User guide
105
6.1.8 Potentially unsafe applications
There are many legitimate programs whose function is to simplify the administration of networked computers.
However, in the wrong hands, they may be misused for malicious purposes. ESET Smart Security provides the option
to detect such threats.
Potentially unsafe applications is the classification used for commercial, legitimate software. This classification
includes programs such as remote access tools, password-cracking applications, and keyloggers (a program that
records each keystroke a user types).
If you find that there is a potentially unsafe application present and running on your computer (and you did not install
it), please consult your network administrator or remove the application.
6.1.9 Potentially unwanted applications
Potentially unwanted applications (PUAs) are not necessarily intended to be malicious, but may affect the
performance of your computer in a negative way. Such applications usually require consent before installation. If they
are present on your computer, your system behaves differently (compared to the state before their installation). The
most significant changes are:
New windows you haven’t seen previously (pop-ups, ads),
Activating and running of hidden processes,
Increased usage of system resources,
Changes in search results,
Application communicates with remote servers.
6.2 Types of remote attacks
There are many special techniques which allow attackers to compromise remote systems. These are divided into several
categories.
6.2.1 DoS attacks
DoS, or Denial of Service, is an attempt to make a computer or network unavailable for its intended users. The
communication between afflicted users is obstructed and can no longer continue in a functional way. Computers
exposed to DoS attacks usually need to be restarted in order to work properly.
In most cases, the targets are web servers and the aim is to make them unavailable to users for a certain period of time.
6.2.2 DNS Poisoning
Using DNS (Domain Name Server) poisoning, hackers can trick the DNS server of any computer into believing that the
fake data they supplied is legitimate and authentic. The fake information is cached for a certain period of time, allowing
attackers to rewrite DNS replies of IP addresses. As a result, users trying to access Internet websites will download
computer viruses or worms instead of their original content.
6.2.3 Worm attacks
A computer worm is a program containing malicious code that attacks host computers and spreads via a network.
Network worms exploit security vulnerabilities in various applications. Due to the availability of the Internet, they can
spread all over the world within a few hours of their release.
Most worm attacks (Sasser, SqlSlammer) can be avoided by using default security settings in the firewall, or by blocking
unprotected and unused ports. Also, it is essential that your operating system is updated with the most recent security
patches.