An A-Z guide to the technical terms used in digital security
A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they may also be misused by attackers.
The most fundamental program in a computer system; it is responsible for booting up, or starting the main operating system (OS) and for interfacing between the OS and the system's hardware components (graphics card, sound card, etc) and peripherals (keyboards, mouse, etc).
The critical importance of the Basic Input/Output System or Built In Operating System (both shortened to BIOS) makes it an interesting and challenging target for malware writers. At least some malware (most infamously, Virus:DOS/CIH) has been produced which negatively affects the BIOS and in turn, the computer system.
Originally used as a filtration mechanism for spam, a blacklist is a database of known and unwanted email addresses; if blacklisted, traffic from the marked email address is blocked.
Nowadays, use of blacklists has been expanded to include other malicious or potentially unwanted items. Most antivirus products now include a blacklist of unwanted applications, which may be editable by the user based on their personal use profile.
Antivirus products may also include a file or web reputation service, which essentially blacklists malicious or potentially undesirable files or websites.
A communication protocol using short-range radio frequencies for communications between two or more devices up to a distance of about 10 meters, without needing wires or other physical connections.
The protocol is maintained by the Bluetooth Special Interest Group (SIG), which today includes many major product manufacturers. Since about 2003, Bluetooth functionality has been a standard feature in a vast range of products, ranging from laptops, mobile phones, headsets, household appliances and even cars.
Two or more devices communicating using Bluetooth can create a small personal area network (PAN). This type of network is usually used by a single user to connect various devices on his person or nearby surrounding - such as a mobile phone in a pocket to a wireless headset or computer - within an area of a few tens of feet at most.
Like many networks, a Bluetooth network can and has been exploited to transmit malware. In addition, the Bluetooth protocol can be subverted to allow such nuisances as bluejacking, or the act of sending unsolicited messages or files from one Bluetooth-enabled device to another.
A section of the computer system's hard disk that contains the boot program, a critical program that is responsible for initiating the main operating system.
A network of devices infected with a specialized form of malware known as a bot, that can be remotely controlled by an attacker. Each infected device may be known as a bot or a zombie.
The devices are most commonly computers, but mobile devices, servers and even Internet-enabled cameras have been reportedly affected. The infected devices usually receive commands from the attacker that are relayed through a command-and-control (C&C) server.
An attacker, or group of attackers, can harness the collective resources of a botnet to perform major malicious actions, such as sending millions of spam emails, launching a Distributed Denial-of-Service (DDoS) attack and much more.
For more information, see the article Botnets.
A program that allows users to easily view and interact with the contents (whether text, graphics or video) of a website. The site itself may be accessed over the Internet or through a local network.
There are many different browsers available for almost every computing platform — Microsoft Internet Explorer, Mozilla Firefox, Opera, Apple's Safari, Google Chrome, et cetera. Each has its own unique advantages, specifications and security issues.
Browser Helper Object (BHO)
A type of web browser plug-in specifically designed for use with the Microsoft Internet Explorer browser.
A Browser Helper Object (BHO) executes automatically every time the browser is launched and provides functionality that is not native to the browser. This can range from simple services like enhanced 'copy-pasted' functionality, to more complex operations such as browser-based FTP services or easy links to popular social networking websites.
Though BHOs are generally safe and useful, they may pose a security risk if they track the user's browsing behavior without authorization; if they are poorly written and inadvertently introduce a loophole or flaw; or if they are specifically designed to perform malicious actions (e.g. silently downloading malware on to the system).
A program that provides additional functionality to a web browser.
Browser plug-ins may pose a security risk if they perform potentially unwanted or unauthorized actions, such as redirecting searches or monitoring the user's browsing behavior. For this reason, some antivirus programs will label browser plug-ins as a type of 'Riskware', unless the user authorizes its installation and use.
Malicious alteration of a web browser's start page and search settings in order to direct users to unsolicited websites.
Browser hijacking may be performed by malware installed on the computer or by malicious scripts hosted on websites; in both cases, the hijacking is possible due to the presence of an unpatched vulnerability in the web browser.
Updating the web browser to use the latest security patches is usually sufficient to prevent hijacking attempts.
A type of attack that typically targets authentication mechanisms such as passwords.
A brute-force attack is an exhaustive, trial-and-error attempt that involves rapidly cycling through a comprehensive list of possible passwords or decryption keys, until the correct one is entered. Brute-force attacks commonly succeed due to weak passwords and/or human error or laxness.
Often, a brute-force attack is combined with a dictionary attack, which uses a long list of words taken from dictionaries and popular culture references. Unlike a standard brute force attack, a dictionary attack uses words that are thought to have the highest chances of success.
A vulnerability stemming from a program's management of memory resources. This type of vulnerability can exist if the memory allocation is poorly designed or can be forced to behave in unexpected ways.
Normally, a program will allocate specific 'areas' of memory to hold any temporary information it needs. Under certain conditions or circumstances however, an attacker can use excessive amounts of data - exploit code - to target to force the program to write data in unexpected locations in the memory. This results in the data 'overflowing' the boundaries set by the program, hence the name.
Technically, there are a few types of buffer overflows, depending on how the program handles the data overflow. In practical terms however, all buffer overflows can force the targeted program to crash, delete data, or allow the attacker to transform the computer into a zombie.
A programming error in an application's code. A bug usually results in one or more undesirable effects, ranging from barely detectable quirks in an application's performance, to completely crippling it.
The best known bugs are those that afflict legitimate programs and impact the user's ability to use the program. If the bug is particularly severe - for example, if it causes the application to crash or introduces a security risk - it may be considered a vulnerability.
Malware are also sometimes afflicted by bugs, which prevent their malicious routines from functioning as their author intended.In some cases, this prevents the malware from replicating or executing its payload at all.