 |
|
|
|
General Information
|
The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals: integrity, availability, and confidentiality. The following list provides a brief description of each security goal and the consequence (or impact) of its not being met:
Loss of Integrity: System and data integrity refers to the requirement that information be protected from improper modification. Integrity is lost if unauthorized changes are made to the data or IT system by either intentional or accidental acts. If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in inaccuracy, fraud, or erroneous decisions. Also, violation of integrity may be the first step in a successful attack against system availability or confidentiality. For all these reasons, loss of integrity reduces the assurance of an IT system.
Loss of Availability: If a mission-critical IT system is unavailable to its end users, the organization’s mission may be affected. Loss of system functionality and operational effectiveness, for example, may result in loss of productive time, thus impeding the end users? performance of their functions in supporting the organization’s mission.
Loss of Confidentiality: System and data confidentiality refers to the protection of information from unauthorized disclosure. The impact of unauthorized disclosure of confidential information can range from the jeopardizing of national security to the disclosure of Privacy Act data. Unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization.
Below are listed frequently used security terms:
What is Malware?
Malware – short for malicious software – refers to any malicious or unexpected program or code such as viruses, Trojans, and droppers. Not all malicious programs or codes are viruses. Viruses, however, occupy a majority of all known malware to date including worms. The other major types of malware are Trojans, droppers, and kits.
Due to the many facets of malicious code or a malicious program, referring to it as malware helps to avoid confusion. For example, a virus that also has Trojan-like capabilities can be called malware.
What is Spyware?
Spyware refers to programs that gather information about a person or organization and relay the information to advertisers or other interested parties. Installation, tracking, and relaying typically are done without user consent or knowledge. Spyware can be legitimate or malicious in intent, and it includes keyloggers, screen captors, event loggers, and data miners.
What is Grayware?
Grayware is an industry term used to describe a broad range of spyware and other unwanted applications, such as adware, dialers, joke programs, remote access programs, hacking tools, browser hijackers, password crackers, and so forth.
What is a Trojan?
A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.
A Trojan, coined from Greek mythology's Trojan horse, typically comes in good packaging but has some hidden malicious intent within its code. When a Trojan is executed users will likely experience unwanted system problems in operation, and sometimes loss of valuable data.
What is an Event Logger? Programs that log "system events" for future viewing or relay to third parties.
What is a keylogger? Keyloggers can record every keystroke on a PC and steal password and other confidential information.
What is a Cookie? Cookies are text files, created on computers when visiting Web sites, that contain information on user browsing habits and allow Web sites to more precisely target advertisements or display customized information. Cookies are typically among the programs of least concern, especially those that have expiration dates, are tied to only one domain, track less sensitive information, and store information in encrypted form.
What is a Virus?
A computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual. n addition to replication, some computer viruses share another commonality: a damage routine that delivers the virus payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other damage. If the virus does not contain a damage routine, it can cause trouble by consuming storage space and memory, and degrading the overall performance of your computer. Several years ago most viruses spread primarily via floppy disk, but the Internet has introduced new virus distribution mechanisms. With email now used as an essential business communication tool, viruses are spreading faster than ever. Viruses attached to email messages can infect an entire enterprise in a matter of minutes, costing companies millions of dollars annually in lost productivity and clean-up expenses. Viruses won't go away anytime soon: More than 60,000 have been identified, and 400 new ones are created every month, according to the International Computer Security Association (ICSA). With numbers like this, it's safe to say that most organizations will regularly encounter virus outbreaks. No one who uses computers is immune to viruses.
Life Cycle of a Virus
The life cycle of a virus begins when it is created and ends when it is completely eradicated. The following outline describes each stage:
Creation
Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses.
Replication
Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.
Activation
Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.
Discovery
This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington , D.C. , to be documented and distributed to antivirus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.
Assimilation
At this point, antivirus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.
Eradication
If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.
What can you do to Protect against Malware?
There are many things you can do to protect against malware. At the top of the list is using a powerful antivirus product, and keeping it up-to-date with the latest pattern files. To learn more about Trend Micro's offerings, and find out which solution is right for you, please view the interactive Trend Micro Enterprise Solution diagram. You may also visit the ICSA Web site for further suggestions. |
|
|
|
|
|
|
|
 |
