You're in: Panda Security > Empresas > Soporte > Soporte Técnico

Glossar 

Technische Bezeichnungen im Bereich der Computer-Viren und Antivirenlösungen

A

ActiveX: Diese Technologie wird genutzt, um u.a. die Fuktionalität von Webseiten (durch Hinzufügen von Animationen, Videos, 3D Browsing, etc.) zu verbessern. ActiveX Controls sind kleine Programme, welche in diese Seiten eingebunden werden. Der Einsatz von ActiveX-Komponenten in Webbrowsern ist umstritten, da sie als Ziele von Viren fungieren können.

Address Book: Eine Datei mit  WAB Endung. Dort werden Informationen über andere Benutzer, wie E-Mail Adressen, gespeichert.

Administrator: Die Person oder das Programm, welches für die Verwaltung und Überwachung eines IT Systems oder Netzwerks verantwortlich ist.

Administrator Rights: Mit diesen Rechten wird definiert, welche User die Erlaubnis haben bestimmte Aktionen oder Prozesse auf den Computern im Netzwerk durchzuführen.

ADSL: Eine High-Speed-Technologie zum Aufbau von Internet-Verbindungen, über welche Daten versendet werden. Dafür ist ein spezielles ADSL Modem notwendig .

Adware: Programme, die anhand von Pop-UpsBannern oder durch Ändern der Browser Homepage oder der Suchseite, etc. Werbebotschaften einblenden. Adware kann mit oder ohne das Wissen und die Zustimmung des Benutzers installiert werden.


Algorithm: Ein Prozess oder eine aus vielen Schritten bestehende Handlungsvorschrift zur Kalkulation oder Lösung eines Problems.

Alias: Obwohl jedes Virus einen spezifischen Namen hat, ist eher der Kurzname, der bestimmte Features oder Merkmale des Virus beschreibt, allgemein bekannt. Das ist das so genannte "Alias". So ist das Virus CIH besser bekannt als Chernobyl.

ANSI (American National Standards Institute): Das ist eine ehrenamtliche Organisation, die Standards für das Erstellen von Computerprogrammen setzt.

Anti-Debug / Anti-debugger: Von Viren genutzte Techniken zur Vermeidung einer Enttarnung.

Antivirus / Antivirus Program: Programme, die Datenspeicher, Laufwerke und andere Teile des Computers nach Viren scannen.

API (Application Program Interface): Eine Funktion, die von Programmen zur Interaktion mit Betriebssystemen und anderen Programmen genutzt wird.

Armouring: Eine von Viren eingesetzte Technik zur Tarnung und Vermeidung einer Enttarnung durch eine Antivirenlösung.

ASCII:
Eine 7-Bit-Zeichenkodierung (American Standard Code for Information Interchange), die 128 Zeichen (Buchstaben, Nummern, Interpunktionszeichen, etc.) definiert.

ASP (Active Server Page): Bestimmte Webseiten, die sich nach Benutzer-Profilen personalisieren lassen. Diese Abkürzung steht ebenso für
Application Service Provider.

Attributes: Bestimmte charkteristische Merkmale einer Datei oder eines Adressbuches.

Autoencryption: Die Art und Weise, wie ein Virus Teile von sich oder sich selbst komplett kodiert (oder verschlüsselt), um eine Erkennung und Analyse zu erschweren.

AutoSignature: Ein kurzer Text mit Angaben, wie Name, Adresse, etc., der automatisch an eine neue E-Mail Nachricht angehangen werden kann.
[Top]
B

Backdoor: Ein Programm, welches in den Computer eindringt und eine Hintertür öffnet, um das betroffene System ohne das Wissen des Benutzers zu kontrollieren.

Banker Trojan: Ein schädliches Programm, das mit Hilfe verschiedener Techniken vertrauliche Informationen von Kunden von Online-Bezahlsystemen und -Bankdiensten entwendet.

Banner: Eine Anzeige, die auf einer Webseite angezeigt wird, um ein Produkt oder einen Dienst zu bewerben, das/der je nach Einzelfall in Relation zur Seite steht oder auch nicht und direkt zur Seite des Werbenden verlinkt.

Batch files / BAT files: Dateien mit einer BAT Endung, die automatisierte Arbeitsabläufe ermöglichen..

BBS (Bulletin Board System): Ein System oder Service, der von Usern abonniert wird und zum Datenaustausch genutzt werden kann (beispielsweise in einem Forum oder einer Newsgroup). Jeder Benutzer hat ein eigenes Postfach, in dem elektronische Nachrichten für ihn gespeichert und von ihm abgerufen werden können. Zudem gibt es meist öffentliche Bereiche, in denen die Benutzer sich autauschen und diskutieren können.

BHO (Browser Helper Object): Programme, welche die Funktionen des Internet Explorers erweitern. Da sie ungehinderten Zugriff zu allen Funktionen des Internet Explorers haben, erstellen einige Schadprogramme eigene BHOs, von denen das Internet-Verhalten des Benutzers überwacht wird.

BIOS (Basic Input / Output System): Eine Programm-Sammlung, die den PC funktionsfähig macht (Teil des Boot-System).

Bit: Die kleinste Einheit digitaler Informationen, mit denen der Computer arbeitet.

Boot / Master Boot Record (MBR): Auch bekannt als Bootsektor; Bezeichnet den ersten Datenblock eines in Partitionen aufgeteilten Speichermediums. Der MBR enthält eine Partitionstabelle, welche die Aufteilung des Datenträgers beschreibt und ein Programm, das den Bootsektor eines Betriebssystems auf einer der Partitionen startet.

Boot disk / System disk: Floppy Disk, CD-ROM oder Festplatte, die einen Systemstart ermöglichen.

Boot virus: Ein Virus, dass speziell den Bootsektor von Festplatten und Floppy Disks beeinträchtigt.

Bot: Abgeleitet vom englischen Wort "robot" (Roboter). Ein Computerprogramm, das einem Eindringling ohne das Wissen oder die Zustimmung des Benutzers die ferngesteuerte Kontrolle über das betroffene System ermöglicht.

Bot Herder: Die Person oder Gruppe, die ein Botnetz kontrolliert. Auch bekannt als ‘Bot Master’ oder ‘Zombie Master’.

Botnet: Ein Netzwerk oder eine Gruppe von Zombie-Computern, die durch den Eigentümer der Bots kontrolliert werden. Der Betreiber des Botnetzes versendet Befehle an die Zombies. Solche Befehle können die Aktualisierung des Bots, das Herunterladen neuer Malware, das Anzeigen von Werbebotschaften oder das Starten eines Denial of Service Angriffs betreffen.

Browser: Ein Browser ist ein spezielles Computerprogramm zur Darstellung von Webseiten im Internet. Die am häufigsten benutzten und bekanntesten Browser sind: Internet Explorer, Firefox, Netscape Navigator, Opera, etc.

Buffer: Ein Datenbereich zur temporären Datenspeicherung für Informationen, die zwischen zwei verschiedenen Einheiten oder Geräten (oder zwischen zwei Komponenten in einem System) übertragen werden.

Bug: Ein Defekt oder eine Fehlfunktion in einem Programm.

Bus: System zur Datenübertragung zwischen mehreren Komponenten über einen gemeinsamen Übertragungsweg innerhalb von Computern (betrifft Datensignale, Adressen, Kontrolsignale, etc).

Byte: Ein Mengenbegriff (Maßeinheit) der Digitaltechnik, der für eine Folge von 8 Bit steht.
[Top]
C

Cache: Zwischenspeicher mit schnellem Zugriff, zum Ablegen von oft benötigten Daten. Liegt zwischen dem Arbeitsspeicher unde dem Prozessor.

Category / Type (of virus): Da viele verschiedene Arten von Schadsoftware bestehen, werden sie in verschiedene Kategorien nach bestimmten charakteristischen Merkmalen eingeordnet.

Cavity: Eine Technik, die von bestimmten Viren und Würmern eingesetzt wird, um eine Enttarnung zu vermeiden. Mit Hilfe dieser Technik ändert sich die Größe der infizierten Datei nicht.

Chat / Chat IRC / Chat ICQ: Elektronische Kommunikation in Echtzeit übers Internet.

Client: IT System (Computer), das bestimmte Dienste und Ressourcen von einem anderen Computer (Server) bezieht, an welchen es über ein Netzwerk angeschlossen ist.

Cluster: Eine Gruppe von Datenobjekten mit ähnlichen Eigenschaften.

CMOS (Complementary Metal Oxide Semiconductor): Das CMOS beinhaltet die im BIOS getroffenen relevanten Einstellungen. Bei jedem Start werden diese Daten vom BIOS aus dem CMOS ausgelesen.

Code: Inhalt einer Viren-Datei - Virus-Code. In einer Programmiersprache geschrieben. Kann sich auch auf Systeme zur Informationsverschlüsselung beziehen.
Im engsten Sinne kann es als ein Satz von Regeln oder eine Kombination von Symbolen mit einem vorgegebenen Wert innerhalb eines bestehendem Systems definiert werden.

Common name: Der Name, mit dem ein Virus allgemein bekannt ist.

Companion / Companion virus / Spawning:Eine Art Virus, das sich nicht in ein Programm einfügt, sondern sich an dieses anhängt.

Compressed / Compress / Compression / Decompress: Dateien oder Dateigruppen, die in einer weiteren Datei komrpimmiert sind, so dass sie weniger Speicherplatz einnehmen.

Cookie: Ein kurzer Eintrag in einer kleinen Datenbank oder einem speziellen Datenverzeichnis auf einem Computer, der dem Austausch von Informationen zwischen Computerprogrammen oder der zeitlich beschränkten Archivierung von Informationen dient, beispielsweise werden Webseiten, die der User besucht hat, temporär gespeichert.

Country of origin: Bezeichnet das Land, in dem ein Virus zum ersten Mal entdeckt wurde.

Cracker: Eine Person, die versucht in ein (gesperrtes) Computer-System einzudringen.

CRC (CRC number or code): Ein unikaler nummerischer Code, der an Dateien angehangen ist und als die ID Nummer der Datei fungiert.

Crimeware: Alle Programme, Nachrichten oder Dokumente, die mittelbar oder unmittelbar für betrügeriscge Zwecke, insbesondere finanzielle Gewinne, eingesetzt werden und betroffen Benutzer schaden.


CVP - Content Vectoring Protocol: Ein im Jahr 1996 durch Check Point entwickeltes Protokoll für Firewalls, welches diesen ermöglicht definierte Inhalte durch ein externes Programm überprüfen zu lassen. Die häufigste Anwendung für CVP ist die Prüfung auf Computerviren (Antivirenprogramm).

Cylinder: Ein Bereich der Festplatte, der in einem einzelnen Vorgang gelesen werden kann.
[Top]
D

Damage level: Dabei handelt es sich um einen Wert, der den Level von negativen Auswirkungen durch eine Virus-Infizierung auf dem Computer angibt. Er gehört zu den Faktoren, die den Threat level ermitteln.

Database: Ein System zur elktronischen Datenverarbeitung von Dateien und Programmen. Beispiele für Datenbanken: Access, Oracle, SQL, Paradox, dBase, etc.

DDoS / Distributed Denial of Service: Ein Denial of Service (DoS) Angriff bezeichnet eine Überbelastung von Infrastruktursystemen, die durch einen mutwilligen Angriff von zahreichen Computern auf einen einzelnen Server gleichzeitig verursacht wird. Die kompromittierten Computer, die am Angriff beteiligt sind, sind verwundbar und ermöglichen es Angreifern die Kontrolle zu übernehmen und den Angriff auszuführen.

Debugger: Ein Tool, welches den Quellcode eines Programms liest und Fehler in Computersystemen findet.

Deleted items: Ein Ordner in einem Programm, der gelöschte Nachrichten enthält (die noch nicht komplett vom System entfernt wurden). Nach dem Löschen einer Nachricht, die ein Virus enthält, ist es ratsam, sie ebenso in diesem Ordner zu löschen.

Detection updated on: Das Datum, an welchem die Erkennung einer Malware in der Viren-Signaturdatei zuletzt aktualisiert wurde.

Dialer: Ein Programm, das oftmals böswillig genutzt wird, um Internet-Verbindungen umzuleiten. In solchen Fällen trennt er eine legitime Telefonverbindung, die für einen Internet-Zugang via Modem benötigt wird und baut eine andere Telefon-Verbindung zu Sondernummern mit erhöhtem Tarif auf. Der Benutzer merkt meist etwas von diesen Aktivitäten, wenn er eine erhöhte Telefonrechnung erhält.

Direct action: Spezielle Funktionalität eines Virus.

Directory / Folder: Spezieller Bereich oder Verzeichnis, der/das meist nach bestimmten Strukturen gegliedert ist und angeordnete Informationen enthält. Die Begriffe Folder (Ordner) und Directory (Verzeichnis) beziehen sich auf das Gleiche. Sie können Dateien und Unter-Verzeichnisse enthalten.

Disinfection: Dazu gehören die Aktivitäten, die eine Antivirenlösung durchführt, wenn sie ein Virus entdeckt und es entfernt.


Distribution level: Das ist der Wert, der das Ausmaß der Auswirkungen eines Virus oder die Geschwindigkeit, mit welcher sich das Virus verbreitet, bezeichnet. Er gehört zu den Faktoren, anhand derer sich der Threat Level kalkulieren lässt.

DNS (Domain name system): Ein weltweites System, das die Kommunikation zwischen Computern in einem Netzwerk oder im Internet ermöglicht.
Das DNS soll bei Anfrage mit einem Hostnamen als Antwort die zugehörige IP-Adresse nennen.

Als DNS
Server werden Computer bezeichnet, in denen die Computer-Namen und die entsprechenden IPs enthalten sind.


DoS / Denial of Service: Ausfall eines Netzwerkdienstes infolge eines Überlastungsangriffes (im Betriebssystem, auf den Web-Servern, etc.)

Download: Übertragungsprozess von Daten von einem Computer in einem Netzwerk oder im Internet zum eigenen Computer.


Driver / Controller: Ein Programm, als Treiber bekannt, das die Interaktion mit angeschlossenen Geräten steuert. (gewöhnlich Peripheriegeräte wir Drucker CD-ROM Laufwerke, etc).

Dropper: Eine ausführbare Datei, die verschiedene Arten von Viren enthält.

Dynamic Link Library (DLL): Dateityp mit einer DLL-Endung.
[Top]
E

EICAR: European Institute of Computer Anti-Virus Research. Ein gemeinnütziger Verein zur Erforschung von Computerviren und Verbesserung der Entwicklung von Antiviren-Programmen. Bekannt ist das EICAR vor allem durch den EICAR-Test, der zum Testen der Funktionen von Antiviren-Software eingesetzt wird.
   

ELF -files- (Executable and Linking Format): Ausführbare Dateien (Programme) von Unix/Linux Betriebssystemen.

Emergency Disk / Rescue disk: A floppy disk that allows the computer to be scanned for viruses without having to use the antivirus installed in the system, but by using what is known as the “command line antivirus”.

Encryption / Self-encryption: This is a technique used by some viruses to disguise themselves and therefore avoid detection by antivirus applications.

EPO (Entry Point Obscuring): A technique for infecting programs through which a virus tries to hide its entry point in order to avoid detection. Instead of taking control and carrying out its actions as soon as the program is used or run, the virus allows it to work correctly for a while before the virus goes into action.

Exceptions: This is a technique used by antivirus programs to detect viruses.

Exploit: This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.

Extension: Files have a name and an extension, separated by a dot: NAME.EXTENSION. A file can have any NAME, but the EXTENSION (if it exists) has a maximum of three characters. This extension indicates the type of file (text, Word document, image, sound, database, program, etc.).
[Top]
F

Family / Group: Some viruses may have similar names and characteristics. These viruses are grouped into families or groups. Members of the group are known as variants of the family or the original virus (the first to appear).

FAT (File Allocation Table): This is a section of a disk that defines the structure and organization of the disk itself. It also contains the ‘addresses’ for all the files stored on that disk.

File / Document: Unit for storing information (text, document, images, spreadsheet etc.) on a disk or other storage device. A file is identified by a name, followed by a dot and then its extension (indicating the type of file).

Firewall: This is a barrier that can protect information in a system or network when there is a connection to another network, for example, the Internet.

FireWire: Is a high-speed communication channel, used to connect computers and peripherals to other computers.

First Appeared on…: The date when a particular virus was first discovered.

First detected on: The date when the detection of a certain malware was first included in the Virus Signature File.

Flooding: Programs that repeatedly send a large message or text to a computer through messaging systems like MSN Messenger in order to saturate, collapse or flood the system.

Format: Define the structure of a disk, removing any information that was previously stored on it.

Freeware:  All software legally distributed free of charge.

FTP (File Transfer Protocol): A mechanism that allows files to be transferred through a TCP/IP connection.
[Top]
G

Gateway: A computer that allows communication between different types of platforms, networks, computers or programs.

GDI (Graphics Device Interface): A system that allows the Windows operating system to display presentations on-screen or in print.

Groupware: A system that allows users in a local network (LAN) to use resources like shared programs; access to Internet, intranet or other areas; e-mail; firewalls and proxies, etc.
[Top]
H

Hacker: Someone who accesses a computer illegally or without authorisation.

Hacking tool: Program that can be used by a hacker to carry out actions that cause problems for the user of the affected computer (allowing the hacker to control the affected computer, steal confidential information, scan communication ports, etc).

Hardware: Term referring to all physical elements in an IT system (screen, keyboard, mouse, memory, hard disks, microprocessor, etc).

Header (of a file): This is the part of a file in which information about the file itself and its location is kept.

Heuristic scan: This term, which refers to problem solving by trial and error, is used in the computer world to refer to a technique used for detecting unknown viruses.

Hijacker: Any program that changes the browser settings, to make the home page or the default search page, etc. different from the one set by the user.

Hoax: This is not a virus, but a trick message warning of a virus that doesn’t actually exist.

Host: This refers to any computer that acts as a source of information.

HTTP (Hyper Text Transfer Protocol): This is a communication system that allows web pages to be viewed through a browser.
[Top]
I

Identity Theft: Obtaining confidential user information, such as passwords for accessing services, in order that unauthorized individuals can impersonate the affected user.

IFS (Installable File System): System used to handle inbound/outbound information transfers between a group of devices or files.

IIS (Internet Information Server): This is a Microsoft server (Internet Information Server), designed for publishing and maintaining web pages and portals.

IMAP (Internet Message Access Protocol): This is a system or protocol which allows access to e-mail messages.

In circulation: virus is said to be in circulation, when cases of it are actually being detected somewhere in the world.

In The Wild: This is an official list drawn up every month of the viruses reported causing incidents.

Inbox: This is a folder in e-mail programs which contains received messages.

Infection: This refers to the process of a virus entering a computer or certain areas of a computer or files.

Interface: The system through which users can interact with the computer and the software installed on it. At the same time, this software (programs) communicates via an interface system with the computer’s hardware.

Interruption: A signal through which a momentary pause in the activities of the microprocessor is brought about.

Interruption vector: This is a technique used by a computer to handle the interruption requests to the microprocessor. This provides the memory address to which the service should be provided.

IP (Internet Protocol) / TCP-IP: An IP address is a code that identifies each computer. The TCP/IP protocol is the system, used in the Internet, that interconnects computers and prevents address conflicts.

IRC (Chat IRC): These are written conversations over the Internet in which files can also be transferred.

ISDN (Integrated Services Digital Network): A type of connection for digitally transmitting information (data, images, sound etc).

ISP (Internet Service Provider): A company that offers access to the Internet and other related services.
[Top]
J

Java: This is a programming language that allows the creation of platform independent programs, i.e., they can be run on any operating system or hardware (multi-platform language).

Java Applets: These are small programs that can be included in web pages to improve the functionality of the page.

JavaScript: programming language that offers dynamic characteristics (e.g. variable data depending on how and when someone accesses, user interaction, customized features, etc.) for HTML web pages.

Joke: This is not a virus, but a trick that aims to make users believe they have been infected by a virus.
[Top]
K

Kernel: This is the central module of an operating system.

Keylogger: A program that collects and saves a list of all keystrokes made by a user. This program could then publish the list, allowing third parties to access the data (the information that the user has entered through the keyboard: passwords, document texts, emails, key combinations, etc.).
[Top]
L

LAN (Local Area Network): A network of interconnected computers in a reasonably small geographical area (generally in the same city or town or even building).

Link / Hyperlink: These are parts of a web page, e-mail or document (text, images, buttons, etc.), that when clicked on, take the user directly to another web page or section of the document.

Link virus: This is a type of virus that modifies the address where a file is stored, replacing it with the address of the virus (instead of the original file). As a result, when the affected file is used, the virus activates.

After the computer has been infected, the original file will be unusable.


Logic bomb: This is a program that appears quite inoffensive, but which can carry out damaging actions on a computer, just like any other virus.

Loop: A set of commands or instructions carried out by a program repeatedly until a certain condition is met.
[Top]
M

Macro: A macro is a series of instructions defined so that a program, say Word, Excel, PowerPoint, or Access, carries out certain operations. As they are programs, they can be affected by viruses. Viruses that use macros to infect are known as macro viruses.

Macro virus: A virus that affects macros in Word documents, Excel spreadsheets, PowerPoint presentations, etc.

Malware: This term is used to refer to all programs that contain malicious code (MALicious softWARE), contain malicious code, whether it is a virusTrojan or worm.

Map: This is the action of assigning a shared network disk a letter in a computer, just as if it were another drive in the computer itself.

MAPI: Messaging Application Program Interface. A system used to enable programs to send and receive e-mail via a certain messaging system.

Mask: This is a 32 bit number that identifies an IP address in a certain network. This allows the TCP/IP communication protocol to know if a an IP address of a computer belongs to one network or another.

Means of infection: A fundamental characteristic of a virus. This is the way in which a virus infects a computer.

Means of transmission: A fundamental characteristic of a virus. This is the way in which a virus spreads from one computer to another.

Microprocessor / Processor: This is the integrated electronic heart of a computer or IT system e.g. Pentium (I, II, III, IV,...), 486, 386, etc.

MIME (Multipurpose Internet Mail Extensions): This is the set of specifications that allows text and files with different character sets to be exchanged over the Internet (e.g. between computers in different languages).

Modem: A peripheral device, also known as MOdulator DEModulator, used to transmit electronic signals (analogical and digital). It is designed to enable communication between computers or other types of IT resources. It is most often used for connecting computers to the Internet.

Module: In IT parlance, this is a set or group of macros in a Word document or Excel spreadsheet, etc.

MS-DOS (Disk Operating System): This operating system, which predates Windows, involves the writing of commands for all operations that the user wants to carry out.

MSDE (Microsoft Desktop Engine): A server for storing data, which is compatible with SQL Server 2000.

MTA (Message Transfer Agent): This is an organized mail system that receives messages and distributes them to the recipients. MTAs also transfer messages to other mail servers. Exchange, sendmail, qmail and Postfix, for example, are MTAs.

Multipartite: This is a characteristic of a particular type of sophisticated virus, which infects  computers by using a combination of techniques used by other viruses.

Mutex (Mutual Exclusion Object): Some viruses can use a mutex to control access to resources (examples: programs or even other viruses) and prevent more than one process from simultaneously accessing the same resource.

By doing this, they make it difficult for antiviruses to detect them. These viruses can ‘carry’ other malicious code in the same way that other types, such as polymorphic viruses, do. 

[Top]
N

Network: Group of computers or other IT devices interconnected via  a cable, telephone line, electromagnetic waves (satellite, microwaves etc), in order to communicate and share resources. Internet is a vast network of other sub-networks with millions of computers connected.

Newsgroup: An Internet service through which various people can connect to discuss or exchange information about specific subjects.

Nuke (attack): A nuke attack is aimed at causing the network connection to fail. A computer that has been nuked may block.

Nuker: Person or program that launches a nuke attack, causing a computer to block or the network connection to fail.
[Top]
O

OLE (Object Linking and Embedding): A standard for embedding and attaching images, video clips, MIDI, animations, etc in files (documents, databases, spreadsheets, etc). It also allows ActiveX controls to be embedded.

Online registration: System for subscribing or registering via the Internet as a user of a product or services (in this case, a program and associated services).

Operating system (OS): A set of programs that enables a computer to be used.

Overwrite: This is the action that certain programs or viruses take when they write over a file, permanently erasing the content.
[Top]
P

P2P (Peer to peer): A program -or network connection- used to offer services via the Internet (usually file sharing), which viruses and other types of threats can use to spread. Some examples of this type of program are KaZaA, Emule, eDonkey, etc.

Packaging: An operation in which a group of files (or just one) are put into another file, thus occupying less space. Packaging is similar to file compression, but is the usual way of referring to this in Unix/Linux environments.

The difference between packaging and compression are the tools used. For example, a tool called tar is normally used for packaging , while zip or gzip -WinZip- are used for compressing.


Parameter: A variable piece of data indicating how a program should behave in any given situation.

Partition: A division of a computer’s hard disk which enables the operating system to identify it as if it were a separate disk. Each partition of a hard disk can have a different operating system.

Partition table: An area of a disk containing information about the sections or partitions,  that the disk is divided into.

Password: This is a sequence of characters used to restrict access to a certain file, program or other area, so that only those who know the password can enter.

Password stealer: A program that obtains and saves confidential data, such as user passwords (using keyloggers or other means). This program can publish the list, allowing third-parties to use the data to the detriment of the affected user.

Payload: The effects of a virus.

PDA (Personal Digital Assistant): A pocket-sized, portable computer (also called palmtops). Like other computers, they have their own operating system, have programs installed and can exchange information with other computers, the Internet, etc. Well-known brands include Palm, PocketPC, etc.

PE (Portable Executable): PE refers to the format of certain programs.

Permanent protection: This is the process that some antivirus programs carry out of continually scanning any files that are used in any operations (albeit by the user or the operating system.) Also known as sentinel or resident.

Phishing: Phishing involves massive sending of emails that appear to come from reliable sources and that try to get users to reveal confidential banking information. The most typical example of phishing is the sending of emails that appear to come from an online bank in order to get users to enter their details in a spoof web page.

Plataform: Refers to an operating system, in a specific environment and under certain conditions (types of programs installed, etc.).

Plugin: A program that adds new functionality to an existing system.

Polymorphic / Polymorphism: A technique used by viruses to encrypt their signature in a different way every time and even the instructions for carrying out the encryption.

POP (Post Office Protocol): This is a protocol for receiving and sending e-mails.

Pop-up menu: List of options that is displayed when clicking on a certain item or area of a window in a program with the secondary mouse button (usually the right). These options are shortcuts to certain functions of a program.

Pop-up windows: A window that suddenly appears, normally when a user selects an option with the mouse or clicks on a special function key.

Port / Communication port: Point through which a computer transfers information (inbound / outbound) via TCP/IP.

Potentially Unwanted Program (PUP): Program that is installed without express permission from the user and carries out actions or has characteristics that can reduce user control of privacy, confidentiality, use of computer resources, etc.

Prepending: This is a technique used by viruses for infecting files by adding their code to the beginning of the file. By doing this, these viruses ensure that they are activated when an infected file is used.

Preview Pane: A feature in e-mail programs that allows the content of the message to be viewed without having to open the e-mail.

Privacy policy: This is the document that sets out the procedures, rules, and data security practices of a company to guarantee the integrity, confidentiality and availability of data collected from clients and other interested parties in accordance with applicable legislation, IT security needs and business objectives.

Proactive protection: Ability to protect the computer against unknown malware by analyzing its behavior only, and therefore not needing a virus signature file periodically updated.

Process killer: A program that ends actions or processes that are running (active) on a computer, which could pose a threat.

Program: Elements that allow operations to be performed. A program is normally a file with an EXE or COM extension.

Programming language: Set of instructions, orders, commands and rules that are used to create programs. Computers understand electronic signals (values 0 or 1). Languages allow the programmer to specify what a program must do without having to write long strings of zeros and ones, but using words (instructions) that are more easily understood by people.

Protocol: A system of rules and specifications that enables and governs the communication between to computers or IT devices (data transfer).

Proxy: A proxy sever acts as a middle-man between an internal network, such as an Intranet, and the connection to the Internet. In this way, one connection can be shared by various users to connect to an Internet server.
[Top]
Q

Quick Launch bar: The area next to the Windows Start button or menu, which contains shortcut icons to certain items and programs: e-mail, Internet, antivirus, etc.
[Top]
R

RAM (Random Access Memory): This is a computer's main memory, in which files or programs are stored when they are in use.

Recycle bin: This is a section or folder on the hard disk where deleted files are stored (provided they haven’t been permanently deleted).

Redirect: Access one address via another.

Remote control: The action of gaining access to a user’s computers (with or without the user’s consent) from a computer in a different location. This access could pose a threat if it is not done correctly or for legitimate purposes.

Rename: Action whereby a file, directory or other element of a system is given a new name.

Replica: Among other things, the action by which a virus propagates or makes copies of itself, with the aim of furthering the spread of the virus.

Resident / Resident virus: program or file is referred to as resident when it is stored in the computer’s memory, continuously monitoring operations carried out on the system.

Restart: Action whereby the computer is temporarily stopped then immediately starts again.

Ring: A system governing privilege levels in a microprocessor, controlling the operations that can be performed and its protection.   There are various levels: Ring0 (administrator), Ring1 and Ring2 (administrator with less privileges), Ring3 (user).

ROM (Read Only Memory): This is a type of memory which under normal circumstances cannot be written on, and therefore its content is permanent.

Root directory: This is the main directory or folder on a disk or drive.

Rootkit: A program designed to hide objects such as processes, files or Windows registry entries (often including its own). This type of software is not malicious in itself, but is used by hackers to cover their tracks in previously compromised systems. There are types of malware that use rootkits to hide their presence on the system.

Routine: Invariable sequence of instructions, that make up part of a program and can be used repeatedly.
[Top]
S

Scam: Any illegal plot or fraud in which a person or group of persons are tricked into giving money, under false promises of economic gain (trips, vacations, lottery prizes, etc.).

Scanning -ports, IP addresses-: The action of identifying the communications ports and/or IP addresses of a computer and getting information about their status. This action can sometimes be considered an attack or threat.

SCR files: These files, which have the extension SCR, could be Windows screensavers or files written in Script language.

Screensaver: This is a program that displays pictures or animations on the screen. These programs were originally created to prevent images from burning onto the screen when the computer wasn’t used for a while.

Script / Script virus: The term script refers to files or sections of code written in programming languages like Visual Basic Script (VBScript), JavaScript, etc.

Sector: This is a section or area of a disk.

Security patch: Set of additional files applied to a software program or application to resolve certain problems, vulnerabilities or flaws.

Security risk: This covers anything that can have negative consequences for the user of the computer. For example, a program for creating viruses or Trojans).

Sent items: A folder in e-mail programs which contains copies of the messages sent out.

Server: IT system (computer) that offers certain services and resources (communication, applications, files, etc.) to other computers (known as clients), which are connected to it across a network.

Service: The suite of features offered by one computer or system to others that are connected to it.

Services applet: An applet in Windows XP/2000/NT, which configures and monitors system services.

Shareware: Evaluation versions of a software product that allow users to try out a product for a period of time before buying it. Shareware versions are normally free or significantly cheaper than complete versions.

Signature / Identifier: This is like the virus passport number. A sequence of characters (numbers, letters, etc.) that identify the virus.

SMTP (Simple Mail Transfer Protocol): This is a protocol used on the Internet exclusively for sending e-mail messages.

Software: Files, programs, applications and operating systems that enable users to operate computers or other IT systems. These are the elements that make the hardware work.

Spam: Unsolicited e-mail, normally containing advertising. These messages, usually mass-mailings, can be highly annoying and waste both time and resources.

Spammer: A program that allows the mass-mailing of unsolicited, commercial e-mail messages. It can also be used to mass-mail threats like worms and Trojans.

Spear Phishing: This attack uses phishing techniques but is aimed at a specific target. The creator of this type of attack will never use spam to obtain a massive avalanche of personal user data. The fact that it is targeted and not massive implies careful preparation in order to make it more credible and the use of more sophisticated social engineering techniques..

Spyware: Programs that collect information about users' browsing activity, preferences and interests. The data collected is sent to the creator of the application or third-parties, and can be stored in a way that it can be recovered at another time. Spyware can be installed with the user consent and awareness, but sometimes it is not. The same happens with the knowledge or lack of knowledge regarding data collected and the way it is used.

SQL (Structured Query Language): A standard programming language aimed at enabling the administration and communication of databases. It is widely used in the Internet (e.g. Microsoft SQL Server, MySQL, etc).

Statistics: A sample of malware has statistics whenever its infection percentage is among the 50 most active threats.

Status bar: A section that appears at the bottom of the screen in some Windows programs with information about the status of the program or the files that are in use at the time.

Stealth: A technique used by viruses to infect computers unnoticed by users or antivirus applications.

String: A sequence of characters (letters, numbers, punctuation marks etc.).

Sub-type: Each of the sub-groups into which a type is divided. In this case, a group of viruses or threats within the same category or type, with certain characteristics in common.

Symptoms of infection: These are the actions or effects that a virus could have when it infects a computer including trigger conditions.

System services: Applications which normally run independently when a system is started up and which close, also independently, on shutting down the system. System services carry out fundamental tasks such as running the SQL server or the Plug&Play detector.
[Top]
T

Targeted attack: Attacks aimed specifically at a person, company or group and which are normally perpetrated silently and imperceptibly. These are not massive attacks as their aim is not to reach as many computers as possible. The danger lies precisely in the customized nature of the attack, which is designed especially to trick potential victims.

Task list: A list of all programs and processes currently active (normally in the Windows operating system).

Technical name: The real name of a virus, which also defines its class or family.

Template / Global template: This is a file that defines a set of initial characteristics that a document should have before starting to work with it.

Threat level: This is a calculation of the danger that a particular virus represents to users.

Title bar: A bar on top of a window. The title bar contains the name of the file or program.

Track: A ring on a disk where data can be written.

Trackware: All programs that monitor the actions of users on the Internet (pages visited, banners clicked on, etc.) and create a profile that can be used by advertisers.

Trigger: This is the condition which causes the virus to activate or to release its payload.

Trojan: Strictly speaking, a Trojan is not a virus, although it is often thought of as such. Really they are programs that, enter computers appearing to be harmless programs, install themselves and carry out actions that affect user confidentiality.

TSR (Terminate and Stay Resident): A characteristic that allows certain programs to stay in memory after having run.

Tunneling: A technique used by some viruses to foil antivirus protection.
[Top]
U

Updates: Antiviruses  are constantly becoming more powerful and adapting to the new technologies used by viruses and virus writers. If they are not to become obsolete, they must be able to detect the new viruses that are constantly appearing. To do this, they have what is called a Virus Signature File

UPX: This is a file compression tool (Ultimate Packer for eXecutables) which also allows programs compressed with this tool to be run without having to be decompressed.

URL (Uniform Resource Locator): Address through which to access Internet pages (or other computers).
[Top]
V

Vacination: An antivirus technique that allows file information to be stored, and posible infections detected when a change is noted in the file.

Variant: A variant is a modified version of an original virus, which may vary from the original in terms of means of infection and the effects that it has.

Virus: Viruses are programs that can enter computers or IT systems in a number of ways, causing effects that range from simply annoying to highly-destructive and irreparable.

Virus constructor: A malicious program intended to create new viruses without having any programming skills, as it has an interface that allows to choose the characteristics of the created malware: type, payload, target files, encryption, polymorphism, etc.

Virus Signature File: This file enables the antivirus to detect viruses.

Volume: This is a partition of a hard disk, or a reference to a complete hard disk. This term is used in many networks where there are shared disks.

Vulnerability: Flaws or security holes in a program or IT system, and often used by viruses as a means of infection.
[Top]
W

WAN (Wide Area Network): network of interconnected computers over a large geographical area, connected via telephone, radio or satellite.

Windows desktop: This is the main area of Windows that appears when you start up the computer. From here you can access all tools, utilities and programs installed on the computer, via shortcut icons, options in the Windows Start menu, the Windows taskbar, etc.

Windows Explorer: Program or application available in Windows to administer the files available on the computer. It is very useful for getting an organized view of all directories.

Windows Registry: This is a file that stores all configuration and installation information of programs installed, including information about the Windows operating system.

Windows Registry Key: These are sections of the Windows Registry that store information regarding the system’s settings and configuration.

Windows System Tray: Area in the Windows taskbar (usually in the bottom right corner of the screen), which contains the system clock, icons for changing system settings, viewing the status of the antivirus protection, etc.

Windows taskbar : This is a bar that appears at the bottom of the screen in Windows. The bar contains the Start button, the clock, icons of all programs resident in memory at that moment and shortcuts that give direct access to certain programs.

WINS (Windows Internet Name Service): service for determining names associated with computers in a network and allowing access to them. A computer contains a database   with IP addresses (e.g. 125.15.0.32) and the common names assigned to each computer in the network (e.g. SERVER1).

Workstation: One of the computers connected to a local network that uses the services and resources in the network. A workstation does not normally provide services to other machines in the network in the same way a server does.

Worm: This is similar to a virus, but it differs in that all it does is make copies of itself (or part of itself).

Write access / permission: These rights or permissions allow a user or a program to write to a disk or other type of information storage unit.

Write-protected: This is a technique used to allow files on a disk or other storage device to be read but to prevent users from writing on them.

WSH (Windows Scripting Host): The system that enables you to batch process files and allows access to Windows functions via programming languages such as Visual Basic Script and Java Script (script languages).
[Top]
X

XOR (OR-Exclusive): An operation used by many viruses to encrypt their content.
[Top]
Z

Zip: A particular format of compressed file corresponding to the WinZip application.

Zombie: A computer controlled through the use of bots.

Zoo (virus): Those viruses that are not in circulation and that only exist in places like laboratories, where they are used for researching the techniques and effects of viruses.