that "due to security concerns" or other such reason, the recipient must confirm their personal and account information immediately to avoid some negative consequence – such as account closure. In many cases, the email contains a link to a bogus or "spoofed" site that contains stolen graphics, logos, and information taken from the legitimate organization's website in order to give the appearance of being the actual site. The website address often is very close to the real website address, though containing an additional series of letters or numbers such as www.myfinancialinstitution3q4m.com. In instances of DNS or HOSTS file exploits, the recipient's Web browser may even be tricked into displaying the legitimate address, yet the user is actually taken to the bogus site owned and operated by the fraudster. Criminals often send out thousands of these "phishing" emails at once, hoping that some unsuspecting recipients will "take the bait."
Online Armor's Mail Filter provides protection against this type of fraud by automatically reviewing received emails for the common tricks and tactics used by fraudsters. Depending upon the level of certainty, Online Armor will alert you, or remove the email altogether. The Online Armor DNS and HOSTS Checker provides an additional measure of security against this type of fraud.
Pharming
Spoof sites
"Pharming", a term derived from "phishing", is the common name given to a scam wherein a fraudster or scam artist exploits a vulnerability in DNS software to "trick" a user's computer into visiting a seemingly legitimate, yet entirely bogus or "spoofed" website in hopes that the user will unknowingly provide personal and confidential information that can then be used by the criminal to commit fraud or Identity Theft.
(See also DNS and HOSTS file)
Through the DNS and HOSTS Checker, Online Armor provides protection against this type of fraud by verifying the Web address against it's trusted DNS server, and alerting you to any discrepancies. To take advantage of this security feature, add your online banking and other high-value sites to the "Protected Sites" list in Online Armor.
Ransomware
Ransom ware
As the name suggests, ransomware or ransom ware, is a form of theft whereby malicious software is installed onto your computer. This software then encrypts the data on your computer rendering it un-readable without a key to unlock it. The author of the ransomware then contacts you and offers to sell you the key to unlock your files – effectively holding your own computer files for "ransom."
Registry
The registry is a part of Windows where programs (including Windows itself) store important configuration information. Most programs will use the registry in some form or another, but malicious programs can use the registry to actually change the way your computer works.
The effects can range from annoying (such as changing your Web browser's home page), to automatically installing and running malicious programs or changing security settings and helping programs take control of your computer or snoop for data.
Security Exploit
Exploit, security hole
An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch, or vulnerability in another software program, such as a computer operating system. By exploiting the vulnerability, the attacker may gain access to data or programs in an unintended manner, or even take control of the user's computer.
Signatures
Signatures, patterns, fingerprints, integrity check, vaccine-based
A signature is an electronic "fingerprint" of a program that will uniquely identify it. By comparing the signature of a program about to run (or about to be downloaded) with a list of known signatures, traditional "vaccine-based" programs such as Anti-virus or common Anti-spyware programs are able to identify known threats. However, this also leaves the user's computer vulnerable to new, variant, unknown, and emerging threats that are not contained in the software's database.
In Online Armor, signatures are used to identify safe programs – so users will not receive alerts or warnings for programs that are known to be safe. For all others, Online Armor utilizes a powerful combination of advanced behavior analysis and a constantly updated threat database. This means that Online Armor does not provide protection only against threats that it knows or recognizes. By analyzing the behavior, or attempted behavior, of a program, Online Armor provides real time protection against new, variant, unknown, and emerging threats that would be missed by traditional protection programs.
Spyware
Spyware is the common name given to a malicious and privacy invading program that is secretly installed or downloaded onto your computer to "spy" on you. Spyware can be delivered in a wide variety of ways, including being secretly imbedded or attached to otherwise legitimate programs or files that you may download from the Internet. Spyware can take many forms, from simply monitoring and reporting your Internet surfing habits – to capturing and reporting every keystroke you make
(See also Keylogger) – to even stealing your computer files.
Trojan Horse Program
Trojan Horse programs are so named because, like their historical namesake of Greek lore, they are often hidden within other legitimate programs. In many cases, they are built directly into a functional program or utility that has one stated purpose that is presented to the user, but also secretly has an entirely different and generally malicious second purpose that can be executed when the program is installed or run on the user's computer.
Virus
Like a true biological virus, a computer virus is a type of self-replicating, malicious software code that "infects" a host program, file, or computer system and spreads itself by infecting other programs, files, or computer systems. Computer viruses can be designed to cause a variety of affects ranging from the annoying – such as creating repeated pop-up messages or repeatedly re-booting the infected computer, to damaging – such as completely using up available system resources or preventing website access – to outright destructive intent, such as being designed to destroy computer files or otherwise rendering files useless. A common method of spreading a computer virus is through email. A virus may be attached to or infecting a file that is communicated from one computer to another, or the virus may completely take over a user's email address book and send itself to every address that it contains. This method permits a virus to spread very quickly in a very short amount of time.
Worm
Similar to a computer Virus, a computer Worm is a form of self-replicating, malicious software code that spreads itself to other computer systems. Unlike a virus, however, worms are self-contained and do not need to infect a file or embed themselves into other programs in order to spread. Like viruses, worms can be designed to cause a variety of affects ranging from the annoying – such as creating repeated pop-up messages or repeatedly re-booting the infected computer, to damaging – such as completely using up available system resources or preventing website access – to outright destructive, such as being designed to destroy computer files or otherwise rendering files useless. Some more advanced worms are even designed to do multiple types of attacks. A common method of spreading a computer worm is through the creation of a "backdoor" into the infected computer. Once inside the system, the worm effectively takes over the computer, turning it into a "zombie" which is then used to quickly spread the worm to other computers. Rapid spreading of worms, as evidenced by the widescale proliferation of the MyDoom infection, can tie up enormous amounts of computer resources, creating Internet slowdowns and massive network bottlenecks.
