| You
have heard some security terms, but what do they mean? And more
important, what do they mean for you? We'll try to sort some of them
out.
If you didn't read explanations on computer security terms before, they may mislead you. They are coined, and it's really not viable to intuitively grasp their meaning.
Attack is a
malicious action taken on you. It may be targeted at stealing your
information, impersonating as you, denying service by your computer,
destroying your information or system files. An attack may be automated (program-driven) or manual (human-driven).
That said, a computer attack always uses some software, even if it was
not specially designed for attacking. The more dangerous attacks on you
use specially designed programs that the evesdropper tricks you to run.
Vulnerability is a possibility
for an attack. The possibility is open by security flaw of the
operating system or another software (such as your browser) and is not
covered by security software.
Protection software is a set of programs that cover up vulnerabilities and prevent attacks. Techniques to achieve that vary.
Malware (malicious software) is software developed to attack you (automated attack) or open door for a manual attack.
Virus is a kind of malware. Virus is determined not by way of how it attacks, but rather how it distributes itself. Viruses programs by modifying them and infect (modify them, adding malicious part).
Since then the infected program also berries the viral part, which
usually runs at the beginning or at another time that guarantees that
the viral part runs. The viral part in turn attempts to infect other
programs and run malicioius part. The name comes from resemblance of nature viruses that infect cells, effectively turning them to additional viruses.
Worm is a
kind of malware that uses different kinds of copying techniques to
distribute itself. It is also determined by the way it distributes,
rather than the way it attacks. Distribution methods include e-mailing
to contacts, copying all over local machine under weird names, copying
to network shares etc.
It's worth noting that malware may incorporate several distribution techniques, e.g. be a worm and a virus at the same time.
Anti-virus
is protection software that kills viruses. Continuing analogue with
medicine, anti-virus can be considered a sort of vaccine. Anti-virus
programs use databases that contain signatures of viruses
(binary parts of their code and data). Using the database, anti-virus
software can detect virus in other programs and hopefully (at times)
also remove virus and reproduce the original program. If the original
program can't be reproduced, the infected program is quarantined (usually put to a different place than the original under different name without an easy possibility to run).
Nowadays pure anti-virus solutions are not considered very effective because viruses mutate
(they can distribute themselves is modified binary form, rendering
signature database useless) and because malware is developed faster than security companies can determine and sort out its signatures. Usually anti-virus solutions are incorporated in Endpoint Protection Suites together with other techniques.
Endpoint is usually referred to client
computer: your laptor, tablet, phone or desktop. The referral is not
absolute, and in other systems (such as datacenter management) endpoint
may refer to server computers.
Zero-day
(attack) refers to a brand new attack (or malware), that protection
software counters, while it was not known when it was developed. Most
security suites that claim automatic protection against zero-day lie in greater or smaller magnitued: they analyze some behavior that was known
to its developers as an attack. Malware that exhibits previously
unknown behavior in order to attack will leave such protection software
helpless.
Dancing pigs
problem is one the main security problems today. It means that if a
program that comes from an unknown source (or a source that shouldn't
be trusted) displays dancing pigs (or something else as cute as this),
while protection software alerts that it takes suspicious actions, an
average user in 97% of cases would shut up protection software in favor
of watching dancing pigs.
"Dancing pigs" problem is crucial for all kinds of malware: in order to achieve something they must have an appealing part, tricking you into running it.
Hacker is a
person who studies how things really work (and not how they are
advertized or intended for). Using this knowledge, hacker develops
software that exploits it in order to achieve his goals. In security
worlds we are concerned about hackers who study computer
vulnerabilities in order to use them for malicious purposes.
Endpoint Detection and Response (EDR)
systems are protection software that detects attacks based on its
internal algorithms and parameters that define what is an attack. In
order to detect an attack such systems need to inspect behavior of
programs for some time and/or some number of attempted accesses.
EDRs is a popular trend, but they are not very reliable: legitimate activity that "looks" like an attack may be blocked (false positives),
and attacks that need just a single access (e.g. to steal information)
or manual attacks that don't fit within an attack description will be
missed.
Access Control
is method of restricting access by programs to security sensitive
objects, according to a set of defined rules. Access Control suites are
protection software based on tools that filter accesses and apply rules
to deny, alert or log particulare accesses. Protected objects can be
files, registry, network addresses etc. Accessors are usually programs,
but may be remote computers (network addresses).
Firewall is
network access control system. Protected objects are computers (by
network address) and accessor may be network address (for packet firewall) or a program (application firewall).
|
|
|
|
|
|
|
|