Computer Security : Glossary

Glossary of security terms

adware

A program that typically displays advertising through pop-up or pop-under windows as you surf the Web. Adware is often hidden alongside other programs, and you may unknowingly install it when you download a program from the Internet or install software from disks. You usually need a specialized anti-adware or anti-spyware program to remove adware from your computer.

anonymity

Inability to identify a person from known information.

anti-spam

A program that filters spam in an email inbox and moves it to a bulk or spam folder, where it can be deleted.

anti-spyware

A program that finds and removes spyware. Some anti-spyware programs can also find and remove other malware, like keyloggers, Trojan horses, worms, and more.

anti-virus

A program that is designed to identify, prevent, and eliminate viruses and other malicious software.

attacker

A person who intentionally attempts to defeat a system.

bulk folder

A folder in some email programs that is used to hold email identified as spam.

case-sensitive

Distinguishing between uppercase (or capital) letters and lowercase (or small) letters. Yahoo! passwords are case-sensitive, which means that a capital A is different from a lowercase a. So when you enter your password, make sure to type it with the correct capitalization.

cookie

A small amount of data, often including an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard disk. Web sites use cookies to "remember" details about you, such as your user name or site preferences, in order to personalize your experience on that web site. Your browser transmits information back to the site each time you view that site until the cookie expires.

download

The transfer of a copy of program or file from a network to a single computer.

email header

Part of an email message that describes the path that the email took to go from the sender to the recipient. Email headers are generally hidden, but can be displayed if necessary. If you report spam or phishing emails to Yahoo!, you'll be asked to include the email headers to help identify the source of the email.

encryption

The process of converting data or other information into code so that unauthorized people cannot access it.

firewall

Hardware or a program that prevents unauthorized users from accessing a computer network or that monitors the transfer of information to and from a network. A personal firewall is a program that filters traffic to or from a single computer. Many operating systems (such as Microsoft Windows XP and Mac OS X) include firewall protection.

A computer firewall gets its name from the fireproof wall in buildings that acts as a barrier to prevent the spread of fire.

freeware

Software (or programs) available for free, usually over the Internet. These programs can be sources of hidden spyware and adware.

hacker

A person who uses programming skills to gain illegal access to a computer, network, or file.

header

Another name for an email header.

hijacker

A malicious program that takes control of a browser and may redirect it to a fraudulent site for the purpose of committing identity theft or fraud.

hoax

Something meant to deceive or trick. Hoaxes involving threats to computers usually arrive in an email and contain bogus warnings designed to frighten or mislead you. Unsuspecting recipients may forward the email to friends and colleagues, spreading the hoax.

keylogger

Software (or a program) that secretly tracks and records all activities on a computer, including keystrokes, web sites visited, and potentially more. The information captured is transmitted back to a third party, who can then use the information to access online accounts and sensitive personal and financial information.

mail header

Another name for an email header.

malware

Software designed to infiltrate or damage a computer without the owner's knowledge. Malware is a general category of software that includes viruses, worms, Trojan horses, spyware, adware, and other malicious software.

phishing

An attempt to steal passwords and private account information through fake web sites and emails that look like those of trusted companies. A phishing web site or email can look identical to the real thing, so it can be hard to tell that it's fake. Phishing schemes can also use instant messages, typically when an account is compromised. In this case, the fraudster sends phishing messages to the contacts in the account's Messenger or friend list.

pop-under

A form of online advertising designed to attract viewers to a web site or to capture email addresses. This type of ad "pops under" the current web page in a new window and isn't seen until the browser window is closed, making it more difficult to determine which web site opened it.

pop-up

A form of online advertising designed to attract viewers to a web site or to capture email addresses. This type of ad "pops up" in a new window, covering all or part of the current web page.

pop-up blocker

A program designed to prevent pop-ups and pop-unders.

pretexting

Using false pretenses (such as a false identify or name) to get personal information, which may be used to fraudulently obtain credit or assets.

shareware

Copyrighted software (or programs) available for free on a trial basis. Usually you'll be asked to pay a fee if you want to continue using the software after the trial period. These programs are sometimes sources of hidden spyware and adware.

sign-in seal

A feature of Yahoo! that helps to protect you against phishing scams. You create your personalized sign-in seal and then look for it every time you sign in to Yahoo!. If your sign-in seal isn't displayed, or isn't the one you created, you might be on a fraudulent web site, designed to look like a legitimate Yahoo! site.

social engineering

A common ploy used to gain access to accounts by manipulating unsuspecting victims into revealing confidential information. Perpetrators may befriend potential victims and use information provided by them to guess a password or other secret data, which they use to access the victim's online accounts.

spam

Any message, regardless of its content, that is sent to multiple recipients who haven't specifically requested it. Spam can be an email message or an instant message. Posting the same message multiple times to newsgroups or list servers is also considered spamming — especially if it isn't related to the topic. Spam is also called UCE (unsolicited commercial email) and UBE (unsolicited bulk email).

Spam folder

A folder in Yahoo! Mail used to hold email identified as spam.

spearfishing or spearphishing

A kind of phishing scheme that targets a specific organization or individual in an attempt to gain access to confidential data. Like phishing messages, spearphishing messages appear to come from a trusted source, and may even appear to be from an employee within the recipient's company. Typically, a spearphishing email asks for user names and passwords or instructs the recipient to click on a link. That link could result in the downloading of spyware or other malicious programs. If a single employee falls for the spearphishing scam, the attacker can pretend to be that individual and gain access to sensitive data.

spoofing

Imitating a legitimate web site. Phishing scams use spoofing to create site that looks like a legitimate web site to fool potential victims into signing on with their user ID and password. The spoofing site captures this information and uses it to gather personal and financial information.

spyware

A program or technology that aids in gathering information about a person or organization, often without their knowledge. It includes programs like hijackers and keyloggers. Spyware is often hidden alongside other programs, and you may unknowingly install spyware when you download a program from the Internet or install software from disks. You usually need a specialized anti-spyware program to remove spyware from your computer.

SSL

Abbreviation for Secure Sockets Layer. A set of rules that defines the format and sequence of messages sent over the Internet to provide a level of security when transmitting private information. When you sign in to Yahoo!, your password is always transmitted over a SSL encrypted connection.

Trojan

A shortened name for Trojan horse.

Trojan horse

A program that disguises itself as another program. Similar to a virus, a Trojan horse is hidden and usually causes an unwanted effect, such as installing a "back door" in your computer that can be used by hackers. Unlike a virus, a Trojan horse typically doesn't create copies of itself.

UBE

Abbreviation for unsolicited bulk email. More commonly known as spam.

UCE

Abbreviation for unsolicited commercial email. More commonly known as spam.

virus

A program that hides in other programs or documents and spreads as a side-effect of something you do, like opening an attachment to an email. Viruses come in many forms, and you don't need to install a program for your computer to be infected. For example, some viruses are spread when you open a word-processing document, particularly if you enabled macros in your word processor. An email virus may create copies of itself and automatically mail itself to everyone in your address book or attach itself to outgoing files.

worm

A malicious program that spreads without your taking any action, typically by exploiting vulnerabilities in popular programs like Microsoft Outlook and Microsoft Outlook Express email software. Once activated, a worm generally uses the Internet or your local network to spread to other computers.

zombie

A computer that has been attacked by a hacker, virus, or Trojan horse and is then used to perform malicious acts, such as sending spam, under remote direction. The zombie computer gets its name from the zombie — an undead or apathetic person — because the computer and its owner are unaware that the computer is controlled remotely.