Stumped by the anti virus jargon, try this virus glossary for insight
McAfee knows the technical terminology used in virus alerts and descriptions can be confusing to a newcomer. Use this handy glossary whenever you come across a computer security term you don't understand.
Click on an Index Letter
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
· ALIAS: An assumed or alternate name. Some viruses get multiple names since there is no single standard for naming computer viruses.
· AVERT: Anti-Virus Emergency Response Team.
 Top of Page
B
· Back Door: A feature built into a program by its designer, which allows them to gain full or partial access to your system.
· Blended threat: A virus, which uses multiple infection techniques. This may include the exploitation of various program vulnerabilities, incorporation of trojan behavior, file infection routines, Internet propagation routines, network share propagation routines, and spreading without any human intervention.
· Boot Disk: A disk, which contains special, hidden, startup files and other programs to run a computer. A boot disk is usually specific to the operating system and version. There are several types of boot disks available to the average user ranging from a standard floppy boot disk to an emergency boot disk or bootable CD. It's important to use a boot disk when disinfecting a computer since most antivirus programs work best when they can gain complete access to the hard drive. In some cases failure to do so will prevent antivirus programs from detecting and removing certain viruses from the computer.
· Boot Records: Those areas on diskettes or hard disks that contain some of the first instructions executed by a PC when it is booting. Boot records must be loaded and executed in order to load the operating system. Viruses that infect boot records change them to include a copy of themselves. When the PC boots, the virus program is run and will typically install itself into memory before the operating system is loaded.
· Boot Sector Infector: A virus, which infects the original boot sector on a floppy diskette. These viruses are particularly serious because information in the boot sector is loaded into memory first, before virus protection code can be executed. A "strict" boot sector infector infects only the boot sector, regardless of whether the target is a hard disk or a floppy diskette. Some viruses always attack the first physical sector of the disk, regardless of the disk type.
Top of Page
C
· COM File: COM is short for command, being a file that contains instructions that can do something on your computer. COM files are for DOS based systems and tend to run faster than EXE type programs. Viruses will often infect COM files. When the COM file is run the virus is run as well, often loading it into memory. Note: The Windows operating system treats files with a .COM extension the same as other executable type files. Some viruses and trojans use a filename ending in .COM (ie. http://virus.com). Typically, these portable executable files and not real COM files.
· Companion Virus: A viral program that does not actually attach to another program, but which uses a similar name and the rules of program precedence to associate itself with the regular program.
Top of Page
D
· DDOS (Distributed Denial of Service): A program by this specification is used in a "community network" setting by a controlling program in an effort to initiate an attack known as a "denial of service". DDOS programs receive instruction from a controller program in order to carry out an attack - the attack itself is designed to disable or shutdown the target of the attack.
· Denial of Service: A means of attack against a computer, server or network; the attack is either an intentional or an accidental by-product of instruction code, which is either launched from a separate network or Internet connected system, or directly at the host. The attack is designed to disable or shutdown the target of the attack.
· Dropper: An executable file that, when run, "drops" a virus or trojan. A 'Dropper' file's intention is to create a virus or trojan and then execute it on the user's system.
Top of Page
E
· EICAR: European Institute of Computer Anti-Virus Research has developed a string of characters that can be used to test the proper installation and operation of antivirus software. The EICAR test file is an important file for any serious antivirus software user.
· Encryption: A change made to data, code, or a file such that it can no longer be read or accessed without processing (or unencrypting). Viruses may use encryption in order to hinder detection by hiding their viral code. Viruses may also encrypt (change) code or data on a system as part of their payload.
· EXE File: EXE, or executable, files are programs that do things on your computer. For example, tank.exe may be a tank game. Files with different extensions, like .dll, are often support files for a program. Viruses commonly infect EXE files. After such an infection, the virus is run each time the program is run.
Top of Page
F
· False Alarm: Improper detection of a clean file. Heuristic and generic detection methods can protect users from threats, which have not even been discovered yet. However, these detection techniques can also lead to false detections, or false alarms.
· FDOS (Flooder Denial of Service): Similar to DDOS only in the nature of the attack. FDOS programs are singular in form in that there are no other components of the attack structure. FDOS programs can carry out an attack, which is generally designed to disable or shutdown the target of the attack.
· File Infector: A virus, which attaches itself to, or associates itself with, a file. File infectors usually append or prepend themselves to regular program files or overwrite program code. The file-infector class is also used to refer to programs that do not physically attach to files but associate themselves with program filenames.
Top of Page
H
· Heuristic: A method of scanning, which looks for patterns or activities that are virus like. Most leading packages have a heuristic scanning method to detect new or previously undetected viruses in the wild. Heuristic scans can lead to false alarms.
· Hex: Short for hexadecimal. Hex- is a prefix for 6 and -decimal is a suffix for 10, so this represents numbers in base 16. Because there are more than 10 digits, values 10 through 15 are represented by letters A through F respectively. This representation is used in computer programming.
· Hoax: This is usually an email message that warns of a non-existent virus. This can do harm by spreading fear.
· Hole (as in a "hole" in system memory): When DOS is starting; it begins allocating areas of memory below 640 K, which are used to store information. There are some places where there are gaps in the allocated memory. These gaps are unallocated and unused, and they are considered to be "holes" in system memory. A hole in system memory may also be created in DOS because as DOS loads programs, it often rounds off the amount of memory allocated to the program. For example, a program might need 1025 Bytes (1Kb + 1 Byte). When DOS loads this program, it may allocate 2Kb of memory for the program. Thus 1023 Bytes are actually unused. This unused portion is considered a "hole".
Top of Page
I
· IN-THE-WILD: When a virus is in circulation. Currently about 250 viruses exist in the wild.
· INI File: A place for programs to store instructions or settings, which are used during operation. Virus authors often utilize the WIN.INI, SYSTEM.INI, and WININIT.INI files.
Top of Page
J
· Joke Program: This is not a virus, but a program that simulates destructive behavior, such as deleting files.
Top of Page
L
· Logic Bomb: When a Trojan Horse is left to lie dormant, only to attack when the conditions are just right.
Top of Page
M
· Macro: A saved set of instructions that users may create or edit to automate tasks within certain applications or systems. A Macro Virus is a malicious macro that a user may execute inadvertently and that may cause damage or replicate itself.
· Malware (Malicious Software): Programs that are intentionally designed to perform some unauthorized (and often harmful or undesirable) act such as viruses, worms, and trojans.
· Master Boot Record (MBR)/Boot Sector Infector: A virus that infects the system's Master Boot Record on hard drives and the Boot Sector on floppy diskettes. This type of virus takes control of the system at a low level by activating between the system hardware and the operating system. An MBR/Boot Sector virus is loaded into memory upon boot-up, before virus detection code can be executed.
· Memory Resident: A program that stays in the active RAM of the computer while other programs are running. Accessory software is often of this type, as is activity monitoring and resident scanning software. Viruses often attempt to "go resident". This is one of the functions an activity monitor may check.
· Multi-partite Virus: A virus that infects Master Boot Records, Boot Sectors, and Files.
Top of Page
O
· OS: Operating system, such as DOS, Windows, Sun/OS, Unix, Linux, FreeBSD, PalmOS, MacOS.
· Overwriting Virus: A virus that overwrites files with its own viral code.
Top of Page
P
· Parasitic: A virus that requires a host to help it to spread.
· Payload: The code within a virus that is not part of detection avoidance replication capabilities. The payload code may cause text or graphics to appear on the screen, or it may cause corruption or erasure of data.
· Polymorphic: A virus that attempts to evade detection by changing its internal structure or its encryption techniques. Polymorphic viruses change their "form" with each infection in order to avoid detection by antiviral software that scans for signature "forms". Less sophisticated systems are referred to as self-encrypting.
Top of Page
R
· Registry: A database that is used to store instructions and other information. The database is broken down in to keys, which values are set for. The alternative to using an INI file in many cases, this Microsoft Windows component is often utilized by virus authors.
· Risk Assessment: The calculated measurement of the damage a virus, worm or trojan posses. This assessment is based on several factors including, severity of payload, the number of cases reported, and its ability to spread. Additional Information: Guidelines for the AVERT Risk Assessment (ARA)
Top of Page
S
· Self-Encrypting Viruses: A virus, which uses self-encrypting techniques to make detection more difficult.
· Self-Extracting Files: A file that, when run, extracts itself. Most files transferred across the Internet are compressed to save disk space and lower transfer times. The self-extracting program can extract a virus or Trojan Horse. These types of viruses can be effective since the scanning of compressed files is a rather new technique used by most leading antivirus package. You cannot get a virus by just downloading a self-extracting file. You must run it. Always scan new files before using them.
· Signature: A series of letters and numbers within the code of a virus, which are unique.
· Signature File: A database of various virus signatures; the reference used to compare found strings during the disinfection of a computer. Signature files are called a variety of names including the ever-popular DAT file update used by VirusScan. It's important to download or purchase signature file updates often to provide yourself with the best possible protection available to date.
· Stealth: A virus that uses one or more of various techniques to avoid detection. A Stealth virus may redirect system pointers and information in order to infect a file without actually changing the infected program file. Another Stealth technique is to conceal an increase in file length by displaying the original, uninfected file length.
· System Hang: A complete failure of the operating system. When a program fails, it usually has an opportunity to display an error or diagnostic message. If the entire system fails, such a message will not appear, and input is usually blocked (keystrokes and mouse clicks will be ignored). In the worst cases, the system cannot be restarted without turning the system off completely.
Top of Page
T
· Terminate-and-Stay-Resident: A program that remains active in memory while other programs are run on the system. Examples of TSRs are VShield, a DOS-based mouse, or a CD-ROM driver.
· Trigger: An event that a virus writer has programmed the virus to watch for, such as a date, the number of days since the infection occurred, or a sequence of keystrokes. When the trigger event occurs, it activates the virus, which then dispenses its payload.
· Trojan Horse: A program that either pretends to have, or is described as having, a set of useful or desirable features, but actually contains a damaging payload. Most frequently the usage is shortened to "Trojan". Trojan Horses are not technically viruses, since they do not replicate.
· Tunneling: A virus that avoids standard interfaces to infect files. This allows the virus to infect files without being noticed by a behavior blocker.
Top of Page
V
· Variant: A modified version of an original virus. These modifications can be as simple as a text change, or adding/deleting a few lines of code. It's not uncommon to see a virus changed, and often damaged, by other virus authors over time.
· VBS: New method of spreading viruses by using Visual Basic Scripting. Not usually a problem, unless a user has either IE5 or Outlook 98 or higher.
· Virus (plural viruses): A program that is capable of replicating with little or no user intervention, and the replicated program(s) also replicate further.
Top of Page
W
· Worm: A virus that spreads by creating duplicates of itself on other drives, systems, or networks.
Top of Page
Z
· ZIP File: A file that has been compressed and given the file name extension .zip (usually). Zipped files may contain viruses. Make sure your antivirus program scans for viruses in compressed files.
· ZOO Virus: A virus, which is only found in virus laboratories and hasn't succeeded in moving into general circulation.
Top of Page
SOURCE: McAffee.com
|
