Computer security software: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 05:56, 15 June 2021 edit Beland (talk \| contribs) Autopatrolled, Administrators 259,155 edits →Futuristic security concepts: drop weird speculative section ← Previous edit		Latest revision as of 02:52, 17 July 2025 edit undo Citation bot (talk \| contribs) Bots 5,867,234 edits Removed URL that duplicated identifier. Removed access-date with no URL. Removed parameters. \| Use this bot. Report bugs. \| #UCB_CommandLine
(34 intermediate revisions by 20 users not shown)
Line 1: {{short description\|Computer program for information security}} ~~{{Computer security}}~~ '''Computer security software''' or '''cybersecurity software''' is any [[computer program]] designed to influence [[information security]]. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense. Line 8 ⟶ 7: The subversion of [[computer]]s or their unauthorized use is referred to using the terms ''[[cyberwarfare]]'', ''[[cybercrime]]'', or ''[[Security hacker\|security hacking]]'' (later shortened to ''hacking'' for further references in this article due to issues with ''[[hacker]]'', ''[[hacker culture]]'' and differences in [[White hat (computer security)\|white]]/[[Grey hat\|grey]]/[[Black hat (computer security)\|black]] 'hat' color identification). The computer security software products industry was launched in the second half of the 1970s when computer firms and new IT startups chose alternative paths to offer commercial access control systems to organizational mainframe computer users. These developments were led by [[IBM]]'s [[Resource Access Control Facility]] and SKK's Access Control Facility 2.<ref>{{Cite journal \|title=The Origin and Early History of the Computer Security Software Products Industry \|journal=IEEE Annals of the History of Computing\|date=2015 \|doi=10.1109/MAHC.2015.21 \|last1=Yost \|first1=Jeffrey R. \|volume=37 \|issue=2 \|pages=46–58 }}</ref> ~~==Common Programs or Utility [[Application software\|Apps]]==~~ Programs that are generalized enough they are commonly applied whether a user identifies themselves as white, grey, or black. Often referred to as utility applications, utility apps in this context are programs that enhance a user's experience in traditional display devices, [[augmented reality]] (AR), or [[virtual reality]] (VR); with a few options for support programs. Often referred to outside the context of hacking specifically, yet the potential for hacking uses depends on the way that they modify the experience, as they may provide the equivalent of enhancements directed towards hacking and subversion goals. ==Types== ~~===[[Booting#Modern boot loaders\|Bootloader]]===~~ Below, various software implementations of Cybersecurity patterns and groups outlining ways a host system attempts to secure itself and its assets from malicious interactions, this includes tools to deter both [[Passive attack\|passive]] and active [[threat (computer)\|security threats]]. Although both security and usability are desired, today it is widely considered in computer security software that with higher security comes decreased usability, and with higher usability comes decreased security.<ref>{{Cite book\|last=Barragán\|first=Claudio Casado\|title=Information Technology - New Generations\|publisher=Springer International Publishing\|year=2017\|isbn=9783319549774\|pages=395–398}}</ref> An [[Information technology\|IT]] tool used working with the boot code of a device. When most computers are turned on, they don't possess an operating system, or applications, and need to load a series of progressively greater complexity programs to enable their operation. When healthy, a bootloader simply loads the correct programs, and the computer functions normally. However, compromised bootloaders allow commands (often hidden in the hacking context) to be input into the device after the next reboot. Popular options include announcing the ___location of the device when it connects to a network, adjusting the processing of the device so that the default device attributes are the choice of the hacker, annoying the owner of the device, and making a record of every action on the device. These programs allow for a variety of tasks to be set up in the boot record rather than just destroying the functionality of the device. ===Prevent access=== ~~===[[Web browser\|Browser]] and [[Web search engine\|Search Engines]]===~~ The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable. Browser and search engine combos reduce the time for relevant information searches on most web hosts by exploring the data structure of the host, building some form of hierarchical information representation, and then allowing for rapid retrieval of information from specific leaf nodes. From a 2020 computing perspective, this exploration is usually performed much prior to the interaction with an endpoint user, and often involves significant corporate expenditures for [[Google data centers\|data centers]]<ref>{{cite web \|title=How Many Servers Does Google Have? \|url=https://www.datacenterknowledge.com/archives/2017/03/16/google-data-center-faq \|website=Data Center Knowledge \|access-date=20 September 2018}}</ref> with extended costs<ref>{{cite news \|last1=Sattiraju \|first1=Nikitha \|title=The Secret Cost of Google's Data Centers: Billions of Gallons of Water to Cool Servers \|url=https://time.com/5814276/google-data-centers-water/ \|access-date=22 October 2020 \|agency=Bloomberg \|publisher=Time Magazine \|date=2 April 2020}}</ref> devoted to building and maintaining the hierarchical representation of the semantic web. A physical comparison to the challenge these systems face could be made to a blind and deaf person starting from a random position on Earth and attempting to find a specific piece of paper without knowing the searcher's ___location or the target's ___location and then solving for a [[Shortest path problem\|minimal distance]] path to the desired object while providing relevant navigation information along the route. * [[Cryptography]] and [[Encryption software]] * [[Steganography]] and [[Steganography tools]] A critical tool used in developing software that prevents malicious access is ''Threat Modeling''.<ref>{{Cite journal\|last1=Bodeau\|first1=Deborah J.\|last2=McCollum\|first2=Catherine D.\|last3=Fox\|first3=David B.\|date=2018-04-07\|title=Cyber Threat Modeling: Survey, Assessment, and Representative Framework\|url=https://apps.dtic.mil/sti/citations/AD1108051\|archive-url=https://web.archive.org/web/20210929040958/https://apps.dtic.mil/sti/citations/AD1108051\|url-status=live\|archive-date=September 29, 2021\|language=en}}</ref> Threat modeling is the process of creating and applying mock situations where an attacker could be trying to maliciously access data in [[cyberspace]]. By doing this, various profiles of potential attackers are created, including their intentions, and a catalog of potential vulnerabilities are created for the respective organization to fix before a real threat arises.<ref>{{Cite web\|title=Threat Modeling: 12 Available Methods\|url=https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/\|access-date=2021-10-04\|website=SEI Blog\|date=2 December 2018 \|language=en}}</ref> Threat modeling covers a wide aspect of cyberspace, including devices, applications, systems, networks, or enterprises. Cyber threat modeling can inform organizations with their efforts pertaining to cybersecurity in the following ways:<ref>{{Cite book\|last=Jones\|first=Andy\|title=Risk management for computer security : Protecting your network and information assets\|date=2005\|publisher=Elsevier Butterworth-Heinemann\|others=Debi Ashenden\|isbn=978-0-08-049155-4\|___location=Amsterdam, Netherlands\|oclc=159937634}}</ref> ~~===[[Configurator]] ([[Hot swapping\|Hot Swap]])===~~ Sold to general users with the purpose of configuring their systems and guiding them through the setup process, these systems have applications towards hacking from the perspective of hot swapping and configuration templates. When run, a configuration for the user's operating system or hardware is chosen other than its current state from among a selection of alternate configurations stored in the Configurator. Rather than switching only a few programs or settings, a user may switch to the full configuration stored in the program, even if it means the Configurator stops running at that point. Usually, the configuration stored in this program doesn't change when used, with the intent that a user can switch back and forth between multiple configuration as necessary. In a hacking context, this process is then useful for hot swapping a system configuration in response to challenges encountered while attempting to interact with a target system. From a traditional computing perspective, this could be compared to booting into a completely different operating system while still using the same hardware. * Risk Management ~~===Diagnostics===~~ * Profiling of current cybersecurity applications An ongoing self-evaluation system that monitors all the devices in a user's [[personal area network]] (PAN), giving constant vital statistics on their behavior. Popular with computer-literate and interested users who enjoy trying to squeeze every last bit of usefulness out of devices, they are also popular in keeping people aware of attacks against, and infections within, the computational devices that represent their PAN. * Considerations for future security implementations ===~~[[Text~~Regulate ~~editor\|Editor]]~~access=== These programs make editing easier with a smart interface that learn a user's style and can even give suggestions based on their prior activity. Traditionally attached to the idea of software or text editing, these programs approach the physical with the advent of fully programmable hardware architectures like [[General-purpose computing on graphics processing units\|general purpose graphical processing units]] and [[Field-programmable gate array\|field programmable gate arrays]]. ~~===[[Electronic game\|Games]]===~~ Typically casual games that are displayed in some form of computer environment, allowing a user to enjoy them as a pastime while also still somewhat paying attention to reality. The number on the market is huge, with some older games being modified to run on modern hardware. Significant potential exists for games used in hacking that specifically "gamify" the hacking experience or translate the hacking experience into game terms, providing objectives, metrics of performance, and translations of the experience. An extremely simplistic variation on this concept is [[Wikiracing]], a game where users attempt to traverse the links of Wikipedia as rapidly as possible, yet at the same time gain significant knowledge about the topology of Wikipedia and concepts like [[Six Degrees of Separation]]. Notably, this idea can also extend to the environment surrounding hacking, such as cultures like [[DEF CON]] and [[Pwn2Own]] that have gamified the activity of hacking itself in an annual or multiannual competition related to hacking specific targets for fun and prizes. ~~===Iconography Alignment===~~ Similar to a browser or search engine, these programs differ in that they support search actions when looking for specific data on a specific host that contains that data. When loaded, these programs tailor the search algorithms to match the specific iconography of the host, increasing the probability of finding relevant results with the targeted search data. Physical world comparison can be made to the difference between attempting to find a specific town on a map versus attempting to find a USB key lost in a landfill. From a biological systems perspective, this can also be compared to the concept of [[structural alignment]] which attempts to establish [[homology (chemistry)\|homology]] between two or more polymer structures based on their shape and three-dimensional [[conformational isomerism\|conformation]] to aid in comparison and classification. ~~===[[Crypto-shredding\|Shredder]]===~~ Shredders are designed to assist in erasing files and all their redundant back-up options that might be around inside a computer system. A shredder functions by entering a large amount of random junk data into designated files, overwriting them repeatedly to help deter attempts at recovering them. From the perspective of 2020 software patterns this erasure process usually either utilizes the [[Gutmann method]]<ref>{{cite web\|url=https://www.pcmag.com/article2/0,2817,1841764,00.asp\|title=CBL Data Shredder\|author=Rubenking\|first=Neil J.\|date=July 29, 2005\|website=[[PC Magazine]]\|archive-url=https://web.archive.org/web/20180623113017/https://www.pcmag.com/article2/0,2817,1841764,00.asp\|archive-date=June 23, 2018\|url-status=live\|access-date=23 June 2018}}</ref> of destroying data (often built from the [[CBL Data Shredder]]) or the [[ATA Secure Erase]] standard. Recovering a file that has been Shredded (or destroyed by a [[Logic Bomb]], for that matter) requires access to the host the file was on originally, often with need for prior knowledge of the files contents, which explains why offline back-ups are quite popular. ~~===Memory Management Utilities===~~ Programs that support removing unnecessary memory allocation, detecting illicit system memory use, testing memory functionality within a system, or optimizing the system cache-management. Can become necessary in cases where the hacker's system may have a borderline amount of memory for the task being attempted or when processing large volumes of data rapidly and the speed of the operations is being inhibited by inefficient memory use. From a common [[Microsoft Windows\|Windows]] user's perspective, opening [[Task Manager (Windows)\|task manager]] and culling unnecessary operations represents a very basic form of this type of interaction, with some of the most valuable traits being the ability to view memory use, set process priorities, start and stop services, and forcibly terminate processes. ~~===[[Social network\|Social networking]]===~~ Apps that monitor and support all other social networks that a person might use, incorporating them into a web of information. Possibly generating a relevance or impact score that is a piece of status in virtual social groups. Can have hacking relevance, as the worth of many network systems is based on the geometric complexity of the contributing nodes using relationships like [[Metcalfe's law]]. The social network itself my either be performing the hack or contributing to the hack, and in some cases may be the target or the recipient of the desired result of the hack. An example of this type of interaction from the 2020 perspective is the behavior of the [[Anonymous (group)\|Anonymous]] [[hacktivist]] [[collective]] known for its [[cyber attacks]] against [[governments]], [[government agencies]], [[corporation]]s, and the [[Church of Scientology]]. ~~===[[Software agent]]===~~ Agents are autonomous computer programs built with varying levels of artificial intelligence that have some capability in general categories of computer use, hacking, and cyberwarfare. Agents perform actions within or across computer systems toward the goals of their users and are often given their own names, personalities, functions, and styles. An example of such a system used for non-hacking purposes is the [[User:WP 1.0 bot\|Wikipedia 1.0 bot]] (notably a "user" from the perspective of Wikipedia) that performs data collection and processing on the categories of Wikipedia, while an example used expressly for cyberwarfare purposes is the [[Stuxnet]] worm developed jointly by the [[United States]] and [[Israel]] specifically to target the [[programmable logic controller]]s (PLCs) operating machinery and processes for [[gas centrifuge]] separation of nuclear material. * see also [[Internet_bot\|Bot]] * see also [[Botnet]] ~~===Theme music===~~ An algorithm that constantly monitors the owner of the PAN in all their interactions with devices. Taking this data, it attempts to determine the emotional state of the person and generates a playlist of songs to better support said user, either enhancing the feelings or dampening them. Essentially the similar to a musical mood ring. Has significant potential for hacking if the themes are then synced to either the owner or the network being interacted with. A basic example being that if security within a targeted system appears to have been notified (such as through increased lag or line noise) then battle music begins to transition into the theme. ~~===Ticker===~~ A series of operating system apps that provide an information feed from a specified source, the vast majority being legitimate, such as stock markets and news organizations. Some services also use these apps to give details on other users, admins, sysops, systems, police or military responses, and current payment rates for a variety of services and bribes. In the current world of 2020, there are a great many topics that generate enough traffic to merit an information feed. For example, a hacker could subscribe to a feed with up-to-the-minute news about [[Market moving information\|market movement]] if the hacker's goal was a system related to [[Market manipulation\|stock market manipulation]]. ~~===[[Virtual Machine]]===~~ This program creates a [[virtual memory]] space on a user's disk. Virtual machines have traditionally been used to emulate specific hardware or architectures where the programs and environment are specifically tailored to a particular manufacture's walled garden, such as in the case of the [[Apple Inc.\|Apple]] ecosystem and programs like [[Xcode]]. However, with the advent of [[cloud computing]], virtual machines have moved into a realm where they are used to emulate multiple different architectures simultaneously on a single machine, often for the business needs of multiple endpoint users, while simultaneously providing the protection of a [[Sandbox (computer security)\|sandbox]] environment. ~~==Types of Software to Secure Computers or Data==~~ ~~Below follow a series of software patterns and groups from the perspective of a host system interacting with users and attempting to secure itself or its assets against their interactions.~~ ~~===Prevent Access===~~ The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. A physical comparison is often made to a fortress, armor, or jamming. A shell that even if abandoned would still present a significant challenge for computer access. This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable. * [[Cryptography]] and [[Encryption software]] * [[Steganography]] and [[Steganography tools]] ~~===Isolate / Regulate Access===~~ The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas. * [[Access control]] Line 69 ⟶ 29: * [[Sandbox (computer security)\|Sandbox]] ===Monitor ~~Access~~access=== The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior~~. A physical comparison to eyes, goggles, scanning, or spying is often made. Observing user's behavior, often with the secondary goal of remaining hidden themselves~~. * [[Diagnostic program]] * [[Intrusion detection system]] (IDS) Line 78 ⟶ 39: * [[Security information management]] * [[Security event manager\|Security event management]] * [[Security information and event management]] (SIEM) * [[SIEM]] ====Surveillance monitor==== These programs use algorithms either stolen from, or provided by, the police and military internet observation organizations to provide the equivalent of a police [[Radio scanner]]. Most of these systems are born out of [[mass surveillance]] concepts for internet traffic, cell phone communication, and physical systems like [[CCTV]]. In a global perspective they are related to the fields of [[SIGINT]] and [[ELINT]] and approach [[Geospatial intelligence\|GEOINT]] in the global information monitoring perspective. ~~Sources~~Several ~~for~~instant messaging programs such ~~information~~as [[ICQ]] (founded by "former" members of [[Unit 8200]]), or [[WeChat]] and ~~the~~[[QQ]] ~~organizations~~(rumored ~~that~~[[3PLA]]/[[4PLA]] ~~provide~~connections<ref>{{cite ~~them~~news \|last1=O'Neill \|first1=Patrick Howell \|title=Under tough surveillance, China's cybercriminals find creative ways to chat \|url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ ~~the~~\|access-date=22 ~~year~~October 2020, ~~within~~\|agency=cyberscoop ~~their~~\|publisher=SNG ~~particular~~\|date=3 ~~jurisdictions~~May 2017}}</ref><ref>{{cite news \|last1=Dasgupta \|first1=Binayak \|title=Mass surveillance risk real with Chinese apps: Experts \|url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html \|access-date=22 October 2020 \|publisher=Hindustan Times, ~~include~~New ~~(although~~Delhi \|date=1 July 2020}}</ref>) may ~~not~~represent beextensions ~~exclusive~~of ~~to):~~these observation apparati. * [[National Security Agency\|NSA]] with [[Boundless Informant\|BOUNDLESSINFORMANT]]/[[Bullrun (decryption program)\|BULLRUN]]/[[MAINWAY]]/[[MYSTIC (surveillance program)\|MYSTIC]]/[[PRISM (surveillance program)\|PRISM]] ([[United States]]) * [[Special Communications Service of Russia\|Spetssvyaz]]/[[Federal Protective Service (Russia)\|FSO]]/[[Federal Security Service\|FSB]] with [[SORM]] ([[Russia]]n NSA equivalents from [[FAPSI]]) * [[People's Liberation Army#Third Department\|3PLA]](SIGINT)/[[Fourth Department of the General Staff Headquarters Department\|4PLA]] (ELINT)/[[Ministry of Public Security (China)\|MPS]]/[[Ministry of State Security (China)\|MSS]] ([[China]]) * [[Unit 8200]]/[[Military Intelligence Directorate (Israel)\|Aman]] ([[Israel]]) * [[Ministry of Intelligence (Iran)\|VAJA]] ([[Iran]]) * [[Signals intelligence by alliances, nations and industries#Confirmation of ECHELON\|FROSTING]] with [[Signals intelligence by alliances, nations and industries#Confirmation of ECHELON\|TRANSIENT]] and [[ECHELON]] ([[Five Eyes\|Five Eyes (FVEY)]]) * [[European Union Satellite Centre\|SatCen]]/[[European Union Intelligence and Situation Centre\|INTCEN]]/[[European External Action Service\|EEAS]] with [[Schengen Information System\|SIS]] and SIRENE<ref name="SIRENE cooperation">{{cite web \|title=SIRENE cooperation \|url=https://ec.europa.eu/home-affairs/what-we-do/policies/borders-and-visas/schengen-information-system/sirene-cooperation_en \|website=European Commission, official website \|publisher=European Commission \|access-date=22 October 2020}}</ref> ([[European Union]]) * [[GCHQ]] with [[Mastering the Internet\|MTI]] ([[United Kingdom]]) * [[Australian Signals Directorate\|ASD]] ([[Australia]]) * [[BfV]] ([[Germany]]) * [[DGSE]] ([[France]]) * [[Dutch Military Intelligence and Security Service\|MIVD]] ([[Netherlands]]) * [[Communications Security Establishment\|CSE]] ([[Canada]]) * [[Telecom Enforcement Resource and Monitoring\|TERM]]/[[National Investigation Agency\|NIA]] using [[Central Monitoring System\|CMS]] ([[India]]) * [[Inter-Services_Intelligence\|ISI]]/[[Federal_Investigation_Agency\|FIA]]/[[Inter-Services_Intelligence#Departments\|JSIB]]<ref>{{cite web\|url=https://fas.org/irp/world/pakistan/isi/ \|title=Directorate for Inter-Services Intelligence \|publisher=[[Federation of American Scientists]] \|author=Pike, John \|date=25 July 2002 \|access-date=13 December 2008 \|archive-url=https://web.archive.org/web/20080515131913/http://www.fas.org/irp/world/pakistan/isi/ \|archive-date=15 May 2008 \|url-status=dead \|df=dmy }}</ref> with [[National_Database_%26_Registration_Authority\|NADRA]]<ref>{{cite web \|title=Tipping the scales: Security & surveillance in Pakistan \|url=https://privacyinternational.org/sites/default/files/2018-08/PAKISTAN%20REPORT%20HIGH%20RES%2020150721_0.pdf \|website=Privacy International \|publisher=Privacy International \|access-date=31 May 2021}}</ref> ([[Pakistan]]) * [[Swiss intelligence agencies\|FIS]]/[[Swiss intelligence agencies#Postal Service and Telecommunications Surveillance\|PSTS]] with [[Onyx (interception system)\|Onyx]] ([[Switzerland]]) * [[National Defence Radio Establishment\|FRA]] with [[Titan traffic database\|TTD]] ([[Sweden]]) Note that several instant messaging programs such as [[ICQ]] (founded by "former" members of Unit 8200), or [[WeChat]] and [[QQ]] (rumored 3PLA/4PLA connections<ref>{{cite news \|last1=O'Neill \|first1=Patrick Howell \|title=Under tough surveillance, China's cybercriminals find creative ways to chat \|url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ \|access-date=22 October 2020 \|agency=cyberscoop \|publisher=SNG \|date=3 May 2017}}</ref><ref>{{cite news \|last1=Dasgupta \|first1=Binayak \|title=Mass surveillance risk real with Chinese apps: Experts \|url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html \|access-date=22 October 2020 \|publisher=Hindustan Times, New Delhi \|date=1 July 2020}}</ref>) may represent extensions of these observation apparati. ===~~Remove Programs~~Block or ~~Malicious~~remove ~~Code~~malware=== The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal. * [[Anti-keylogger]]s Line 109 ⟶ 52: * [[Anti-tamper software]] * [[Antivirus software]] * [[Cryptanalysis]] ~~==Types of Software to Subvert Computers or Data==~~ Similar to systems used to secure systems, below are a series of software patterns and groups from the perspective of users attempting to subvert, invade, or infect computer systems. Many of these ideas where theorized as early as the 1960s and 1970s in the fields of [[cyberpunk]] literature with magazines like [[New Worlds (magazine)\|New Worlds]] and solidified in the 1980s with novels like [[Neuromancer]]. Note that most of these types of program also have applications in securing systems and countering hacking, yet are primarily known in the fields of hacking, [[espionage]], and computer subversion. Because of their similarity to securing computers, these ideas fall into similar categories. ~~===General Terms===~~ ~~====[[Internet_bot\|Bot]]====~~ ~~''copied from main wikipedia article (with slight modification) on 3/19/2021 for ease of reference''~~ An '''Internet bot''', '''[[World Wide Web\|web]] robot''', '''robot''' or simply '''bot''', is a [[software application]] that runs automated tasks (scripts) over the [[Internet]].<ref name=":0">{{cite book \|url=https://archive.org/details/malicio_dun_2009_00_4004 \|url-access=registration \|title=Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet \|last1=Dunham \|first1=Ken \|last2=Melnick \|first2=Jim \|publisher=CRC Press \|year=2009\|isbn=9781420069068 }}</ref> Not necessarily malicious, bots perform tasks that are simple and repetitive, much faster than a person could. The most extensive use of bots is for [[web crawling]], in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.<ref name="Zeifman">{{cite web \|last1=Zeifman \|first1=Igal \|title=Bot Traffic Report 2016 \|url=https://www.incapsula.com/blog/bot-traffic-report-2016.html \|website=Incapsula \|access-date=1 February 2017}}</ref> ~~====[[Botnet]]====~~ A collection of programs or [[software agent]]s operating over a collection of computers and internet addresses. Behaving like a swarm or collective, these groups often route information through each other, perform coordinated actions with each other, or redundantly store information throughout the group. Often viewing as being controlled through command and control software. However, botnets can be created in a "fire and forget" structure, where an infectious program is released into the wild, replicates itself, and then operates autonomously based on its guiding parameters. Can be composed of bots, virii, worms, or trojan horse software or a combination of the types. ~~====[[Computer_Virus\|Virus]]====~~ ~~''copied from main wikipedia article on 3/19/2021 for ease of reference''~~ ~~A '''computer virus'''<ref name=Virus.NYT2014>{{cite news \|newspaper=[[The New York Times]]~~ ~~\|url=https://www.nytimes.com/times-insider/2014/08/06/1988-the-internet-comes-down-with-a-virus~~ ~~\|title=The Internet comes down with a virus~~ \|date=August 6, 2014}}</ref> is a type of [[computer program]] that, when executed, replicates itself by modifying other computer programs and [[Code injection\|inserting]] its own [[Computer language\|code]].<ref name="Avast">{{cite web \|title=Worm vs. Virus: What's the Difference and Does It Matter? \|url=https://www.avast.com/c-worm-vs-virus \|website=Avast Academy \|publisher=Avast Software s.r.o. \|access-date=9 March 2021}}</ref><ref name="Stallings 2012 p.182 ">{{cite book ~~\|last=Stallings \|first=William \|title=Computer security : principles and practice~~ \|publisher=Pearson \|___location=Boston \|year=2012 \|isbn=978-0-13-277506-9 \|page=182}}</ref> If this replication succeeds, the affected areas are then said to be "infected" with a computer virus.<ref>{{cite book ~~\|author=Aycock, John \|title=Computer Viruses and Malware~~ ~~\|url=https://archive.org/details/computervirusesm00ayco~~ ~~\|url-access=limited \|publisher=Springer \|year=2006 \|isbn=978-0-387-30236-2~~ ~~\|page=[https://archive.org/details/computervirusesm00ayco/page/n27 14]}}</ref><ref name="vx.netlux.org">{{cite web~~ ~~\|url=http://vx.netlux.org/lib/aas10.html~~ ~~\|author=Alan Solomon \|title=All About Viruses~~ ~~\|website= VX Heavens \|date=2011-06-14 \|access-date=2014-07-17~~ ~~\|url-status=dead \|archive-url=https://web.archive.org/web/20120117091338/http://vx.netlux.org/lib/aas10.html~~ ~~\|archive-date=2012-01-17 }}</ref>~~ Computer viruses generally require a [[Computer program\|host program]].<ref name="Avast"/> The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection. ~~====[[Computer_worm\|Worm]]====~~ ~~''copied from main wikipedia article on 3/19/2021 for ease of reference''~~ A '''computer worm''' is a standalone [[malware]] [[computer program]] that replicates itself in order to spread to other computers.<ref>{{cite web\|last=Barwise\|first=Mike\|title=What is an internet worm?\|url=http://www.bbc.co.uk/webwise/guides/internet-worms\|publisher=BBC\|access-date=9 September 2010}}</ref> It often uses a [[computer network]] to spread itself, relying on security failures on the target computer to access it. ~~====[[Trojan_horse_(computing)\|Trojan Horse]]====~~ A software program that disguises its actual purpose, often with malicious intent. Usually downloaded while imitating legitimate software, a trojan horse may then immediately execute and transform into a different type of software, or imitate the legitimate software while covertly running secondary programs. ~~====Perspective on "Malicious"====~~ Although viruses and worms are often created maliciously, both could theoretically simply evolve from ideas like software bugs that cause a program to begin replicating and spreading, without any initial intended malicious behavior. Much like their organic counterparts, a tapeworm isn't necessarily "malicious", simply another organism growing in its natural environment. Yet from the perspective an animal's digestive tract, this might be interpreted as aggressive or invasive behavior. Several types of worms and virii in the organic environment have evolved to be symbiotic with their hosts, and similar situations may be possible in the digital environment. ~~===Isolate or Modify Access===~~ The purpose of these programs from an attack perspective is to isolate or control access to a system while still allowing the normal users to operate the system. This may imply that the normal users are completely unaware of the issue, or that the normal users experience a degradation of their user experience without an obvious cause until the malicious software is found. In larger internet context, this may also involve isolating a computer from interaction with the wider internet, possibly without their notice, or installing software that might allow for the possibility for future control of the user's system without immediately taking control. A physical world comparison is copying the keys to an owner's house without their knowledge. Vandalism and intimidation could happen in the future, yet don't necessarily happen immediately. * [[Access_control\|Access Controller or Modifier]] (Selectively change user access to system or network resources) * [[Drive-by_download\|Automated Downloader]] * [[Man-in-the-middle_attack\|Communication Modifier]] or "[[Man-in-the-middle_attack\|man-in-the-middle]]" * [[Email_spoofing\|Email or Text Msg Spoofing]] (Modify for falsely represent a persons written communication) * [[Hardware_backdoors\|Hardware Backdoor]] * [[Backdoor_(computing)\|Software Backdoor]] * [[Rootkit]] (sometimes referred to as [[Bootkit]]) * [[URL_redirection\|Website or Browser Redirection]] ~~===Monitor Access===~~ The purpose of these programs is simply to monitor a user's interactions with a computer system. Often there is little or no degradation of the user experience, as obvious degradation would give away the monitoring. Stealth tends to be a priority as information gathering is preferable to short-term benefit. A physical world comparison would be a deep-cover spy that might exist as part of a society for decades, going to work in factory, earning promotions with increased trust or responsibility, all with the purpose of silently gathering and reporting information. * [[User_activity_monitoring\|Activity Monitor]] (Track lifestyle, interaction patterns, and times of use) * [[Data_scraping\|Data Scraper]] * Duplicator (Copy the [[structure, sequence and organization]] of a system to falsely represent that system) * [[Network_eavesdropping\|Eavesdropper]] * [[Network_eavesdropping#Observing_exit_nodes\|Exit Node Logger]] (Find a users internet ___location on a secret network) * [[Keylogger]] * Locator (Find a user's physical ___location - https://geotraceroute.com/) * [[Traceroute\|Path Tracer]] (Find internet route to a user's computer after randomized infection) * [[Sniffing_attack\|Sniffer]] * [[IGMP_snooping\|Snooper]] ~~===Prevent Access===~~ These programs are designed to stop normal users from interacting with their systems, often permanently. The [[stuxnet]] worm was a program within this category, designed to find specific computer systems related to nuclear refining, and destroy those systems. In hacking culture, this behavior is often referred to as "bricking" a target's computer system. * [[Brick_(electronics)\|Bricker]] * [[Fork Bomb]] * [[Logic Bomb]] * [[Time_bomb_(software)\|Time Bomb]] ~~===Warez===~~ Programs usually designed for an economic benefit to the attacker, which install an application, often hidden, on the targets hardware. These programs then usually either provide information (such as unwanted ads), restrict information in a form of blackmail, or record information that can later be sold or used to find further vulnerabilities. The unifying theme, however, tends to be the economic motivation with some type of implied payout from the activity. This can be contrasted to other types of programs that might have social, military, or nationalistic motivations with no perceivable economic motivation. Physical world comparisons are challenging, yet might include aggressive advertising billboard placement, loudspeakers blaring out propaganda, thieves stealing objects and demanding payment, or kidnappers stealing family or friends and demanding payment. * [[Adware]] * [[Browser_helper_object\|Browser "Helper" Objects]] (Often the opposite of "helpful") * [[Crimeware]] (Usually because of a connection to a specific crime or organization) * [[Cryptojacking_malware\|Cryptojacking Malware]] (Subvert computer to mine bitcoins) * [[Malware]] * [[Ransomware]] * [[Scareware]] * [[Spyware]] ~~==Software run on computers to secure other systems==~~ These types of software are programs run on computers that are primarily intended to secure systems other than themselves. This is usually achieved by providing interactions with physical world systems or by evaluating data that may not be "directly" related to computer security. * [[Computer Aided Dispatch]] (CAD) * [[Fraud Detection]] ==See also== Line 206 ⟶ 57: * [[Data security]] * [[Emergency management software]] * [[Cloud Workload Protection Platforms]] * [[Computer Antivirus Software]] ==References== {{reflist}} {{Computer security}} [[Category:Computer security software\| ]]