shield shield

 DDACS 2.0.1

   Protect yourself at all times!

You have heard some security terms, but what do they mean? And more important, what do they mean for you? We'll try to sort some of them out.

If you didn't read explanations on computer security terms before, they may mislead you. They are coined, and it's really not viable to intuitively grasp their meaning.

Attack is a malicious action taken on you. It may be targeted at stealing your information, impersonating as you, denying service by your computer, destroying your information or system files. An attack may be automated (program-driven) or manual (human-driven).

That said, a computer attack always uses some software, even if it was not specially designed for attacking. The more dangerous attacks on you use specially designed programs that the evesdropper tricks you to run.

Vulnerability is a possibility for an attack. The possibility is open by security flaw of the operating system or another software (such as your browser) and is not covered by security software.

Protection software is a set of programs that cover up vulnerabilities and prevent attacks. Techniques to achieve that vary.

Malware (malicious software) is software developed to attack you (automated attack) or open door for a manual attack.

Virus is a kind of malware. Virus is determined not by way of how it attacks, but rather how it distributes itself. Viruses programs by modifying them and infect (modify them, adding malicious part). Since then the infected program also berries the viral part, which usually runs at the beginning or at another time that guarantees that the viral part runs. The viral part in turn attempts to infect other programs and run malicioius part. The name comes from resemblance of nature viruses that infect cells, effectively turning them to additional viruses.

Worm is a kind of malware that uses different kinds of copying techniques to distribute itself. It is also determined by the way it distributes, rather than the way it attacks. Distribution methods include e-mailing to contacts, copying all over local machine under weird names, copying to network shares etc.

It's worth noting that malware may incorporate several distribution techniques, e.g. be a worm and a virus at the same time.
Anti-virus is protection software that kills viruses. Continuing analogue with medicine, anti-virus can be considered a sort of vaccine. Anti-virus programs use databases that contain signatures of viruses (binary parts of their code and data). Using the database, anti-virus software can detect virus in other programs and hopefully (at times) also remove virus and reproduce the original program. If the original program can't be reproduced, the infected program is quarantined (usually put to a different place than the original under different name without an easy possibility to run).

Nowadays pure anti-virus solutions are not considered very effective because viruses mutate (they can distribute themselves is modified binary form, rendering signature database useless) and because malware is developed faster than security companies can determine and sort out its signatures. Usually anti-virus solutions are incorporated in Endpoint Protection Suites together with other techniques.

Endpoint is usually referred to client computer: your laptor, tablet, phone or desktop. The referral is not absolute, and in other systems (such as datacenter management) endpoint may refer to server computers.

Zero-day (attack) refers to a brand new attack (or malware), that protection software counters, while it was not known when it was developed. Most security suites that claim automatic
protection against zero-day lie in greater or smaller magnitued: they analyze some behavior that was known to its developers as an attack. Malware that exhibits previously unknown behavior in order to attack will leave such protection software helpless.

Dancing pigs problem is one the main security problems today. It means that if a program that comes from an unknown source (or a source that shouldn't be trusted) displays dancing pigs (or something else as cute as this), while protection software alerts that it takes suspicious actions, an average user in 97% of cases would shut up protection software in favor of watching dancing pigs.

"Dancing pigs" problem is crucial for all kinds of malware: in order to achieve something they must have an appealing part, tricking you into running it.

Hacker is a person who studies how things really work (and not how they are advertized or intended for). Using this knowledge, hacker develops software that exploits it in order to achieve his goals. In security worlds we are concerned about hackers who study computer vulnerabilities in order to use them for malicious purposes.

Endpoint Detection and Response (EDR) systems are protection software that detects attacks based on its internal algorithms and parameters that define what is an attack. In order to detect an attack such systems need to inspect behavior of programs for some time and/or some number of attempted accesses.

EDRs is a popular trend, but they are not very reliable: legitimate activity that "looks" like an attack may be blocked (false positives), and attacks that need just a single access (e.g. to steal information) or manual attacks that don't fit within an attack description will be missed.

Access Control is method of restricting access by programs to security sensitive objects, according to a set of defined rules. Access Control suites are protection software based on tools that filter accesses and apply rules to deny, alert or log particulare accesses. Protected objects can be files, registry, network addresses etc. Accessors are usually programs, but may be remote computers (network addresses).

Firewall is network access control system. Protected objects are computers (by network address) and accessor may be network address (for packet firewall) or a program (application firewall).

© Daniel Drubin 2020