Tools
Terminology
End User License Agreement (EULA)
A legally binding agreement between a program's user and the program vendor, stating the terms under which the user is authorized to use the program and usually limiting vendor's liabilities.
Most programs display the end user license agreement (EULA) in electronic form during the installation process and users must agree to the EULA before installation can be completed.
EULAs can be a controversial issue if they are worded in such as way as to be ambiguous, or if they attempt to give the vendor more rights than is legally permissible. In addition, EULAs are often so long, technically challenging and intimidating that many users do not read them completely before accepting them, potentially placing the user in an untenable position if they later face problems with the program or the vendor.
Entry Point Obscuration (EPO)
Entry point obscuration (EPO) techniques are used by virus writers to prevent virus scanners from detecting suspicious changes in the program's entry point. A program's entry point is an instruction specifying the beginning of the program's code, which the system uses to locate the correct starting point each time the program is executed.
Most file infector viruses will, on infection, subtly modify the host program's entry point so that it points to the beginning of the viral code, which can be located almost anywhere in the file. The change in entry point forces the system to execute the viral code first whenever the user attempts to launch the host program; after the viral code has been executed, most viruses will pass control back to the host program, allowing it to launch normally.
Exploit
A piece of code that is specifically written to take advantage of a vulnerability, in order to provide an attacker with access to a vulnerable computer system, program or network.
False Alarm / False Positive
A general term used to describe an uninfected or "clean" file that is mistakenly identified as infected. False alarms occur if a program contains code sufficiently similar to a known malware signature to be deemed a security risk by a virus scanner.
A legitimate program that displays malware-like behavior may also trigger a false alarm from security software with heuristic analysis capabilities.
HackTool
A utility designed to access remote computers. Though legal, a hack-tool can be used with malicious intent.
Honeypot
A computer system or network whose primary purpose is to appear as though it provides a real service (a website, database, etc), thereby luring attackers away from protected, critical systems and networks.
Major corporations and security companies in particular will use honeypot systems to protect their infrastructure and to conduct research on attack techniques and trends.
Hijacker
A program that hijacks a user's browser or user session for its own purposes, usually to direct the user to an unwanted website or to steal sensitive information.
Hoax
An application that does not perform as claimed. Hoax programs are often promoted by deceptive and/or fraudulent sales tactics. Hoax programs include rogue antivirus or antispyware applications (also known as rogues).
The term "hoax" may also refer to a chain letter that contains false information, with the aim of spreading alarm or disinformation (see Threat Response: Hoax). For non-computer related hoaxes, please check http://www.snopes.com/computer/virus/virus.asp for more information.
Hosts File
A list of IP addresses frequently accessed by the computer system and stored on the system itself. Each time a user enters an address in the web browser, the system will first check the host file for the address; otherwise, the system must perform an extra step and connect to the DNS service of the Internet Service Provider (ISP) in order to connect to the correct address.
Maintaining the host file allows the system to reduce the amount of processing required. Some malware are designed to attack the host file in order to hijack and redirect a web connection from the one desired, to a different and usually malicious site.
IP Address
An Internet Protocol (IP) address is an identifier assigned to all unique nodes (computers, servers, etc) connected to a network and is used during communication between the nodes.
IP addresses can be a security issue because of: spoofing attacks, when large amounts of data using spoofed or forged originating IP addresses are used to perform Denial-of-Service attacks; and spamming, in which the messages sent may also use forged IP addresses as their origin.