A-Z of Internet security risks
ActiveX Controls
These
controls link to any dynamic object such as tables and buttons that
react to mouse clicks - embedded within a Web page. Although they
help Web pages spring to life, malicious programmers can easily download
spyware through ActiveX. Accept ActiveX only from trusted Web sites.
Typically,
adware components install alongside a shareware or freeware application.
These advertisements create revenue for the software developer and
are provided with initial consent from the user. Adware displays Web-based
advertisements through pop-up windows or through an advertising banner
that appears within a program's interface.
This
is a broad term for programs designed to protect a computer from adware
and spyware. Almost all antispyware applications feature a scanning
engine, which detects suspicious items and removes them from the infected
machine. Some antispyware applications also include a real-time-protection
module, a shield that alerts users when suspicious programs attempt
to install themselves and allows users to deny them.
This
refers to any software program that allows other users to control
machines remotely while hiding any evidence of the fact. Software
developers are the most common authors and users of backdoor programs,
adding them to make testing easier. Backdoor Trojan horses are spyware
programs that sabotage your PC. These specific Trojan horses force
a backdoor program onto your machine and infiltrate your system to
collect information or install spyware.
An Internet robot, shortened
to "bot," is an automated program that performs a specific timesaving
function in lieu of a human operator, such as a spider that trolls
Web sites collecting data for market research. Spyware bots secretly
install through worms, Trojan horses, and drive-by downloads. They
are mostly used to carry out remote attacks, such as denial-of-service
(DoS) attacks.
A botnet is a network of bots installed on multiple
computers, each running identical malware. A botnet can be controlled
remotely via an IRC (Internet Relay Chat) server or a peer-to-peer
application.
BHOs are files--most frequently
DLLs--that add additional functionality to Internet Explorer. Although
many useful programs such as Adobe Acrobat employ BHOs, these files
also can be used for unsavory purposes. BHOs associated with adware
or spyware can monitor your browsing activities, hijack your home
page, or replace certain advertisements with others.
Cracker
is a shortened name for a criminal hacker. Denial-of-service (DoS)
attack.
Traditional modems use a program called a dialer to connect
a computer to the Internet, but dialers are perhaps most well-known
for their illegitimate purposes. Bad dialers cause your PC to call
long-distance or for-pay numbers, rather than your ISP. This most
often results in a large telephone bill for the user and a tidy profit
for the dialer's creator.
This term is loosely used for a stealth
software installation the user does not initiate. In some cases, simply
visiting a Web page can download malicious programs to a PC without
a user's knowledge or consent. In other cases, a pop-up ad might be
used to initiate a drive-by installation.
False positives
can fall into several categories. In an effort to sell software, unscrupulous
antispyware programs often will mislead a user into believing his
or her machine is infected with spyware when no problems actually
exist. The term false positive also can be used when legitimate antispyware
applications mistakenly label a benign program as a threat.
A
firewall is a crucial component in a computer's line of defense, as
firewalls prevent unauthorized services or programs from accessing
a computer or network resources. Although virtually every corporate
network has its own firewall, every personal computer should have
one as well. Personal firewalls can come as standalone products or
as components built-in to a larger security suite.
The term hacker includes
both those who tinker with computer programs with no malicious intent,
such as computer programmers or security researchers, and those who
break into protected networks and illegally modify software for nefarious
reasons. To hack a file or a program is simply to deconstruct it or
tweak its performance, and the term hacker has neutral connotations.
A criminal hacker (also called a cracker) has malicious intentions,
such as gaining remote access to your PC or stealing personal information
from your computer.
Often installing as a helpful browser
toolbar, hijackers may alter browser settings or change the default
home page to point to some other site.
Keyloggers are just
what they sound like--programs that record every keystroke made on
a PC. Though some parental-control applications include keyloggers
for monitoring purposes, the ones that come bundled with spyware are
far more insidious. These types of keyloggers send sensitive information
to a remote computer, where thieves can access data such as credit-card
and bank-account numbers, as well as passwords and social-security
numbers.
Malware describes software that exploits or inconveniences
the user. It generally refers to the most malicious forms of spyware.
It is sometimes used to differentiate between invasive and noninvasive
adware.
Posing as legitimate antispyware
applications, these malicious programs scan a computer and induce
false positives to scare users into buying a product. Rogues often
attempt to distribute themselves via ominous pop-up ads and can be
very difficult to manually uninstall.
Although an exact definition
of what constitutes a rootkit is still under debate, it is generally
regarded as a piece of software that allows intruders to conceal malicious
files and programs from users or system administrators. Rootkits can
be extremely hard to uninstall and allow troublemakers to go about
their dirty work undetected.
Spyware refers to programs that
gather and transmit the user's personal details or behavior to a third
party, often without the user's knowledge or consent. Like adware,
it often installs as a third-party component bundled with freeware
or shareware, creating a fuzzy distinction between the two.
Internet browsers write and read cookies, files with small
amounts of data (such as site passwords and settings) based on instructions
from Web sites. In many cases, cookies provide a benefit to users.
However, in some instances cookies are used to consolidate and track
user behavior across different sites, which provides marketers with
private information about an individual.
Trojan horses
slip into an individual's system and run without the user's knowledge.
They can have many functions. For example, some use a computer's modem
to dial long-distance, generating huge phone bills for the computer
owner. Unlike viruses and worms, Trojan horses do not make copies
of themselves.
Like human viruses, the computer varieties contain
harmful code and spread easily to infect multiple hosts. Viruses are
notorious for corrupting hardware, software, and personal files. Viruses
cannot spread on their own, requiring users to share infected files
through e-mail attachments, flash drives, disks, P2P, Web sites, or
any other file-transferring mechanisms.
Often conflated with viruses,
worms also are self-replicating programs; however, they propagate
independently of user interaction, often through a shared or direct
network connection.
Using viruses, Trojan horses, and worms,
criminal hackers can remotely operate a compromised machine without
the knowledge of its owner. Zombie computers often host programs that
allow them to be conscripted by a remote controller into bot armies,
called botnets, to launch DDoS attacks.
