A type of web browser plug-in that allows users to view and use interactive content on a website. ActiveX Controls are dedicated for use with Microsoft's web browser, Internet Explorer.
ActiveX Controls are generally used to enhance the user's online browsing experience. They may however pose a threat if:
- They (deliberately or unintentionally) cause harm to the user's machine or data AND
- The security settings on the user's web browser's security settings allow them to be automatically and silently installed OR
- The user installs the plug-in without fully understanding the threat it may pose
As ActiveX Controls are able to access the hard disk and have a significant amount of control over system operations, malicious ActiveX Controls can be a significant security risk if they are successfully implanted on the computer.
Generally, maintaining high security settings on the web browser and exercising due caution when browsing websites is sufficient to prevent unwanted or undesirable ActiveX Controls from accessing the computer. Certain webpages may require the user to download and install customized, third-party ActiveX Controls from the website itself in order to view them correctly.
Adware is F-Secure’s classification name for software that displays advertisements on the computer or device. The advertisements may be displayed on the desktop or during a web browsing session.
Adware is often bundled with free software that provides some functionality to the user. Revenue from the advertising is used to offset the cost of developing the software, which is therefore known as ‘ad-supported’.
Most users on a computer system will log into a restricted ‘user account’, which only allows them to makes setting changes to the computer that would affect their own account. Changes made to one user account may not affect settings in another account.
For system administration purposes, most computer operating systems have a special, restricted account for making critical changes that may affect all accounts on the machine. Depending on the operating system, this account may be known as root, administrator, admin or similar. A user with access to this account is said to have administrative rights, or essentially total control of the computer system.
An alias is the name given by other antivirus vendor(s) for the same unique malware file or family. The differences in names for a given file or family is due to differences in naming procedures used by various antivirus vendors. In describing a malicious file or family, aliases are usually provided to indicate that the varying names identify the same malware.
For example, the worm identified by F-Secure as ‘Downadup’ also has the aliases ‘Conficker’ or ‘Kido’, depending on the antivirus vendor in question.
An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS).
Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some applications use these streams to evade detection.
A program that scans the computer system for spyware programs. Most anti-spyware programs include disinfection/removal functionality in order to uninstall any spyware found on the system.
An anti-spyware program may be a standalone application, though nowadays many anti-virus programs also include anti-spyware functionality.
A program that scans for and identifies malicious files on a computer system.
An antivirus program's core is the scanning engine, the module responsible for scanning every file on the computer system to find supicious or malicious files.
The scanning engine works in tandem with the program's antivirus database, a collection of virus signatures that identify known malicious files. During the scanning process, the scanning engine compares to each scanned file to those in its database. If a match is found between a virus signature and a scanned file, the file is considered malicious.
A collection of virus detections or signatures used by an antivirus program during its scanning process to identify malware.
When scanning a computer for malicious programs, an antivirus program compares each file inspected against the virus signatures in its database; if a match is found, this indicates that the file is shares enough similarities with a known malware to be flagged.
Because this type of analysis depends on the antivirus program having an accurate signature with which to perform a comparison, it is known as signature-based detection.
As new malware is constantly being created, new virus signatures must continually be added to antivirus databases to identify these new threats. An antivirus program is therefore most effective if its antivirus database contains the latest updates.
An Application Programming Interface (API) is a defined set of instructions, specifications or protocols used to transfer commands or requests between applications.
There are many APIs available, and their use is usually dependant on the programming language or software(s) involved.
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.