An A-Z guide to the technical terms used in Labs
Adware is F-Secure's classification name for software that displays advertisements on the computer or device. The advertisements may be displayed on the desktop or during a web browsing session.
Adware is often bundled with free software that provides some functionality to the user. Revenue from the advertising is used to offset the cost of developing the software, which is therefore known as 'ad-supported'.
Most users on a computer system will log into a restricted 'user account', which only allows them to makes setting changes to the computer that would affect their own account. Changes made to one user account may not affect settings in another account.
For system administration purposes, most computer operating systems have a special, restricted account for making critical changes that may affect all accounts on the machine. Depending on the operating system, this account may be known as root, administrator, admin or similar. A user with access to this account is said to have administrative rights, or essentially total control of the computer system.
An alias is the name given by other antivirus vendor(s) for the same unique malware file or family. The differences in names for a given file or family is due to differences in naming procedures used by various antivirus vendors.
In describing a malicious file or family, aliases are usually provided to indicate that the varying names identify the same malware. For example, the worm identified by F-Secure as 'Downadup' also has the aliases 'Conficker' or 'Kido', depending on the antivirus vendor in question.
Alternate Data Stream
An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS).
Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some applications use these streams to evade detection.
An anti-spyware program may be a standalone application, though nowadays many anti-virus programs also include anti-spyware functionality.
A program that scans for and identifies malicious files on a computer system.
An antivirus program's core is the scanning engine, the module responsible for scanning every file on the computer system to find supicious or malicious files.
The scanning engine works in tandem with the program's antivirus database, a collection of virus signatures that identify known malicious files. During the scanning process, the scanning engine compares to each scanned file to those in its database. If a match is found between a virus signature and a scanned file, the file is considered malicious.
A collection of virus detections or signatures used by an antivirus program during its scanning process to identify malware.
When scanning a computer for malicious programs, an antivirus program compares each file inspected against the virus signatures in its database; if a match is found, this indicates that the file is shares enough similarities with a known malware to be flagged.
Because this type of analysis depends on the antivirus program having an accurate signature with which to perform a comparison, it is known as signature-based detection.
As new malware is constantly being created, new virus signatures must continually be added to antivirus databases to identify these new threats. An antivirus program is therefore most effective if its antivirus database contains the latest updates.
Application Programming Interface (API)
An Application Programming Interface (API) is a defined set of instructions, specifications or protocols used to transfer commands or requests between applications.
There are many APIs available, and their use is usually dependant on the programming language or software(s) involved.