User Manual

ManualsBrandsESET ManualsComputing & Network ProductsCyber Security Antivirus Renewal for Mac, 3 Years, 3 Users

12. Glossary

12.1 Types of infiltration

An Infiltration is a piece of malicious software that attemtps to

enter and/or damage a user’s computer.

12.1.1 Viruses

A computer virus is an infiltration that corrupts existing files

on your computer. Viruses are named after biological viruses,

because they use similar techniques to spread from one

computer to another.

Computer viruses typically attack executable files, scripts and

documents. To replicate, a virus attaches its “body“ to the end

of a target file. In short, this is how a computer virus works:

after execution of the infected file, the virus activates itself

(before the original application) and performs its predefined

task. Only after that is the original application allowed to run.

A virus cannot infect a computer unless a user, either

accidentally or deliberately, runs or opens the malicious

program.

Computer viruses can range in purpose and severity. Some of

them are extremely dangerous because of their ability to

purposely delete files from a hard drive. Conversely, some

viruses do not cause any damage, they only serve to annoy the

user and demonstrate the technical skills of their authors.

It is important to note that viruses (when compared to trojans

or spyware) are increasingly rare because they are not

commercially enticing for malicious software authors.

Additionally, the term “virus” is often used incorrectly to cover

all types of infiltrations. This usage is gradually being

overcome and replaced by the new, more accurate term

“malware” (malicious software).

If your computer is infected with a virus, it is necessary to

restore infected files to their original state, usually by cleaning

them using an antivirus program.

12.1.2 Worms

A computer worm is a program containing malicious code that

attacks host computers and spreads via a network. The basic

difference between a virus and a worm is that worms have the

ability to replicate and travel by themselves; they are not

dependent on host files (or boot sectors). Worms spread

through email addresses in your contact list or exploit security

vulnerabilities in network applications.

Worms are therefore much more viable than computer

viruses. Due to the wide availability of the Internet, they can

spread across the globe within hours of their release, in some

cases, even in minutes. This ability to replicate independently

and rapidly makes them more dangerous than other types of

malware.

A worm activated in a system can cause a number of

inconveniences: It can delete files, degrade system

performance, or even deactivate programs. The nature of a

computer worm qualifies it as a “means of transport“ for other

types of infiltrations.

If your computer is infected with a worm, we recommend that

you delete the infected files because they likely contain

malicious code.

12.1.3 Trojan horses

Historically, computer trojan horses have been defined as a

class of infiltrations that attempt to present themselves as

useful programs, tricking users into letting them run. Today,

there is no longer a need for trojan horses to disguise

themselves. Their sole purpose is to infiltrate as easily as

possible and accomplish their malicious goals. “Trojan horse”

has become a very general term describing any infiltration not

falling under any specific class of infiltration.

Since this is a very broad category, it is often divided into

many subcategories:

Downloader – A malicious program with the ability to

download other infiltrations from the Internet

Dropper – A type of trojan horse designed to drop other

types of malware onto compromised computers

Backdoor – An application which communicates with

remote attackers, allowing them to gain access to a system

and to take control of it

Keylogger – (keystroke logger) – A program which records

each keystroke that a user types and sends the information

to remote attackers

Dialer – Dialers are programs designed to connect to

premium-rate numbers. It is almost impossible for a user to

notice that a new connection has been created. Dialers can

only cause damage to users with dial-up modems, which are

no longer regularly used.

Trojan horses usually take the form of executable files. If a

file on your computer is detected as a trojan horse, we

recommend deleting it, since it most likely contains

malicious code.

12.1.4 Rootkits

Rootkits are malicious programs that grant Internet attackers

unlimited access to a system while concealing their presence.

After accessing a system (usually exploiting a system

vulnerability), rootkits use functions built into the operating

system to avoid detection by antivirus software: they conceal

processes and files. For this reason it is almost impossible to

detect them using ordinary testing techniques.

12.1.5 Adware

Adware is a shortened term for advertising-supported

software. Programs displaying advertising material fall under

this category. Adware applications often automatically open a

new pop-up window containing advertisements in an Internet

browser, or change the browser’s home page. Adware is

frequently bundled with freeware programs, allowing creators

of freeware programs to cover development costs of their

(usually useful) applications.