The Stuxnet worm (which may have existed since 2005), Duqu and Flame malware are examples of this type of sophisticated cyber weapons that have been created to put companies and government facilities to its knees. But are we familiar with these concepts and all the jargon associated to software security?
As a software development and consulting company, we know that software needs to be created with security as one of the foundations, and understanding the concepts around it is paramount to reduce the exposure to security breaches.
As the first post of a series regarding the concepts around software security, I have compiled a list of common terms you will typically find in literature related to software security:
Worm: A worm is a malicious program that can infect both local and remote machines. Worms spread automatically by infecting system after system in a network, and even spreading further to other networks. Therefore, worms have a greater potential for causing damage because they do not rely on the user's action for execution.
Trojan: Taking a cue from the Greek mythology, a computer Trojan is defined as a "malicious, security-breaking program that is disguised as something benign". A computer Trojan horse is used to enter a victim's computer undetected, granting the attacker unrestricted access to the data stored on that computer and causing immense damage to the victim.
Virus: is a self-replicating program that produces its own code by attaching copies of itself into other executable code. This virus operates without the knowledge or desire of the user. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD.
Spyware: is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
Malware: (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.
Botnet: (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets -- not spam, viruses, or worms -- currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.
Bot: A bot (short for "robot", also known as a zombie) is a program that operates as an agent for a user or another program or simulates a human activity. On the Internet, the most ubiquitous bots are the programs, also called spiders or crawlers, that access Web sites and gather their content for search engine indexes.
Threat: An action or event that might compromise security. A threat is a potential violation of security.
Vulnerability: Existence of a weakness, design, or implementation error that can lead to an unexpected and desirable event compromising the security of the system.
Attack: An assault on the system security that is derived from an intelligent threat. An attack is any action that violates security.
Exploit: A defined way to breach the security of an IT system through vulnerability.
Hacker: Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems."
Firewall: A set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources, and for controlling what outside resources its own users have access to.