The glossary below contains many of the terms you will find in common use throughout the our blog.
Adware
Adware is a software package that facilitates the delivery of advertising content to the user. Learn more about different adware risks.
Application server
A software server that lets thin clients use applications and databases that are managed by the server. The application server handles all the application operations and connections for the clients.
Attack signature
The features of network traffic, either in the heading of a packet or in the pattern of a group of packets, which distinguish attacks from legitimate traffic.
Authentication
The assurance that a party to some computerized transaction is not an impostor. Authentication typically involves using a password, certificate, PIN, or other information that can be used to validate the identity over a computer network.
AutoInstall package
An executable created by AI Snapshot and AI Builder that contains one or more applications distributed to client computers using the Symantec Ghost Console.
Clone
To make a specified folder on the host or remote computer identical to a specified folder on another computer. Any files in the source folder are copied to the destination folder. Files that are in the destination folder and that are not in the source folder are deleted from the disk. Also see synchronize.
Cluster server
A group of two or more servers linked together to balance variable workloads or provide continued operation in the event that one server fails.
Connection
The successful establishment of a communications link.
Domain Name System (DNS)
A hierarchical system of host naming that groups TCP/IP hosts into categories. For example, in the Internet naming scheme, names with .com extensions identify hosts in commercial businesses.
Encrypted Virus
A virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect.
Exploit
A program or technique that takes advantage of a vulnerability in software and that can be used for breaking security, or otherwise attacking a host over the network.
Firewall Rules
A security system that uses rules to block or allow connections and data transmission between your computer and the Internet.
Fully Qualified Domain Name (FQDN)
A URL consisting of a host and domain name, including top-level domain. For example, the parsing of the FQDN, www.symantec.com, is: www is the host, symantec is the second-level domain, and
com is the top-level domain. An FQDN always starts with a host name and continues to the top-level domain name, so www.sesa.symantec.com is also an FQDN.
Geographic distribution
This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).
Hack tool
Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk. Hack tools also generally:
Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system it is installed on, and/or
Facilitate an attempt at disabling a target computer, preventing its normal use
One example of a hack tool is a keystroke logger -- a program that tracks and records individual keystrokes and can send this information back to the hacker. Also applies to programs that facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt.
Hoax
Hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails. Learn more about differenthoaxes.
Host
1. In a network environment, a computer that provides data and services to other computers. Services may include peripheral devices, such as printers, data storage, email, or World Wide Web access. 2. In a remote control environment, a computer to which remote users connect to access or exchange data.
Internet Protocol (IP) address
Identifies a workstation on a TCP/IP network and specifies routing information. Each workstation on a network must be assigned a unique IP address, which consists of the network ID, plus a unique host ID assigned by the network administrator. This address is usually represented in dot-decimal notation, with the decimal values separated by a period (for example 123.45.6.24).
Intrusion Detection
A security service that monitors and analyzes system events to find and provide real-time or near real-time attempt warnings to access system resources in an unauthorized manner. This is the detection of break-ins or break-in attempts, by reviewing logs or other information available on a network.
Log
A record of actions and events that take place on a computer. Logging creates a record of actions and events that take place on a computer.
MD5
A hash function such as MD5 is a one-way operation that transforms a data string of any length into a shorter, fixed-length value. No two strings of data will produce the same hash value.
An MD5 checksum verifies the data integrity by running a hash operation on the data after it is received. The resultant hash value is compared to the hash value that was sent with the data. If the two values match, this indicates that the data has not been altered or tampered with, and its integrity may be trusted.
Ping
A basic Internet program that lets you verify that a particular Internet address exists and can accept requests. The act of using the ping utility or command. Pinging is diagnostically used to ensure that a host computer, which you are trying to reach, actually operates.
Port
A hardware location for passing data in and out of a computing device. Personal computers have various types of ports, including internal ports for connecting disk drives, monitors, and keyboards, as well as external ports, for connecting modems, printers, mouse devices, and other peripheral devices.
In TCP/IP and UDP networks, port is the name given to an endpoint of a logical connection. Port numbers identify types of ports. For example, both TCP and UDP use port 80 for transporting HTTP data. A threat may attempt to use a particular TCP/IP port.
Protocol
A set of rules enabling computers or devices to exchange data with one another with as little error as possible. The rules govern issues, such as error checking and data compression methods. Also see communications protocol.
Remote
A computer that connects with a host computer and takes control of it in a remote control session.
Remote access
A program that allows one computer to gain access to another computer without authorisation or a visible presence.
Remote communication
The interaction with a host by a remote computer through a telephone connection or another communications line, such as a network or a direct serial cable connection.
Remote control session
A process in which a remote computer calls and connects with a host computer. Then, the remote computer operates the host while the host's video display is transmitted to the remote computer's monitor. CPU activity takes place on the host.
Session
In communications, the time during which two computers maintain a connection and are usually engaged in transferring information.
Spyware
Spyware is any software package that tracks and sends personally identifiable information or confidential information to third parties. Personally identifiable information is information that can be traced to a specific person such as a full name. Confidential information includes data that most people would not be willing to share with someone and includes bank details, credit card numbers, and passwords. Third parties may be remote systems or parties with local access. Learn more aboutspyware.
Vulnerability
A (universal) vulnerability is a state in a computing system (or set of systems) which either:
Allows an attacker to execute commands as another user
Allows an attacker to access data that is contrary to the specified access restrictions for that data
Allows an attacker to pose as another entity
Allows an attacker to conduct a denial of service
*Source: CVE Web site
[Source: Symantec Security Response]
