When it comes to internet security many people have little knowledge of the difference between different terms and their meaning (i.e. Virus, Spy ware, Ad ware, Dialer etc.). All these terms can be given one collective term: ‘malware’. Below is what each of these terms actually mean:
Virus
A virus is a piece of software that attempts to replicate itself and spread by attaching itself to files. Its severity ranges from displaying messages, deleting files, changing files or (rarely) corrupting your hard drive. A virus cannot spread without user interaction.
Viruses often attach to executable files (.exe files) so that when the file is opened so is the virus which can do whatever it was designed to do.
Spy ware / Ad ware
Spy ware may come in different forms, but is any program that monitors what a user does such as logging all their keystrokes, what websites they go on and often reporting this back to the person who wrote the program.
Ad ware on the other hand displays a number of pop up ads. It may work similar to spy ware by watching what a user views on the web then displaying pop-ups based on this.
Dialer
A dialer is a program that only affects those on a dial up connection. It is a piece of software that redirects to premium online numbers and causing the users’ phone bill to increase dramatically. They are often downloaded from certain illicit sites.
Anyone, on a broadband connection would no be affected as these do not connect to a telephone line to connect to the internet, but have their own dedicated line.
Keyloggers
These often come under the term spy ware. They monitor every key stroke a user makes and then reports it back to the person who wrote the software. This can then be used to identify websites a user may have visited and find out the users password and username. This often used for online banking sites.
Trojan Horse
A Trojan horse is a program that attempts to pass itself off as a legitimate program. Unlike a virus it cannot replicate itself. In some cases a Trojan may attempt to pass itself off as a virus checker, but actually introduces viruses onto the system.
Bot / Botnet
A bot is a computer that has software running on it that allows a remote computer to control it, often installed by someone hacking the computer or by the user installing it themselves via other software.
Bots are often used to send spam and hack other computers which makes it appear that the attack comes from this computer rather than the remote computer that is controlling it making it more difficult to trace.
If there is a large collection of compromised computers linked together this is reffered to as a botnet.
Rootkit
A rootkit is a program that buries itself deep into the system, and is often extremely hard to remove. It starts up every time your system does and is usually loaded as a base part of the operating system, before the user interface making it more difficult to detect. A rootkit may install other software, new processes and perform other tasks anonymously.
Logic bomb / Time bomb
Often used against a business. These may be a piece of software set to activate at a certain time or when something happens. It may trigger if an employer was to be fired, when this was added onto the computer system the software detects this then activates itself to do whatever it was programmed to do.
Worms
A worm is a program that attempts to replicate over a computer network. This may be through emails or internet etc. It may perform malicious tasks such as crashing a computer, etc.
How would Comodo Personal Firewall (CPF) protect me?
In all of these instances CPF would detect and display an alert indicating any programs attempting to connect to the internet and display an alert. As a user you would then be able to see that an unknown program was attempting to perform the action and could then block it and then follow any necessary removal procedures, etc.
Also, CPF can detect any changes so if a virus decided to attach itself to the file iexplore.exe CPF would detect the change when you launched internet explorer and display an alert. It is the advanced methods CPF uses like this that would alert a user to any infection such as this.
Thanks for reading the article, I hope you found it useful. Please feel free to come and join the forums and comment or join in with other discussions here. The more the merrier. 