An A-Z guide to the technical terms used in digital security
A type of network used for electronically creating, transmitting and storing text-based communications. Though the term 'email' technically refers to the system or network responsible for the communications, most people use the term to mean a message sent on the network.
An email network involves an email client (a program that is installed on a user's system); and email servers, which handle the actual transmission of messages over the Internet, a well as storage of the messages.
There are a variety of email clients available, each offering different features and capabilities. The most common protocols used to handle email transfers are POP3, IMAP and SMTP. Fortunately, networks using differing protocols are still able to transmit messages between each other.
The act of running suspect code in a tightly controlled virtual environment (also known as a sandbox) for the purpose of analysis and identification.
When analyzing suspicious code, emulation may be necessary in order to observe the specific changes made to the virtual system, and evaluate any harmful consequences from the modifications.
Emulation is particularly useful when dealing with encrypted or obfuscated code, which may deter other forms of analysis.
The use of a cipher or algorithm to transform data, such as a program's code, into an unintelligible form.
There are many different ways to perform encryption, based on the algorithm or cipher used. Some examples of encryption algorithms include ROT13 and the Vigenere cipher.
Encryption usually requires a specific piece of information (a 'key') in order to transform the encrypted information back to a usable state when necessary. The simplest form of encryption uses a static unchanging key; more sophisticated encryption may involve changes in the key itself as well as the code to be transformed.
Malware writers use encryption to create encrypted programs, which are harder for antivirus programs to detect. Once installed, the encrypted program uses the key to decrypt its own code and execute it.
End User License Agreement (EULA)
A legally binding agreement between a program's user and the program vendor, stating the terms under which the user is authorized to use the program and usually limiting the vendor's liabilities.
Most programs display the End User License Agreement (EULA) in electronic form during the installation process and users must agree to the EULA before installation can be completed.
EULAs can be a controversial issue if they are worded in such a way as to be ambiguous, or if they attempt to give the vendor more rights than is legally permissible. In addition, EULAs are often so long, technically challenging and intimidating that many users do not read them completely before accepting them, potentially placing the user in an untenable position if they later face problems with the program or the vendor.
Entry Point Obscuration (EPO)
Techniques used by virus writers to prevent virus scanners from detecting the entry point of malicious code.
An entry point is the instruction specifying the beginning of a program's code, which the system uses to locate the correct starting point each time the program is executed. Sophisticated file viruses subtly modify the host program's entry point so that it points to the beginning of the viral code, which could be located almost anywhere in the file.
The change in entry point forces the system to execute the viral code first whenever the user launches the host program; after the viral code is completely executed, most viruses will then pass control back to the host program, allowing it to launch normally.
Executable File (EXE File)
A program that contains binary code, with instructions that an operating system is able to 'read' and execute.
For most users, an executable file is what they are launching when they start almost any application on a modern computer, such as a word processor or game. This is in contrast to data files, which only contain unexecutable data.
In Microsoft Windows operating systems, such files are usually identified with the extension .EXE, which is why the file may be referred to as an EXE file.
An object - a program, a section of code, even a string of characters - that takes advantage of a vulnerability in a program or operating system to perform various actions.
An exploit is almost always used in a malicious context. If successfully used, exploits can provide an attacker with a wide range of possible actions, from viewing data on a restricted-user database to almost complete control of a compromised system.