Glossary

Term

Definition

Active Directory

A hierarchical directory service that enables centralized, secure management of an entire network which is a central component of the Microsoft Windows platform.

ActiveUpdate

ActiveUpdate is a function common to many Trend Micro products. Connected to the Trend Micro update website, ActiveUpdate provides up-to-date downloads of pattern files, scan engines, programs, and other Trend Micro component files through the Internet.

Base Distinguished Name (BDN)

Specifies the necessary domain components of the LDAP server.

Bot

A program used on the Internet that performs a repetitive function such as searching for information.

BZIP Files

A basic zipper format used as a compressor for single files and not a full archiver.

Compressed File

A single file containing one or more separate files plus information for extraction by a suitable program, such as WinZip.

Crimeware

Designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation.

Customer Licensing Portal

The  Trend Micro Customer Licensing Portal™  helps you manage your accounts, customer information, and subscriptions, including those that you manage. From the Customer Licensing Portal , you can directly access the web consoles of Trend Micro solutions that you manage.

Denial of Service Attack

A Denial of Service (DoS) attack refers to an attack on a computer or network that causes a loss of "service," namely a network connection. Typically, DoS attacks negatively affect network bandwidth or overload system resources such as the computer's memory.

DHCP

Dynamic Host Control Protocol (DHCP) is a protocol for assigning dynamic IP addresses to devices in a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.

DNS

Domain Name System (DNS) is a general-purpose data query service chiefly used in the Internet for translating host names into IP addresses.

When a DNS client requests host name and address data from a DNS server, the process is called resolution. Basic DNS configuration results in a server that performs default resolution. For example, a remote server queries another server for data in a machine in the current zone. Client software in the remote server queries the resolver, which answers the request from its database files.

Domain Name

The full name of a system, consisting of its local host name and its domain name, for example, tellsitall.com. A domain name should be sufficient to determine a unique Internet address for any host on the Internet. This process, called "name resolution," uses the Domain Name System (DNS).

Dynamic IP Address

A Dynamic IP address is an IP address assigned by a DHCP server. The MAC address of a computer will remain the same, however, the DHCP server may assign a new IP address to the computer depending on availability.

ESMTP

Enhanced Simple Mail Transport Protocol (ESMTP) includes security, authentication and other devices to save bandwidth and protect servers.

End-user License Agreement

An End-user License Agreement or EULA is a legal contract between a software publisher and the software user. It typically outlines restrictions on the side of the user, who can refuse to enter into the agreement by not clicking "I accept" during installation. Clicking "I do not accept" will, of course, end the installation of the software product.

Many users inadvertently agree to the installation of spyware and other types of grayware into their computers when they click "I accept" on EULA prompts displayed during the installation of certain free software.

False Positive

A false positive occurs when a file is incorrectly detected by security software as infected.

FTP

File Transfer Protocol (FTP) is a standard protocol used for transporting files from a server to a client over the Internet. Refer to Network Working Group RFC 959 for more information.

Gateway

The interface between an information source and a web server. Some companies have an NAT or proxy server at the corporate network edge. All the web traffic of internal users goes through that network gateway and from the web server. The connection comes from the gateway.

Grayware

A category of software that might be legitimate, unwanted, or malicious. Unlike threats such as viruses, worms, and Trojans, grayware does not infect, replicate, or destroy data; however, it might violate your privacy. Examples of grayware include spyware, adware, and remote access tools.

GZIP File

Named for a GNU Project compression file that is used for single files and not a full archiver.

TMWS Database

The TMWS Database resides on the TMWS server that stores user information. It is a component of the TMWS service.

HTTP

Hypertext Transfer Protocol (HTTP) is a standard protocol used for transporting web pages (including graphics and multimedia content) from a server to a client over the Internet.

HTTPS

Hypertext Transfer Protocol using Secure Socket Layer (SSL). HTTPS is a variant of HTTP used for handling secure transactions.

ICMP

Occasionally a gateway or destination host uses Internet Control Message Protocol (ICMP) to communicate with a source host, for example, to report an error in datagram processing. ICMP uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and implemented by every IP module. ICMP messages are sent in several situations: for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable.

Identity Provider

An IdP (Identity Provider) is a Service Provider for storing identity profiles and offering incentives to other SPs with the aim of federating user identities. Identity Providers can also provide services beyond those related to the storage of identity profiles.

IntelliScan

IntelliScan is a method of identifying files to scan. For executable files (for example, .exe), the true file type is determined based on the file content. For non-executable files (for example, .txt), the true file type is determined based on the file header.

Using IntelliScan provides the following benefits:

  • Performance optimization: IntelliScan does not affect applications on the client because it uses minimal system resources.

  • Shorter scanning period: Because IntelliScan uses true file type identification, it only scans files that are vulnerable to infection. The scan time is therefore significantly shorter than when you scan all files.

IntelliTrap

Virus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce the risk of such viruses entering the network by blocking real-time compressed executable files and pairing them with other malware characteristics. Because IntelliTrap identifies such files as security risks and may incorrectly block safe files, consider quarantining (not deleting or cleaning) files when you enable IntelliTrap. If users regularly exchange real-time compressed executable files, disable IntelliTrap. IntelliTrap uses the following components: Virus Scan Engine, IntelliTrap Pattern, and IntelliTrap Exception Pattern.

IP

The internet protocol (IP) provides for transmitting blocks of data called datagrams from sources to destinations, where sources and destinations are hosts identified by fixed length addresses. (RFC 791)

Java File

Java is a general-purpose programming language developed by Sun Micro Systems. A Java file contains Java code. Java supports programming for the Internet in the form of platform-independent Java "applets." An applet is a program written in Java programming language that can be included in an HTML page. When you use a Java-technology enabled browser to view a page that contains an applet, the applet transfers its code to your computer and the browser's Java Virtual Machine executes the applet.

LDAP

Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. LDAP uses TCP/IP to provide access to directories that support an X.500 model and that does not incur the resource requirements of the more complex X.500 Directory Access Protocol (DAP). For example, LDAP can be used to locate people, organizations, and other resources in an Internet or intranet directory.

Listening Port

A listening port is utilized for client connection requests for data exchange.

Malware

Software that is designed to disrupt or gain unauthorized access to a system, gather information that compromises a person's privacy or assets, or other behavior that is harmful to the user.

Mixed Threat Attack

Mixed threat attacks take advantage of multiple entry points and vulnerabilities in enterprise networks, such as the "Nimda" or "Code Red" threats.

Monitor

A charting widget that you can add to the "Dashboard" page in order to track malware or a particular activity protected by TMWS.

NAT

Network Address Translation (NAT) is a standard for translating secure IP addresses to temporary, external, registered IP address from the address pool. This allows trusted networks with privately assigned IP addresses to have access to the Internet. This also means that you do not have to get a registered IP address for every machine in the network.

NetBIOS

Network Basic Input Output System (NetBIOS) is an application program interface (API) that adds functionality such as network capabilities to disk operating system (DOS) basic input/output system (BIOS).

Phish Attack

Phish, or phishing, is a rapidly growing form of fraud that seeks to fool web users into divulging private information by mimicking a legitimate website.

In a typical scenario, unsuspecting users get an urgent sounding (and authentic looking) email telling them there is a problem with their account that they must immediately fix to avoid account termination. The email will include a URL to a website that looks exactly like the real thing. It is simple to copy a legitimate email and a legitimate website but then change the so-called back end, which receives the collected data.

The email tells the user to log on to the site and confirm some account information. A hacker receives data a user provides, such as a logon name, password, credit card number, or social security number.

Phish fraud is fast, cheap, and easy to perpetuate. It is also potentially quite lucrative for those criminals who practice it. Phish is hard for even computer-savvy users to detect. And it is hard for law enforcement to track down. Worse, it is almost impossible to prosecute.

Please report to Trend Micro any website you suspect to be a phishing site.

Ping

Ping is a utility that sends an ICMP echo request to an IP address and waits for a response. The Ping utility can determine if the computer with the specified IP address is online or not.

POP3

Post Office Protocol 3 (POP3) is a standard protocol for storing and transporting email messages from a server to a client email application.

Port Forwarding

Packets forwarding technology based on a destination port. Administrators can configure an existing network device, (such as a firewall or switch) to easily deploy TMWS.

Primary Domain

This is the domain selected in the Primary domain dropdown box in the Active Directory screen (Administration > USERS & AUTHENTICATION > Directory Services).The domains listed in the dropdown box are the same domains configured in the Domains screen.

Proxy Auto-configuration (PAC) File

PAC files are text files containing JavaScript, a high-level programming language. The PAC files specify which proxies should be used and under what circumstances. PAC files may be hosted on each workstation, on an internal Web server, on a server outside the corporate network, or on TMWS. Browsers simply require the address of the PAC file - they fetch the file at the address specified and execute the JavaScript contained within it.

Proxy Server

A proxy server is a World Wide Web server which accepts URLs with a special prefix, used to fetch documents from either a local cache or a remote server, then returns the URL to the requester.

RAR File

A Roshal Archive file is a non-documented archive file format that supports data compression, error recovery, and file spanning.

Roaming User

Users that are not within the range of the company gateway.

RPC

Remote procedure call (RPC) is a network protocol that allows a computer program running on one host to cause code to be executed on another host.

Service Provider

See Identity Provider.

SMTP

Simple Mail Transport Protocol (SMTP) is a standard protocol used to transport email messages from server to server, and client to server, over the internet.

SNMP

Simple Network Management Protocol (SNMP) is a protocol that supports monitoring of devices attached to a network for conditions that merit administrative attention.

SOCKS 4

SOCKS 4 is a TCP protocol used by proxy servers to establish a connection between clients on the internal network or LAN and computers or servers outside the LAN. The SOCKS 4 protocol makes connection requests, sets up proxy circuits and relays data at the Application layer of the OSI model.

Software as a Service (SaaS)

A model of software deployment whereby software including business processes, enterprise applications, and collaboration tools, are provided as a service to customers.

SSL

Secure Socket Layer (SSL) is a protocol designed by Netscape for providing data security layered between application protocols (such as HTTP, Telnet, or FTP) and TCP/IP. This security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

SSL Certificate

This digital certificate establishes secure HTTPS communication.

TAR File

This file is often used for distributing open source code.

TCP

Transmission Control Protocol (TCP) is a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols that support multi-network applications. TCP relies on IP datagrams for address resolution. Refer to DARPA Internet Program RFC 793 for information.

Telnet

Telnet is a standard method of interfacing terminal devices over TCP by creating a "Network Virtual Terminal." Refer to Network Working Group RFC 854 for more information.

UDP

User Datagram Protocol (UDP) is a connectionless communication protocol used with IP for application programs to send messages to other programs. Refer to DARPA Internet Program RFC 768 for information.

Web Reputation Service (WRS)

Web Reputation Services are offered by Trend Micro to detect and block Web-based security risks, including phishing attacks.

Widget

A portable, reusable application that can be added to the "Dashboard" page in order to track malware or a particular activity protected by TMWS.

ZIP File

The ZIP file format is a data compression and archive format. A ZIP file contains one or more files that have been compressed to reduce file size, or stored as-is. The ZIP file format permits a number of compression algorithms.