Term
|
Definition
| when Laurel installs a packet-filter firewall, it should not allow any packets to pass into the network that were not specifically granted access. |
|
|
Term
| Phases of the system development life cycle (SDLC). |
|
Definition
initiation
acquisition/development
implementation
operation/maintenance
disposal |
|
|
Term
|
Definition
| In the initiation phase the company establishes the need for a specific system |
|
|
Term
| project risk analysis vs. security risk analysis. |
|
Definition
The project team may do a risk analysis pertaining to the risk of the project failing.
Security risk analysis, which addresses the vulnerabilities within the software product itself. |
|
|
Term
| SDLC - Acquisition/Development |
|
Definition
| New system is either created or purchased |
|
|
Term
|
Definition
| New system is installed into production environment |
|
|
Term
| SDLC -Operation/maintenance |
|
Definition
| System is used and cared for |
|
|
Term
|
Definition
| System is removed from production environment |
|
|
Term
|
Definition
| the technical testing of a system |
|
|
Term
|
Definition
| the formal authorization given by management to allow a system to operate in a specific environment. |
|
|
Term
| System development life cycle (SDLC) |
|
Definition
| A methodical approach to standardize requirements discovery, design, development, testing, and implementation in every phase of a system. |
|
|
Term
| Standard phases of a software development life cycle (SDLC) |
|
Definition
Requirements gathering
Design
Development
Testing/Validation
Release/Maintenance |
|
|
Term
|
Definition
| Describes the product and customer requirements. A detailed-oriented SOW will help ensure that these requirements are properly understood and assumptions are not made. |
|
|
Term
|
Definition
| scope of a project continually extends in an uncontrollable manner (creeps) |
|
|
Term
| work breakdown structure (WBS) |
|
Definition
| a project management tool used to define and group a project’s individual work elements in an organized manner. |
|
|
Term
| Typical Privacy Impact Ratings |
|
Definition
P1 High Privacy Risk
P2 Moderate Privacy Risk
P3 Low Privacy Risk |
|
|
Term
| Three Common Software Requirement Models |
|
Definition
Informational model
Functional model
Behavioral model |
|
|
Term
| Software Requirements - Informational model |
|
Definition
| Dictates the type of information to be processed and how it will be processed |
|
|
Term
| Software Requirements - Functional model |
|
Definition
| Outlines the tasks and functions the application needs to carry out |
|
|
Term
| Software Requirements - Behavioral model |
|
Definition
| Explains the states the application will be in during and after specific transitions take place |
|
|
Term
|
Definition
| what is available to be used by an attacker against the product itself. |
|
|
Term
|
Definition
| to identify and reduce the amount of code and functionality accessible to untrusted users. |
|
|
Term
|
Definition
| a systematic approach used to understand how different threats could be realized and how a successful compromise could take place |
|
|
Term
| computer-aided software engineering (CASE) |
|
Definition
| refers to any type of software tool that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more. |
|
|
Term
|
Definition
| a debugging technique that is carried out by examining the code without executing the program, and therefore is carried out before the program is compiled. |
|
|
Term
|
Definition
| The goal of this type of testing is to isolate each part of the software and show that the individual parts are correct. |
|
|
Term
|
Definition
| Verifying that components work together as outlined in design specifications. |
|
|
Term
|
Definition
| Ensuring that the code meets customer requirements. |
|
|
Term
|
Definition
| After a change to a system takes place, retesting to ensure functionality, performance, and protection. |
|
|
Term
|
Definition
| a technique used to discover flaws and vulnerabilities in software. Fuzzing is the act of sending random data to the target program in order to trigger failures. |
|
|
Term
|
Definition
| refers to the evaluation of a program in real time, i.e., when it is running. |
|
|
Term
|
Definition
| Sometimes developers enter lines of code in a product that will allow them to do a few keystrokes and get right into the application. This allows them to bypass any security and access controls so they can quickly access the application’s core components. |
|
|
Term
| Verification vs. Validation |
|
Definition
Verification determines if the product accurately represents and meets the specifications.
Validation determines if the product provides the necessary solution for the intended real-world problem. |
|
|
Term
|
Definition
| vulnerabilities that do not currently have a resolution. If a vulnerability is identified and there is not a preestablished fix (patch, configuration, update), it is considered a zero day |
|
|
Term
|
Definition
| Indicates the sensitivity level of the data that will be processed or made accessible. |
|
|
Term
| Web Application Security Consortium (WASC) |
|
Definition
| an organization that provides bestpractice security standards for the World Wide Web and the web-based software that makes it up |
|
|
Term
| Open Web Application Security Project (OWASP). |
|
Definition
| The group provides development guidelines, testing procedures, and code review steps, but is probably best known for its top ten web application security risk list that it maintains. |
|
|
Term
|
Definition
| The U.S. Department of Homeland Security (DHS) also provides best practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. |
|
|
Term
|
Definition
| International standard that provides guidance to assist organizations in integrating security into the processes used for managing their applications. It is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced. |
|
|
Term
|
Definition
No architecture design is carried out
Development takes place immediately with little or no planning involved.
Problems are dealt with as they occur, which is usually after the software product is released to the customer. |
|
|
Term
|
Definition
Uses a linear-sequential life-cycle approach
Each phase must be completed in its entirety before the next phase can begin.
At the end of each phase, a review takes place to make sure the project is on the correct path and if the project should continue (IMAGE) 1112 |
|
|
Term
|
Definition
it follows steps that are laid out in a V format
This model emphasizes the verification and validation of the product at each phase and provides a formal method of developing testing plans as each coding phase is executed. (IMAGE) 1113 |
|
|
Term
|
Definition
| A sample of software code or a model (prototype) can be developed to explore a specific approach to a problem before investing expensive time and resources. |
|
|
Term
|
Definition
| an approach that allows the development team to quickly create a prototype (sample) to test the validity of the current understanding of the project requirements. |
|
|
Term
|
Definition
evolutionary prototypes are developed
They are built with the goal of incremental improvement.
Instead of being discarded after being developed, as in the rapid prototype approach, the prototype in this model is continually improved upon until it reaches the final product stage |
|
|
Term
|
Definition
| Same as evolutionary model, but the operational prototype is designed to be implemented within a production environment as it is being tweaked |
|
|
Term
| Incremental development model |
|
Definition
| allows the team to carry out multiple development cycles on a piece of software throughout its development stages |
|
|
Term
|
Definition
| uses an iterative approach to software development and places emphasis on risk analysis. The model is made up of four main phases: planning, risk analysis, development and test, and evaluation |
|
|
Term
| Rapid Application Development (RAD) model |
|
Definition
| Combines prototyping and iterative development procedures with the goal of accelerating the software development process. |
|
|
Term
|
Definition
| an umbrella term for several development methodologies. It focuses not on rigid, linear, stepwise processes, but instead on incremental and iterative development methods that promote cross-functional teamwork and continuous feedback mechanisms. |
|
|
Term
| Capability Maturity Model Integration (CMMI) |
|
Definition
models a comprehensive integrated set of guidelines for developing products and software
both software vendors would use the model to help improve their processes and customers would use the model to assess the vendors’ practices |
|
|
Term
| five maturity levels of the CMMI model |
|
Definition
Initial - Development process is ad hoc or even chaotic.
Repeatable - A formal management structure, change control, and quality assurance are in place.
Defined - Formal procedures are in place that outline and define processes carried out in each project.
Managed - processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process improvement program.
Optimizing - The company has budgeted and integrated plans for continuous process improvement.
Each level builds upon the previous one. For example, a company that accomplishes a Level 5 CMMI rating must meet all the requirements outlined in Levels 1–4 along with the requirements of Level 5. (IMAGE) 1121 |
|
|
Term
| Capability Maturity Models (CMMs) |
|
Definition
| general models that allow for maturity- level identification and maturity improvement steps |
|
|
Term
|
Definition
| the process of controlling the changes that take place during the life cycle of a system and documenting the necessary change control activities. |
|
|
Term
| Software Configuration Management (SCM) |
|
Definition
| Identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. |
|
|
Term
|
Definition
| a third party keeps a copy of the source code, and possibly other materials, which it will release to the customer only if specific circumstances arise, mainly if the vendor who developed the code goes out of business or for some reason is not meeting its obligations and responsibilities |
|
|
Term
|
Definition
A format that the computer’s processor can understand and work with directly.
Machine code is represented in a binary format (1 and 0) |
|
|
Term
|
Definition
A low-level programming language and is the symbolic representation of machine-level instructions
Uses symbols (called mnemonics) to represent complicated binary codes |
|
|
Term
|
Definition
| Tools that convert assembly code into the necessary machine-compatible binary language for processing activities to take place. |
|
|
Term
|
Definition
| Otherwise known as third-generation programming languages, due to their refined programming structures, using abstract statements. |
|
|
Term
| very high-level languages |
|
Definition
| Otherwise known as fourth-generation programming languages and are meant to take natural language-based statements one step ahead. |
|
|
Term
|
Definition
| Otherwise known as fifth-generation programming languages, which have the goal to create software that can solve problems by themselves. Used in systems that provide artificial intelligence. |
|
|
Term
|
Definition
| Tools that convert high-level language statements into the necessary machine-level format (.exe, .dll, etc.) for specific processors to understand. |
|
|
Term
|
Definition
| Tools that convert code written in interpreted languages to the machine-level format for processing. |
|
|
Term
| Object-oriented programming (OOP) |
|
Definition
| OOP works with classes and objects. A real-world object, such as a table, is a member (or an instance) of a larger class of objects called “furniture.” The furniture class will have a set of attributes associated with it, and when an object is generated, it inherits these attributes. |
|
|
Term
|
Definition
| the functionality or procedure an object can carry out |
|
|
Term
|
Definition
| Objects communicate with each other, and this happens by using messages that are sent to the receiving object’s API. |
|
|
Term
|
Definition
| Means this information is packaged under one name and can be reused as one entity by other objects |
|
|
Term
|
Definition
| details of the processing are hidden from all other program elements outside the object. Objects communicate through well-defined interfaces; therefore, they do not need to know how each other works internally. |
|
|
Term
|
Definition
| Two objects can receive the same input and have different outputs. |
|
|
Term
| Object-oriented analysis (OOA) |
|
Definition
| the process of classifying objects that will be appropriate for a solution. |
|
|
Term
| Object-oriented design (OOD) |
|
Definition
| creates a representation of a real-world problem and maps it to a software solution using OOP |
|
|
Term
|
Definition
| Considers data independently of the way the data are processed and of the components that process the data. A process used to define and analyze data requirements needed to support the business processes. |
|
|
Term
|
Definition
A measurement that indicates how much interaction one
module requires for carrying out its tasks. |
|
|
Term
|
Definition
| A measurement that indicates how many different types of tasks a module needs to carry out. |
|
|
Term
|
Definition
| A representation of the logical relationship between elements of data. |
|
|
Term
|
Definition
| Identifies blocks of memory that were once allocated but are no longer in use and deallocates the blocks and marks them as free. |
|
|
Term
|
Definition
| The capability to suppress unnecessary details so the important, inherent properties can be examined and reviewed. |
|
|
Term
| Distributed Computing Environment (DCE) |
|
Definition
| a client/server framework that is available to many vendors to use within their products |
|
|
Term
| globally unique identifier (GUID), |
|
Definition
| used to uniquely identify users, resources, and components within an environment. |
|
|
Term
| Common Object Request Broker Architecture (CORBA) |
|
Definition
An open object-oriented standard architecture developed by the Object Management Group (OMG).
It provides interoperability among the vast array of software, platforms, and hardware in environments today. CORBA enables applications to communicate with one another no matter where the applications are located or who developed them. |
|
|
Term
| object request brokers [ORBs] |
|
Definition
ORB manages all communications between components and enables them to interact in a heterogeneous and distributed environment
The ORB acts as a “broker” between a client request for a service from a distributed object and the completion of that request. |
|
|
Term
| Component Object Model (COM) |
|
Definition
| A model developed by Microsoft that allows for interprocess communication between applications potentially written in different programming languages on the same computer system. |
|
|
Term
| Distributed Component Object Model (DCOM) |
|
Definition
| IMAGE 1146. - DCOM has been faded out and replaced with the .NET framework |
|
|
Term
|
Definition
| The framework has a large library that different applications can call upon. The libraries provide functions as in data access, database connectivity, network communication, etc. |
|
|
Term
| Object linking and embedding (OLE) |
|
Definition
provides a way for objects to be shared on a local personal computer and to use COM as their foundation.
OLE enables objects—such as graphics, clipart, and spreadsheets—to be embedded into documents. |
|
|
Term
| Java Platform, Enterprise Edition (J2EE) |
|
Definition
J2EE is an enterprise Java computing platform. This means it is a framework that is used to develop enterprise software written mainly in the Java programming language.
It provides APIs for networking services, fault tolerance, security, and web services for large-scale, multi-tiered network applications |
|
|
Term
| service-oriented architecture (SOA) |
|
Definition
provides standardized access to the most needed services to many different applications at one time
SOA is just a more web-based approach. |
|
|
Term
|
Definition
| the combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality. |
|
|
Term
| Simple Object Access Protocol (SOAP). |
|
Definition
an XML-based protocol that encodes messages in a web service environment.
It actually defines an XML schema of how communication is going to take place.
The SOAP XML schema defines how objects communicate directly |
|
|
Term
| Software as a Service (SaaS) |
|
Definition
| a model that allows applications and data to be centrally hosted and accessed by thin clients, commonly web browsers |
|
|
Term
|
Definition
a method of providing computing as a service rather than as a physical product.
It is Internet-based computing, whereby shared resources and software are provided to computers and other devices on demand. |
|
|
Term
|
Definition
| Code that can be transmitted across a network, to be executed by a system or device on the other end |
|
|
Term
|
Definition
| intermediate code created by Java platform |
|
|
Term
| Java Virtual Machine (JVM) |
|
Definition
| converts the bytecode to the machine code that the processor on that particular system can understand |
|
|
Term
|
Definition
Small components (applets) that provide various functionalities and are delivered to users in the form of Java bytecode.
Java applets can run in a web browser using a Java Virtual Machine (JVM).
Java is platform independent; thus, Java applets can be executed by browsers for many platforms. |
|
|
Term
|
Definition
| a Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM |
|
|
Term
|
Definition
| A virtual environment that allows for very fine-grained control over the actions that code within the machine is permitted to take. This is designed to allow safe execution of untrusted code from remote sources. |
|
|
Term
|
Definition
| A type of code signing, which is the process of digitally signing software components and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was digitally signed. Authenticode is Microsoft’s implementation of code signing. |
|
|
Term
|
Definition
| when the input validation is done at the client before it is even sent back to the server to process |
|
|
Term
|
Definition
| instead of valid input, the attacker puts actual database commands into the input fields, which are then parsed and run by the application |
|
|
Term
|
Definition
| refers to an attack where a vulnerability is found on a web site that allows an attacker to inject malicious code into a web application |
|
|
Term
|
Definition
| where the values that are being received by the application are validated to be within defined limits before the server application processes them within the system. |
|
|
Term
| session cookie vs. persistent cookie |
|
Definition
session cookie - data that are passed and stored in memory
persistent cookie - data that are passed and stored locally as a file |
|
|
Term
| adequate parameter validation |
|
Definition
| Adequate parameter validation may include pre-validation and post-validation controls. |
|
|
Term
|
Definition
| an attacker capturing the traffic from a legitimate session and replaying it to authenticate his session |
|
|
Term
| Server side includes (SSI) |
|
Definition
| An interpreted server-side scripting language used almost exclusively for web-based communication. It is commonly used to include the contents of one or more files into a web page on a web server. Allows web developers to reuse content by inserting the same content into multiple web documents. |
|
|
Term
|
Definition
| A piece of software installed on a system that is designed to intercept all traffic between the local web browser and the web server. |
|
|
Term
database management system
(DBMS) |
|
Definition
| software that provides access, view, and modify data as needed. It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation |
|
|
Term
|
Definition
| a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed |
|
|
Term
|
Definition
• Relational
• Hierarchical
• Network
• Object-oriented
• Object-relational |
|
|
Term
| relational database model |
|
Definition
| uses attributes (columns) and tuples (rows) to contain and organize information. The relational database model is the most widely used model today |
|
|
Term
|
Definition
combines records and fields that are related in a logical tree structure.
In the hierarchical database the parents can have one child, many children, or no children.
IMAGE 1172 |
|
|
Term
|
Definition
built upon the hierarchical data model. Instead of being constrained by having to know how to go from one branch to another and then from one parent to a child to find a data element, the network database model allows each data element to have multiple parent and child records
[image] |
|
|
Term
|
Definition
An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because objects can be created when needed and the data and procedure (called method) go with the object when it is requested.
IMAGE 1173 |
|
|
Term
| object-relational database (ORD) |
|
Definition
| a relational database with a software front end that is written in an object-oriented programming language |
|
|
Term
| Open Database Connectivity (ODBC) |
|
Definition
| An API that allows an application to communicate with a database, either locally or remotely |
|
|
Term
| Object Linking and Embedding Database (OLE DB) |
|
Definition
| Separates data into components that run as middleware on a client or server. |
|
|
Term
| ActiveX Data Objects (ADO) |
|
Definition
| An API that allows applications to access back-end database systems. |
|
|
Term
| Java Database Connectivity (JDBC) |
|
Definition
| An API that allows a Java application to communicate with a database. |
|
|
Term
|
Definition
| a central collection of data element definitions, schema objects, and reference keys. |
|
|
Term
|
Definition
Primary key - is an identifier of a row and is used for indexing in relational databases
Foreign Key - If an attribute in one table has a value matching the primary key in another table and there is a relationship set up between the two of them |
|
|
Term
| Three main types of Database integrity services |
|
Definition
Semantic - makes sure structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints, and operations that could adversely affect the structure of the database.
Referential - if all foreign keys reference existing primary keys. There should be a mechanism in place that ensures no foreign key contains a reference to a primary key of a nonexisting record, or a null value.
Entity - guarantees that the tuples are uniquely identified by primary key values. |
|
|
Term
|
Definition
| mechanism makes sure structural and semantic rules are enforced. |
|
|
Term
|
Definition
If all foreign keys reference existing primary keys.
There should be a mechanism in place that ensures no foreign key contains a reference to a primary key of a nonexisting record, or a null value |
|
|
Term
|
Definition
| guarantees that the tuples are uniquely identified by primary key values |
|
|
Term
|
Definition
| an operation that ends a current transaction and cancels the current changes to the database |
|
|
Term
|
Definition
| completes a transaction and executes all changes just made by the user. |
|
|
Term
|
Definition
| are used to make sure that if a system failure occurs, or if an error is detected, the database can attempt to return to a point before the system crashed or hiccupped. |
|
|
Term
| two-phase commit mechanism |
|
Definition
| A mechanism that is another control used in databases to ensure the integrity of the data held within the database. |
|
|
Term
|
Definition
| when a user does not have the clearance or permission to access specific information, but she does have the permission to access components of this information. She can then figure out the rest and obtain restricted information |
|
|
Term
|
Definition
| when a subject deduces the full story from the pieces he learned of through aggregation. This is seen when data at a lower security level indirectly portrays data at a higher level. |
|
|
Term
|
Definition
| a technique used to hide specific cells that contain information that could be used in inference attacks. |
|
|
Term
|
Definition
| involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together |
|
|
Term
|
Definition
| a technique of inserting bogus information in the hopes of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful. |
|
|
Term
|
Definition
| Databases can permit one group, or a specific user, to see certain information while restricting another group from viewing it altogether |
|
|
Term
|
Definition
enables a table that contains multiple tuples with the same primary keys, each instance is distinguished by a security level. If your security level is to low another set of data is created to fool the lower-level subjects into thinking the information actually means something else
It is often used to prevent inference attacks. |
|
|
Term
| Online transaction processing (OLTP) |
|
Definition
| provides mechanisms that watch for problems and deal with them appropriately when they do occur. For example, if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process. |
|
|
Term
|
Definition
• Atomicity - Divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.
• Consistency - A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.
• Isolation - Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.
• Durability - Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back. |
|
|
Term
|
Definition
| combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis |
|
|
Term
|
Definition
| the process of massaging the data held in the data warehouse into more useful information |
|
|
Term
| three approaches used in data mining to uncover patterns: |
|
Definition
• Classification - Groups together data according to shared similarities.
• Probabilistic - Identifies data interdependencies and applies probabilities to their relationships.
• Statistical - Identifies relationships between data elements and uses rule discovery. |
|
|
Term
|
Definition
| Database structure that is described in a formal language supported by the database management system (DBMS). It is used to describe how data will be organized. |
|
|
Term
|
Definition
programs that can emulate human expertise in specific domains
program containing a knowledge base and a set of algorithms and rules used to infer new facts from data and incoming requests. |
|
|
Term
|
Definition
| A computer program that tries to derive answers from a knowledge base. It is the “brain” that expert systems use to reason about the data in the knowledge base for the ultimate purpose of formulating new conclusions. |
|
|
Term
| artificial neural network (ANN) |
|
Definition
| a mathematical or computational model based on the neural structure of the brain |
|
|
Term
|
Definition
| A common way of developing expert systems, with rules based on if-then logic units, and specifying a set of actions to be performed for a given situation. |
|
|
Term
|
Definition
a small application, or string of code, that infects software
The main function of a virus is to reproduce and deliver its payload, and it requires a host application to do this. |
|
|
Term
|
Definition
| can reproduce on their own without a host application, and are self-contained programs. |
|
|
Term
|
Definition
Once the level of access is achieved, the attacker can upload a bundle of tools, collectively called a rootkit.
The first thing that is usually installed is a back-door program, which allows the attacker to enter the system at any time without having to go through any authentication steps.
The other common tools in a rootkit allow for credential capturing, sniffing, attacking other systems, and covering the attacker’s tracks. |
|
|
Term
|
Definition
| a type of malware that is covertly installed on a target computer to gather sensitive information about a victim. |
|
|
Term
|
Definition
| software that automatically generates (renders) advertisements |
|
|
Term
|
Definition
| a piece of code that carries out functionality for its master, who could be the author of this code. Bots allow for simple tasks to be carried out in an automated manner in a web-based environment |
|
|
Term
| command-and-control (C&C) servers, |
|
Definition
servers that send the bots instructions and manage the botnets
they can maintain thousands or millions of computers at one time |
|
|
Term
|
Definition
an evasion technique. Botnets can use fast flux functionality to hide the phishing and malware delivery sites they are using.
One common method is to rapidly update DNS information to disguise the hosting location of the malicious web sites. |
|
|
Term
|
Definition
| executes a program, or string of code, when a certain set of conditions are met |
|
|
Term
|
Definition
| a program that is disguised as another program |
|
|
Term
| Signature-based detection |
|
Definition
| Once a virus is detected, the antivirus vendor must study it, develop and test a new signature, release the signature |
|
|
Term
|
Definition
| analyzes the overall structure of the malicious code, evaluates the coded instructions and logic functions, and looks at the type of data within the virus or worm. So, it collects a bunch of information about this piece of code and assesses the likelihood of it being malicious in nature. It has a type of “suspiciousness counter,” which is incremented as the program finds more potentially malicious attributes. Once a predefined threshold is met, the code is officially considered dangerous and the antivirus software jumps into action to protect the system. |
|
|
Term
|
Definition
| A virus written in a macro language and that is platform independent. Since many applications allow macro programs to be embedded in documents, the programs may be run automatically when the document is opened. This provides a distinct mechanism by which viruses can be spread. |
|
|
Term
|
Definition
| A virus that hides the modifications it has made. The virus tries to trick antivirus software by intercepting its requests to the operating system and providing false and bogus information. |
|
|
Term
|
Definition
Produces varied but operational copies of itself.
A polymorphic virus may have no parts that remain identical between infections, making it very difficult to detect directly using signatures. |
|
|
Term
|
Definition
| Attempts to hide from antivirus software by modifying its own code so that it does not match predefined signatures. |
|
|
Term
|
Definition
| Attaches code to the file or application, which would fool a virus into “thinking” it was already infected. |
|
|
Term
|
Definition
| Allowing the suspicious code to execute within the operating system and watches its interactions with the operating system, looking for suspicious activities. |
|
|
