BEHAVIOUR BLOCKING

BEHAVIOUR BLOCKING Means strategies to monitor, that programs do notperform illegal operations during execution of programs.BOOT SECTOR VIRUS Means a virus, which replicates on boot sectors offloppy disks and/or on boot and/or partition sectors of hard disks.CMOS MEMORY FAILURE Means a situation where a computer's CMOS memory'scontent is changed by malicious program code. Execution of some maliciousprogram code may cause CMOS memory failures.COMPUTER VIRUS Means program code, which has a capability to replicaterecursively by itself. Computer viruses may include operations, which aretypical for Trojan horses and malicious toolkits, but this does not makeviruses as Trojan horses or malicious toolkits.DROPPER Means a trojan horse or a malicious toolkit, which installs avirus.FALSE ALARM Means a situation, where an antivirus product announces thatit has found a virus, when in reality there is no virus on the announcedobject.FILE VIRUS Means a virus, which replicates on executable files.FIRST GENERATION VIRUS Means the first replication generation of a virus.Often viruses are distributed as a known sample containing a firstgeneration virus and sometimes later replicates of a virus are differentfrom the first generation. A first generation virus can be, but does notneed to be, a dropper.HANGING Means a situation where a computer is halted. Execution of somemalicious code may cause hanging because of poor quality in maliciousprogram code, compatibility problems or on purpose.HEURISTIC SCANNING Means computer virus searching strategies, which aimfor finding unknown viruses by recognising virus specific behaviour inprogram code.IMAGE FILE a bit to bit image of a hard disk or a floppy diskette.integrity checking Means strategies to verify that integrity of desiredsystem areas has not been violated.INTENDED VIRUS Means program code, which has been designed to work like avirus, but for some reason the program code is not able to replicaterecursively. Intended viruses are often encountered in poorly organisedvirus collections.JOKE PROGRAM Means a program, which imitates harmful operation, but doesnot actually accomplish the object of imitation. Joke programs can beclassified as malware because they operate deliberately against system'sspecification.KEYBOARD CONTROLLING DEVICE A device which a computer uses for controllinganother computer's keyboard.known virus scanning Means computer virus detection methods, which aim forfinding and identifying viruses known so far or close variants of theviruses known so far.MACRO VIRUS Means a virus, which uses application macros for replication.malicious toolkit Means a toolkit program, which has been designed to helpsuch malicious intentions, which are aimed against computer systems.Furthermore, malicious toolkits may operate exactly as a user of themassumes and therefore they are different from Trojan horses. Malicioustoolkits include such programs as virus creation toolkits, sniffers andhacking programs.MEMORY RESIDENT SCANNING Means on-line virus scanning strategies, whichoccur before executable code gets it's chance to be executed. In otherwords memory resident scanning prevents infection.TROJAN HORSE Means self-standing program code, which performs or claims toperform something useful, while in the same time intentionally performs,unknowingly to the user, some kind of destructive function (see alsoBontchev 1998). Self-standing means that, in distinction to viruses, theprogram code does not have the capability to replicate. The program codemay be attached to any part of a system's program code. Trojan horses mayinclude operations, which are typical for malicious toolkits but this doesnot make trojan horses as malicious toolkits.VIRUS TEST BED A specially prepared set of virus samples meant to be usedfor computer antivirus product evaluation. Typically a virus test bed isprepared so that there are several specimens per each virus and animportant objective in preparing a test bed is to ensure that each virusspecimen is capable of replicating recursively.VULNERABILITY ANALYSIS An analysis that investigates antivirus product'scapability to prevent or detect different types of attack typical forviruses.