Category Archives: Definitions

What is a proxy?

A proxy is a server or computer that acts as an intermediary between a user and the internet. Proxies can be used for a variety of purposes, such as to improve network performance, to access blocked websites, or to protect a user’s identity and location. For example, a user can connect to a proxy server, which will then make requests on the user’s behalf and return the results to the user. This can help to hide the user’s IP address and location from the websites they are accessing.

(Ed. written by ChatGPT; verified and posted by jrivett)

What is Javascript?

JavaScript is a programming language that is primarily used to create interactive and dynamic websites. It is a client-side scripting language, which means that the code is executed on the user’s computer rather than on the server. JavaScript can be used to create things like drop-down menus, pop-ups, and interactive forms. It can also be used to create complex web applications and can be used in conjunction with other technologies such as HTML and CSS.

(Ed: written by ChatGPT; verified by jrivett.)

What is a vulnerability?

A vulnerability is a weakness or gap in a system’s security that can be exploited by an attacker to gain unauthorized access or perform malicious actions. It can refer to a flaw in software, hardware, or a combination of both, that can be exploited to compromise the confidentiality, integrity, or availability of a system or its data. Vulnerabilities can be discovered through various means such as penetration testing, code reviews, or by being reported by external parties.

(Ed: written by ChatGPT; verified by jrivett.)

What is a DoS attack?

A Denial of Service (DoS) attack is a type of cyber attack in which the attacker attempts to make a network resource or website unavailable to users by overwhelming it with a flood of traffic or requests. This can be accomplished by using multiple computers or devices to send a large amount of traffic to the targeted resource, or by exploiting vulnerabilities in the software or hardware running the resource. The goal of a DoS attack is to disrupt normal traffic and make the targeted resource unavailable to legitimate users.

(Ed: written by ChatGPT; verified by jrivett.)

What is a computer trojan?

A Trojan, or Trojan horse, is a type of malware that is disguised as legitimate software. It is called a Trojan because it typically presents itself as something harmless, like a game or utility program, but once executed, it can perform malicious actions on the infected computer. These actions can include stealing sensitive information, downloading and installing other malware, or allowing unauthorized remote access to the computer. Trojans are often distributed through email attachments, instant messaging, and social media, and they can be very difficult to detect and remove.

(Editor’s note: I’m going to keep posting these definitions as long as ChatGPT is able to generate accurate and useful text. I have no plans to allow ChatGPT to take over all of my writing duties.)

What is malware?

Malware, short for malicious software, is any software designed to harm or exploit a computer system. There are many different types of malware, including viruses, worms, Trojans, ransomware, adware, and spyware. Malware can be spread through email attachments, malicious links, infected websites, and other means. It can be used to steal sensitive information, such as login credentials and financial data, disrupt or damage computer systems, and perform other malicious activities. Protecting against malware involves keeping your operating system and antivirus software up to date, being cautious about the emails and links that you open, and avoiding downloading software from untrusted sources.

(Editor’s note: this post was written by ChatGPT, and its veracity checked by me, the human person who runs this site.)

What is ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. When the ransomware is installed on a device, it encrypts the files on the device and displays a message that demands payment in exchange for the decryption key that is needed to unlock the files. Ransomware attacks can be particularly damaging to individuals and businesses because they can disrupt access to important data and systems, and they can be costly to remedy. It is important to protect your devices and systems from ransomware by keeping your software and antivirus programs up to date and being careful about the emails and links that you open.

(Editor’s note: in case you hadn’t noticed, this is another guest post from ChatGPT. I’m going to keep posting these, but they will always be clearly labeled as ChatGPT’s work. You can play around with the chatbot yourself, but you’ll need to create an OpenAI account first.)

What is phishing?

Phishing is a type of cyber attack that involves the use of fraudulent emails or websites that appear to be legitimate in order to trick people into revealing sensitive information such as passwords, credit card numbers, and account login details. These attacks often use social engineering techniques to manipulate people into taking action, such as clicking on a malicious link or opening an attachment. Phishing attacks can be difficult to identify because they are designed to look legitimate and can be highly targeted, making them a common and effective method used by cybercriminals to steal sensitive information.

(Editor’s note: This is a guest post by ChatGPT, a chatbot launched by OpenAI in November 2022. I asked it the question “What is phishing?”, and it generated the text above. I verified the response as accurate.)

Also see Phishing – What is it? on the Opera web site. Ars Technica has a post about a particularly nasty phishing web site.

What is a web browser, anyway?

For the uninitiated, computer jargon often seems unintelligible. The resulting confusion even allows technical support people to determine a customer’s level of understanding by observing the way they use (and mis-use) common terms.

The confusion is understandable. If someone uses their computer only for web browsing and email, and especially if their email client is web-based, the dividing lines between hardware and software, software and service, and local and remote data… tend to blur.

Mozilla, the folks who develop and maintain the web browser Firefox, recently published a useful guide that disentangles some important, common terminology: “What is the difference between the internet, browsers, search engines and websites?

Anyone who’s ever wondered how a web browser is different from “the Internet” should read the article. There’s a good chance it will clarify things for you.

Java: what is it, and why do I need it?

You’re probably sick of hearing about Java and its troubles. Still, there seems to be a lot of confusion about what Java is, what it’s used for, and whether it’s really needed. This post is an attempt to alleviate that confusion.

From the About page on the Java web site:

From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!
– 1.1 billion desktops run Java
– 3 billion mobile phones run Java
– 100% of all Blu-ray players run Java
– Java powers set-top boxes, printers, Web cams, games, car navigation systems, lottery terminals, medical devices, parking payment stations, and more.

What is Java?

Java is essentially a programming language. It’s also a runtime environment: a program that runs natively on your PC or other computing device and allows Java programs to run on that device.

Why is Java everywhere?

Java is embedded into many household and industrial devices. Typically these devices run older versions of Java, and those older versions often have security vulnerabilities. However, the potential for damage through exploiting vulnerabilities on such devices is usually small or non-existent.

Java is currently installed on most consumer and corporate PCs, usually because at least one Java application or Java-enabled web site requires it. Java may also be enabled in the various web browsers used on those PCs.

The main reason for Java’s prevalence is its portability. In computing terms, that means a Java program will run on any Java-enabled device without modification. Developers only need to create one version of a program, instead of a different version for every computing platform they want to support.

Java in the browser; Java outside the browser

To run a Java program outside of a web browser, a Java Runtime Environment (JRE) must be installed on the device. To use a Java-enabled web site or a web-based Java application, you still need a JRE, but you also need a Java plugin for your web browser. Each browser handles plugins differently, but without a Java plugin providing a link between the browser and the JRE, Java code will not run in the browser.

Because a plugin is required to run Java in a web browser, disabling the plugin is a sure-fire way to avoid web-based Java malware.

Java programs that run outside of the web browser

The primary danger posed by Java at this time is visiting malware-infested web sites with a vulnerable version of Java enabled in the web browser. A Java program that runs outside the web browser is safe, even if the shared Java JRE is old or vulnerable, because the only Java code that runs is the code for that program. If you trust the program’s developer, you’re safe. Note that there is one exception: if the program contains a Java-enabled web browser, the risk is the same as in any other Java-enabled web browser.

Examples:

  • Minecraft – a popular game
  • Eclipse – a software development environment
  • FreeMind — mind-mapping software
  • OpenOffice (Base; wizards) – an office application suite

Java programs that run in the web browser

A Java program that runs in the web browser is safe – even using a shared, old, or vulnerable JRE – as long as you only use that program and don’t navigate to any Internet-based web sites. If you must run a browser-based Java program, try to use one particular web browser for that program (and any similar programs). In other words, use a browser that has Java disabled for web browsing, and a different (Java-enabled) browser for running your browser-based Java programs.

Examples:

  • Yahoo SiteBuilder – requires and installs JRE 1.6 in a shared location, and installs JRE 1.6 components in browsers (use with caution)
  • Vigiliti nLive – network management software
  • ManageEngine OpManager – system management software
  • many other system and network monitoring and analysis packages

Web sites that require Java for proper operation

If you can’t avoid web sites that use Java: again, it’s a good idea to set aside a Java-enabled web browser for accessing those sites (and nothing else!) Use a separate web browser with Java disabled for most of your web surfing.

Examples:

  • Some banking web sites
  • The Wall Street Journal website uses Java for dynamic charts
  • Secunia’s Online Software Inspector

Java applications that install their own JRE

When an application requires a JRE to run, it can use a shared JRE that is typically installed in a standard location where it can be found by any Java application on the PC. It can also install its own JRE in a location where it is only used by that application. This avoids potential compatibility issues, but it can make things more confusing for anyone trying to understand how Java is being used on their PC.

Examples:

  • Vigiliti nLive – network management software
  • ManageEngine OpManager – system management software
  • MindRaider – notebook and outlining application

How is Java related to Javascript?

It isn’t. Java is to Javascript what ham is to hamster. Like Java, Javascript is a programming language, and it’s often used on web sites to provide enhanced functionality. Also like Java, Javascript is often used for malware. Unlike Java, Javascript can only run within a web browser. Both represent significant security threats, and both can be disabled within web browsers, but doing so may cause some web sites to stop working properly.

Why are there so many security problems with Java?

Java’s success – its prevalence on PCs – has made it a useful target for malware developers. The success of Windows made that operating system the primary target of malware developers for years, but Microsoft has improved the security of Windows, and malware writers are looking for other targets.

All programs contain bugs, and if enough time is spent examining a program, eventually someone will find a way to break it in a way that allows security to be bypassed. Java is a program like any other, and the new focus on Java is revealing more and more security issues.

Why do developers still use Java?

Given all the recent problems with Java, one might expect software and web site developers to steer clear of it. Some developers are probably already looking elsewhere, and the longer it takes for Oracle/Sun to fix Java’s security problems, the more developers will bail. Most developers are probably concerned, but biding their time; switching away from Java is likely to be a massive undertaking.

Why do I need Java? Can I stop using it?

There’s no way to escape Java completely. You probably have several devices in your home that have Java embedded into them. But apart from the Java embedded in devices, you may not need Java at all.

In the PC world, some applications and web sites need Java to work properly. If you don’t have Java on your PC, you won’t be able to use those applications and web sites. If you’re a system or network administrator, you probably need Java to run system management tools. Your employer may use or require custom Java software in your workplace. You may need Java to use your bank’s web site. And so on.

The only way to know for sure whether you can do without Java on your PC is to disable or uninstall it, then make note of any web site or application that stops working. Of course, this may be more difficult than it sounds, since functionality may only be affected in subtle ways.

More problems with Java

  • Version confusion: traditionally, the JRE installer left old versions intact when installing new versions. This was apparently done to get around version incompatibilities, but in practice it created more problems than it solved. More recent JRE installers seem to be better at cleaning up older versions.
  • Java Development Toolkits (JDKs) add to the confusion, since they typically include their own, separate, embedded JRE.
  • There are apparently no tools for finding and diagnosing Java installations on a PC. JavaRa is useful to a point, but it doesn’t seem to find embedded JREs installed with certain Java applications.
  • When you install Java, it sets itself up to perform auto-updates. This feature can be disabled, but it has to be done every time you install or update Java. Worse, the auto-updater may delay updating your Java for days or even weeks after an update becomes available.
  • Recently, Oracle started including crapware (aka foistware) with Java JREs. Performing a default install of a recent JRE will add a worthless toolbar to your browser and may hijack your browser search settings.
  • Removing Java from Internet Explorer is almost impossible. Web browsers like Firefox and Google Chrome include simple settings for disabling Java, but for some reason this is not the case with IE.

Further reading

If you’re gotten this far and want more, the folks over at Windows Secrets recently posted some more useful information about Java.

Links