What are the symptoms of an infected computer? And what can be done about it?

What are the symptoms of an infected computer?



It’s not always easy to tell if your computer has been compromised. More than ever before, the authors of viruses, worms, Trojans and spyware are going to great lengths to hide their code and conceal what their programs are doing on an infected computer. That’s why it’s essential to follow the advice given in this guide: in particular, install Internet security software, make sure you apply security patches to your operating system and applications and backup your data regularly.






It’s very difficult to provide a list of characteristic symptoms of a compromised computer because the same symptoms can also be caused by hardware and/or software problems. Here are just a few examples:


Your computer behaves strangely, i.e. in a way that you haven’t seen before.


You see unexpected messages or images.


You hear unexpected sounds, played at random.


Programs start unexpectedly.


Your personal firewall tells you that an application has tried to connect to the Internet (and it’s not a program that you ran).


Your friends tell you that they have received e-mail messages from your address and you haven’t sent them anything.


Your computer ‘freezes’ frequently, or programs start running slowly.


You get lots of system error messages.


The operating system will not load when you start your computer.


You notice that files or folders have been deleted or changed.


You notice hard disk access (shown by one of the small flashing lights) when you’re not aware of any programs running.


Your web browser behaves erratically, e.g. you can’t close a browser window.














And what can be done about it?


Don’t panic if you experience any of the above. You may have a hardware or software problem, rather than a virus, worm or Trojan. Here’s what you should do:






Disconnect your computer from the Internet.


If your operating system will not load, start the computer in Safe Mode (when you switch on the computer, press and hold F8 as soon it begins, then choose 'Safe Mode' from the menu that will appear), or boot from a rescue CD.


Make sure your anti-virus signatures are up-to-date. If possible, don't download updates using the computer you think is compromised, but use another computer (e.g. a friend’s computer). This is important: if your computer is infected and you connect to the Internet, a malicious program may send important information to a remote hacker, or send itself to people whose e-mail addresses are stored on your computer.


If you have any problems removing malicious programs, check your Internet security vendor’s web site for information on any dedicated utilities that may be needed to remove a particular malicious program. If your computer is connected to a local area network, disconnect it from the network.


Scan the whole computer.


If a malicious program is found, follow the guidelines provided by your Internet security vendor. Good security programs provide the option to disinfect infected objects, quarantine objects that may be infected, and delete worms and Trojans. They also create a report file that lists the names of infected files and the malicious programs found on the computer.


If your Internet security software doesn't find anything, your machine is probably not infected. Check the hardware and software installed on your computer (remove any unlicensed software and any junk files) and make sure you have the latest operating system and application patches installed.


If necessary, contact your Internet security vendor’s technical support department for further advice. You can also ask them how to submit a sample file for analysis by a virus researcher.

Closure/Premature closure of accounts - revision of format of account closure form SB-7A regarding

Department Issued Orders For Grant of Honorarium to the officials entrusted with the fixation of Time Related Continuity Allowance (TRCA) and payments of arrears to Gramin Dak Sevaks consequent on implementation of Recommendations of One-man Committee

No.42-1/2008-PAP

Government of India

Ministry of Communications &IT

Department of Posts

(Establishment Division)

Dak Bhawan,Parliament Street

New Delhi-110001

Dated 26.08.2010

Chief Postmasters General

Postmasters General

General Manager Finance

Director of Accounts Postal

 
 

Sub:    Grant of Honorarium to the officials entrusted with the fixation of Time Related Continuity Allowance (TRCA) and payments of arrears to Gramin Dak Sevaks consequent on implementation of Recommendations of One-man Committee.

 
 

Sir/Madam,

 
 

    I am directed to refer to this office of even no. dated 21.12.2009 regarding rates of Honorarium for fixation of pay in revised scales consequent on implementation of recommendation of 6^th Central Pay Commission was communicated.

 
 

2.    The demand of staff side for extension of the Honorarium rates to those officials entrusted with fixation of Time Related Continuity Allowance (TRCA) and payment of arrears to Gramin Dak sevaks was engaging the attention of the department for quite some time past. Now, the Competent Authority in consultation with Integrated Finance Wing has approved grant honorarium to the officials entrusted with the fixation of Time Related Continuity Allowance (TRCA) and payment of arrears to Gramin Dak Sevaks consequent on implementation of recommendations of One-man Committee and in pursuance of the order no. 6-1/2008-PE.II dt. 09.10.2009. The rates of Honorarium applicable are as under:

 
 

(i)    Fixation of Time Related Continuity Allowance (TRCA)

 

A	Fixation of Time Related Continuity Allowance (TRCA)as on 1.1.2006 by the OA of Divisional Office	Rs.5 for each Gramin Dak Sevak
B	Checking of fixation sheet by the Asstt. Supdt. of Post Offices/Inspector posts as the case may be	Rs.2 for each Gramin Dak Sevak

 
 

(i)    Drawal of Arrears

 

A	Drawal of arrears of Time Related Continuity Allowance (TRCA)and entry in the original Bill.	Rs.1 for entry for each Gramin Dak Sevak for each month.
B	Checking of drawal of Arrears and entry in the original Bill by the supervisors in the HO/HRO	Rs.1 for each Gramin Dak Sevak
(III)	Post Check of the drawal by Pre- Check unit	Rs. 2 per case.

 
 

3.    The honorarium is applicable to such case where the fixation of Time Related Continuity Allowance (TRCA) has been found to be certified as correct by the Postal Accounts office. The Honorarium shall not be applicable, where the fixation of Time Related Continuity Allowance (TRCA) was done irregularly and paid erroneously.

 
 

4.    The Prescribed ceiling on grant of Honorarium has to be kept in view while payment of Honorarium and on no account should it exceed the prescribed Ceiling.

 
 

5.    The Expenditure for payment of Honorarium has to be met within the Budget Grant provided for the year.

 
 

6.    This issues with the concurrence of Integrated Finance Wing vide their Diary no. 188/FA/10/CS Dated 25.08.2010.

 
 

Sdxxx

(K. Rameswara Rao)

Assistant Director General (Estt)

--
M.Krishnan
Secretary General NFPE

Posted by NFPE

Union Cabinet approved Direct Tax Code (DTC)

Direct Tax Code gets nod


Paving the way for radical reform and simplification in the Direct Tax system the Union Cabinet on Thursday approved the much-talked about Direct Tax Code (DTC) Bill proposing to provide more Income Tax relief to salaried class.

The DTC Bill, which seeks to replace the archaic Income Tax Act, 1961, proposes to raise the Income Tax exemption limit from existing Rs 1.6 lakh to Rs Two lakh, highly placed sources said. The Income Tax exemption limit for senior citizens is proposed to be raised to Rs 2.5 lakh.

Under the moderate tax slab suggested in the DTC Bill the government proposes tax rate of

10 per cent for income between Rs 2 lakh and Rs 5 lakh,

20 per cent for income between Rs 5 lakh -

Rs 10 lakh and 30 per cent for income over Rs 10 lakh.

Currently the Income Tax rate is 10 per cent on income above Rs 1.6 lakh and upto Rs 5 lakh, 20 per cent on income above Rs 5 lakh and upto Rs 8 lakh and 30 per cent on income above Rs 8 lakh.

The first draft of the DTC bill had suggested

10 per cent tax on income between Rs 1.60 lakh and Rs 10 lakh,

20 per cent on income between Rs 10 and Rs 25 lakh and

30 per cent beyond that.

The DTC Bill proposes to levy Corporate Tax at 30 per cent and there will be no cess and surcharge on it, sources said. The DTC Bill will be introduced in the ongoing Monsoon session of Parliament.

The Cabinet at its hour-long meeting chaired by the Prime Minister discussed at length various provisions of the DTC Bill, which will seek to bring about radical reforms and simplification in direct tax structure including the Income Tax rates and exemptions.
The overall thrust of the DTC Bill will be on bringing about simplification of direct tax system including personal Income Tax and Corporate Tax with “an in-built bias” in favour of moderation of tax rates, sources close to the preparation of draft legislation said.
Provisions of the DTC Bill stipulating the tax rates in direct tax front including Income tax and Corporate Tax will come into effect once it the legislation is approved by both houses of Parliament.

The government plans to implement various provisions of the DTC Bill with effect from April One 2011.

It is learnt that the government is likely to introduce the DTC Bill either tomorrow or next Monday in both houses of Parliament. After its introduction the draft DTC will be sent to Select Committee of both houses for scrutiny.

After examining the recommendations of the Select Committee the government will move the DTC Bill for approval of Parliament in the Winter Session.


Later, talking to newspersons, the Finance Minister Pranab Mukherjee said, “The whole objective is that a plethora of exemptions will be limited. (Income) tax slabs will be three. Rate of taxes will be taken in the schedule so that they need not be changed every year,” he said. The Finance Ministry submitted the draft DTC Bill for consideration of the Cabinet after examining responses from various stake holders including trade, industry and corporate sector.



Source: Deccan Herald

5 ways to speed up your Computer

By following a few simple guidelines, you can maintain your computer and keep it running smoothly. This article discusses how to use the tools available in Windows 7, Vista, and XP Service Pack 3 (SP3) to more efficiently maintain your computer and safeguard your privacy when you're online.

 

1. Free up disk space

The Disk Cleanup tool helps you free up space on your hard disk to improve the performance of your computer. The tool identifies files that you can safely delete, and then enables you to choose whether you want to delete some or all of the identified files.

Use Disk Cleanup to:

•Remove temporary Internet files.

•Remove downloaded program files (such as Microsoft ActiveX controls and Java applets).

•Empty the Recycle Bin.

•Remove Windows temporary files such as error reports.

•Remove optional Windows components that you don't use.

•Remove installed programs that you no longer use.

•Remove unused restore points and shadow copies from System Restore.

Tip: Typically, temporary Internet files take the most amount of space because the browser caches each page you visit for faster access later.

To use Disk Cleanup

Window 7 users

1.Click Start, click All Programs, click Accessories, click System Tools, then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.

2.When Disk Cleanup has calculated how much space you can free, in the Disk Cleanup for dialog box, scroll through the content of the Files to delete list.

 

Disk Cleanup dialog box

.3.Clear the check boxes for files that you don't want to delete, and then click OK.

◦For more options, such as cleaning up System Restore and Shadow copy files, under Description, click Clean up system files, then click the More Options tab.

 

4.When prompted to confirm that you want to delete the specified files, click Yes.

 

After a few minutes, the process completes and the Disk Cleanup dialog box closes, leaving your computer cleaner and performing better.

For Windows XP users

 

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.

 

.2.In the Disk Cleanup for dialog box, scroll through the content of the Files to delete list.

 

Choose the files that you want to delete.

.3.Clear the check boxes for files that you don't want to delete, and then click OK.

4.When prompted to confirm that you want to delete the specified files, click Yes.

After a few minutes, the process completes and the Disk Cleanup dialog box closes, leaving your computer cleaner and performing better.

2. Speed up access to data

Disk fragmentation slows the overall performance of your system. When files are fragmented, the computer must search the hard disk when the file is opened to piece it back together. The response time can be significantly longer.

Disk Defragmenter is a Windows utility that consolidates fragmented files and folders on your computer's hard disk so that each occupies a single space on the disk. With your files stored neatly end-to-end, without fragmentation, reading and writing to the disk speeds up.

When to run Disk Defragmenter

In addition to running Disk Defragmenter at regular intervals—monthly is optimal—there are other times you should run it too, such as when:

•You add a large number of files.

 

•Your free disk space totals 15 percent or less.

•You install new programs or a new version of Windows.

To use Disk Defragmenter:

Windows 7 users

1.Click Start, click All Programs, click Accessories, click System Tools, and then click Disk Defragmenter.

Click Analyze disk to start the Disk Defragmenter.

 

.2.In the Disk Defragmenter dialog box, click the drives that you want to defragment, and then click the Analyze button. After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives.

 

Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.

3.To defragment the selected drive or drives, click the Defragment disk button. In the Current status area, under the Progress column, you can monitor the process as it happens. After the defragmentation is complete, Disk Defragmenter displays the results.

4.To display detailed information about the defragmented disk or partition, click View Report.

5.To close the View Report dialog box, click Close.

6.You can also schedule the Disk Defragmenter to run automatically, and your computer might be set up this way by default. Under Schedule, it reads Scheduled defragmentation is turned on, then displays the time of day and frequency of defragmentation. If you want to turn off automatic defragmentation or change the time or frequency, click the Configure schedule (or Turn on Schedule, if it is not currently configured to run automatically). Then change the settings, then click OK.

7.To close the Disk Defragmenter utility, click the Close button on the title bar of the window.

 

To use Disk Defragmenter:

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter.

 

Click Analyze disk to start the Disk Defragmenter.

.2.In the Disk Defragmenter dialog box, click the drives that you want to defragment, and then click the Analyze button. After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives.

Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.

3.To defragment the selected drive or drives, click the Defragment button. Note: In Windows Vista, there is no graphical user interface to demonstrate the progress—but your hard drive is still being defragmented.

After the defragmentation is complete, Disk Defragmenter displays the results.

4.To display detailed information about the defragmented disk or partition, click View Report.

 

5.To close the View Report dialog box, click Close.

6.To close the Disk Defragmenter utility, click the Close button on the title bar of the window.

 

3. Detect and repair disk errors

In addition to running Disk Cleanup and Disk Defragmenter to optimize the performance of your computer, you can check the integrity of the files stored on your hard disk by running the Error Checking utility.

As you use your hard drive, it can develop bad sectors. Bad sectors slow down hard disk performance and sometimes make data writing (such as file saving) difficult, or even impossible. The Error Checking utility scans the hard drive for bad sectors, and scans for file system errors to see whether certain files or folders are misplaced.

If you use your computer daily, you should run this utility once a week to help prevent data loss.

Run the Error Checking utility:

Close all open files.

Click Start, and then click My Computer.

In the My Computer window, right-click the hard disk you want to search for bad sectors, and then click Properties.

In the Properties dialog box, click the Tools tab.

Click the Check Now button.

In the Check Disk dialog box (called Error-checking in Windows 7), select the Scan for and attempt recovery of bad sectors check box, and then click Start.

Example of Check Disk Local Disk dialog box

If bad sectors are found, choose to fix them.

Tip: Only select the "Automatically fix file system errors" check box if you think that your disk contains bad sectors.

4. Protect your computer against spyware

Spyware collects personal information without letting you know and without asking for permission. From the websites you visit to usernames and passwords, spyware can put you and your confidential information at risk. In addition to privacy concerns, spyware can hamper your computer's performance. To combat spyware, you might want to consider using the PC safety scan from Windows Live OneCare. This scan is a free service and will help check for and remove viruses.

 

5. Learn all about ReadyBoost

If you're using Windows 7 or Windows Vista, you can use ReadyBoost to speed up your system. A new concept in adding memory to a system, it allows you to use non-volatile flash memory—like a USB flash drive or a memory card—to improve performance without having to add additional memory.

FAQs- Government Employees

Whether the element of DA is to be taken in Salary while calculating emoluments for HRA rebate?
Ans. 1: DA+ Part of DA merged with Basic Pay and shown as Dearness pay is also included in the definition of salary for working out the amount of exemption under section 10 (13 A) (Circular No.6/2004 F.No.275/192/2004-IT,CB) dated 6.12.04 issued by Govt. of India, Ministry of Finance (example No.4)

Can an official draw HRA when he/she is living in leased accommodation (Self house taken on lease allotted to spouse.)?
Ans. 2: As per para 5(c)(iii) of the orders of CCA/HRA, HRA is not admissible to the employee, if his/her spouse has been allotted accommodation at the same station by Centre/State, Autonomous PSU or Semi Govt. Organisation such as Municipality, Port Trust etc., It will be treated as an allotted Govt accommodation for this purpose. (Para 5(c) (iii) of CCA/HRA Rules)

Should the Account payee cheques be entered in Cash Book?
Ans. 3: An A/c payee crossed cheque or Bank draft drawn in the personal name of a recipient by a PAO or cheque drawing DDO and routed through Deptt. officer merely for purpose of delivery, need not be entered in Cash Book. The delivery of such cheques may be recorded & watched through a separate crossed cheque & Bank draft Register. (Exception (a) below Rule-13 of Receipt & Payment Rules.)

The language of certificate required to be appended in Cash Book on the last working day of the month may be given.
Ans. 4:The certificate will be in the following form. "Certified that the Cash amounting to Rs……. (Rupees………..only) has been physically verified and found correct as per the balance recorded in Cash Book. (Rule 13 of Receipt & Payment Rules.)

Is it compulsory for an official to submit the ticket as a token of proof?
Ans. 5: The official is required to give particulars of ticket No. ( For journey by Rail/Bus)

If an officer is transferred and relieved in the middle of month and his pay and allowances have been paid to the end of previous month, can the service verification be done till the middle of month?
Ans. 6: The service verification has to be done for the period payment has been made. Accordingly if an official had been paid till the end of previous month, the service verification will be done till the end of previous month i.e. till he was paid inspite of the fact that he was relieved in the middle of month ( Govt. of India, Ministry of Finance O.M. No.F11(19)E-II CA7/58 dated 29.10.58 under Rule 81 of GFR)

Totals of Cash Book have been checked by the Cashier. Is it necessary that the same should be re-checked. Ans.7: The totals of Cash Book are required to be checked by an official other than the writer of the Cash Book,(Rule 13(3)of Receipt & Payment Rules) and a certificate to this effect is required to be recorded by such official checking the totals.

What should be the treatment of over stayal on leave?
Ans. 8: The overstayal period should be debited to HPL to such extent such leave is due and the balance, if any, treated as EOL. No leave salary is payable for such period of overstayal. The sanctioning authority is competent to regularize the overstayal of any period of leave due and admissible (Rule 25 of CCS (leave) Rules). However, wilful absence from duty after the expiry of leave renders a Govt. servant liable for disciplinary action. (Please refer Govt. of India O.M. No. 6/28/70. Disc. I (SPB. I) dated 05.10.1975 below Rule –11 of CCS(CCA) Rule and O.M. No. 6/28/70. Disc. I, dated 10.02.1972 and 5.10.1972 below Rule-25 of CCS(Leave) Rules.)

An official's increment fell due on 1.10.04 which was declared holiday. The official was on EL for 3 days i.e. 2.10.04 to 4.10.04 and joined dutes on 5.10.04. When will he be allowed increment?
Ans. 9: In this case 1.10.04 has to be treated as holiday prefixed to 2.10.04, and the increased pay has to be drawn from 1.10.04, and thereafter the leave salary. (FR-26 OM.NO.F1(22)-E-III/(A)/73 date 24-8-74.)

Can the special increment be stopped after the death of spouse?
Ans. 10: The special increment granted for undergoing sterlisation operation remains fixed during the entire service. It can be withdrawn only on account of recanalisation and that too from the date of recanalisation. (GIO(11)below FR 27)

Can an official be allowed to draw Transport Allowance if he is residing in a private building but with in one Km from office?
Ans. 11: The Transport Allowance, cannot be given only if the official is residing in Govt. accommodation within one Km. from the place of work or within a campus housing the places of work and residence. (Para 3(ii)of Min. of Finance OM No.21(1) 97-E-II (B)dated 3.10.97)

An official promoted opts for initial pay fixation at the stage next above the pay drawn in the lower scale and re-fixation on the date of accrual of next increment in the Scale of pay of the lower post. Now will the benefit of notional increment or Rs.100/- whichever is more be allowed on this option?
Ans.12:The benefit of notional increment or Rs.100/-, whichever is more, will be granted while fixing his pay under FR 22(I)(a)(i) after the accrual of increment in the lower post. Initially, the pay will be fixed at the stage of the time-scale of the new post above the pay in the lower post from which he is promoted. As per saving clause of FR-22(I)(a)(i) the option can be exercised only in the case of regular promotions and it should be exercised within one month from the date of promotion.

Can the ACP Scheme benefit be allowed to an official who has refused the promotion and has completed 12 years.
Ans. 13: Where promotion has been offered before the employee can be considered for grant of benefit of ACP scheme but refuses to accept such promotion then he cannot be said to be stagnating as he has opted to remain in the existing grade on his own. As such there is no case for grant of ACPs in such case.(Item.38 of Annexure to Govt of India Deptt of Personnel & Training OM No.35034/1/97-Estt(D)(Vol,IV) dt.18.7.01.)

What is the criteria for drawing transport allowance(i) pay being drawn; or (ii)scale of pay?
Ans. 14:The basis for the quantum of transport allowances is only the scale of pay in which the official draws pay.(Govt. of India, Ministry of Finance O.M. No.21(1)/97/E-II(B), dated 3.10.1997.)

Can an official who is on commuted leave avail LTC.
Ans. 15: The LTC can be availed during any period of leave including casual leave and special casual leave, but it can not be availed during the week-end or any other period of holidays or without any leave. (Rule 7 (2) of CCS(LTC)Rule and C& AG order No.488- Audit I/15-83(II), dated 19.06.1987.

Whether an employee will have an option to get his pay fixed on promotion in terms of saving clause under FR-22(I)(a)(1) in the case of stagnation increment.
Ans. 16: As per Govt. of India Deptt. of Personnel and Training, O.M. No.18/16/94 – Estt. (Pay-I), dated 06.06.1994, the date of stagnation increment will be treated in the same manner as normal increment. Accordingly, the Govt. servant on promotion will have the option to get his pay fixed as provided in the saving clause of FR-22(I)(a)(1). In other words, Govt. servant shall have the option , to have the pay fixed under FR-22(I)(a)(1) from the date of promotion or to have the pay fixed initially at the stage of time scale of the new post above the pay in the lower post and get his pay refixed under FR-22(I)(a)(1) from the date of accrual of stagnation increment in the pay scale of the lower post.

Clarification regarding fixation of pay of school teachers on promotion to the post involving higher duties and responsibilities having identical pay scale.
Ans. 17: According to the clarification issued by Govt. of India, Ministry of Human Resource Development, Deptt. of Education, vide their order No. F.5-28/93-UT-I, dated 09.09.1994, when a teacher is promoted to the next higher post from basic scale or senior scale, his / her pay will now be fixed under FR-22(I)(a)(1).

In the case of an employee appointed on ad hoc basis and who is subsequently regularized, the ad hoc service is counted towards increment. Whether the ad hoc service may be counted for the ACPS also?
Ans. 18: In terms of Para 3.2 of the office memorandum, dated August 9, 1999 (ACPS), only regular service which counts for the purpose of regular promotion in terms of relevant Recruitment/ Service Rules shall count for the purpose of upgradation under ACPS.

The relevant Recruitment/ Service Rules prescribe departmental examination/ skill test for vacancy based promotion . However , this need not be insisted for upgradation under ACPS.
Ans.19: All promotion norms have to be fulfilled for upgradation under the scheme. As such, no upgradation shall be allowed if an employee fails to qualify departmental/ skill test prescribed for the purpose of regular promotion.

Whether the benefit of past service will be extended to temporary status employees after their regularization?
Ans. 20: No, the benefit of past service shall not be extended to temporary status employees after their regularization for the purpose of ACPS.

Whether it is necessary to have SC/ST member in the screening committees set up for grant of ACPS.
Ans. 21: As clarified vide condition no. 12 of ACP Scheme (vide DOP & TO.M. dated 9.8.1999), reservation orders/ roster shall not apply to the ACP Scheme. Consequently, it is not necessary to have an officer from SC/ST communities on the Screening Committee constituted for deciding the suitability of the employee for upgradation under ACPS.

What are the registers that are required to be kept by drawing & disbursing officers(Auditee Units)?
Ans.22:
1.Cash Book
2. T.R.5 Receipt Books
3. Register of Undisbursed Pay & Allowances
4. Contingent Register.
5. Bill Register.
6. Vouchers paid during the selected month and in general for the periodicity of Audit.
7. Permanent Advance Register.
8. Surety Bond and Special pay to Cashier.
9. Theft and losses Cases, if any.
10. Stock Register and Stores Accounts.
11. A.D.A Records.
12. Register of Service Book and Leave Accounts.
13. G.P.F. of Class IV and Broad Sheet..
14. Dead Stock Register.
15. Register of unserviceable stores.
16. Account of empties.
17. Register of Telephone and Trunk Call Charges.
18. Liveries Register.
19. Despatch Register and Stamp Account Register
20. Increment Register.
21. O.T.A Register
22. C.E.A Register
23. Pay Fixation Cases.
24. Pay Bill Register.
25 .H.R.A.forms.
26. Medical Charges Reimbursement Register.
27. Stationery Register and connected Rec ord.
28. Procedure and purchase cases.
29. Log Book and P.O.L Account.
30. Pension cases details.
31. Stock Register of Consumer Articles.
32. Employees Group Insurance scheme.
33. Any other record/registers other than the above maintained by the office.
34. All purchase cases above the value of Rs.20,000.
35. Remittance into the Bank.
36. T.A.Register.

Source: www.delhi.gov.in

Permitted to Withdraw Cash Five Times in a Month Free of Charge from other Banks’ ATMs

Customers of a Bank Allowed to Withdraw Cash Five Times in a Month Free of Charge from other Banks’ ATMs

Indian Banks’ Association (IBA) has reported that banks have been permitted by Reserve Bank of India (RBI) to allow free cash withdrawal at their ATMs by customers from other banks upto five times in a month free of charge. Banks are generally complying with the guidelines issued by RBI in this regards from time to time.

No incident regarding non-conforming of RBI’s directions had come to the notice of the Government.

This information was provided by the Minister of State for Finance, Shri Namo Narain Meena in reply to an Unstarred Question in Lok Sabha today.

Source: PIB

Cabinet likely to consider DTC Bill on Thursday

Cabinet likely to consider DTC Bill on Thursday

Struggling to meet the deadline of introducing a much awaited tax reforms bill, the Cabinet is likely to consider the Direct Taxes Code on Thursday, a move aimed at rationalising rates and improving tax compliance.

A proposal is before the Union Cabinet for consideration and passage of the DTC Bill, a source told PTI.

The government plans to introduce DTC, which will replace the archaic Income Tax Act, from next fiscal. The government is, however, unlikely to meet the deadline for introduction of yet another important piece of tax reforms - the Goods and Services Tax.

If introduced in the monsoon session that ends on August 31, the DTC Bill is expected to be referred to a Parliamentary Standing Committee on finance and may be passed during the winter session to make the reforms effective from the deadline -- April 1, next year.

Source: PTI

With lots of lots of love to all my dear sisters

Happy ONAM wishes to all CG Employees of Kerala

Onam is the one of the most important festival of KERALA. It is celebrated by all the people of Kerala around the world.

Onam (Malayalam: ഓണം) is the biggest festival in the Indian state of Kerala. It falls during the first month of the Malayalam calendar which is Chingam (August–September) and marks the homecoming of the legendary King Mahabali. The festival lasts for ten days and is linked to many elements of Kerala's culture and tradition. Intricate flower carpets, elaborate banquet lunch, snake boat races and the kaikottikkali dance all play a part in the festival. (Wikipedia.org)


Posted by imyideas.com

My dearest friend Kiran Reddy got Award from CPMG, Maharashtra Circle

                My heartiest congratulaions to you Kiran! Keep rocking...

I personally thank CPMG, Maharashtra Circle for confering the award to the deserved; I hope it will serve as an inspiration to all System Administrators in Department of Post.

IPS- Uploading the information of delivery of international mail in Post Offices

Glossory: Virus

%CommonProgramFiles%

Refers to the Common Files folder. By default, this is C:\Program Files\Common Files.

%CurrentFolder%

Refers to the folder where the risk was originally executed.

%DriveLetter%

Refers to any drive letter assigned to fixed, mapped, or removable drives that may be connected to the computer. For example, a USB key connected to the computer may appear as drive D.

%ProgramFiles%

Refers to the program files folder. By default, this is C:\Program Files.

%System%

Refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP, Vista).

%SystemDrive%

Refers to the drive on which Windows is installed. By default, this is drive C.

%Temp%

Refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me), C:\WINNT\Temp (Windows NT/2000), C:\Documents and Settings\[CURRENT USER]\Local Settings\Temp (Windows XP), or C:\User\[CURRENT USER]\AppData\Local\Temp (Windows Vista).

%UserProfile%

Refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP) or C:\User\[CURRENT USER] (Windows Vista).

%Windir%

Refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

.dam

Indicates a detection for files that have been corrupted by a threat or that may contain inactive remnants of a threat, causing the files to fail to properly execute or produce reliable results.

.dr

Refers to a file that is considered a dropper. This program drops the virus or worm onto the victim's computer.

.enc

Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.

@m

Signifies that the virus or worm is a "mailer." An example: Happy99 (W32.Ska) only sends itself by email when you send mail.

@mm

Signifies that the virus or worm is a "mass-mailer." An example: W97M.Melissa.A sends messages to every email address in your mailbox.

ACS

A communications server that manages a pool of modems. It directs outgoing messages to the next available modem and incoming messages to the appropriate workstation.

Action

A predefined response to an event or alert by a system or application.

Active

A status that indicates that a program, job, policy, or scan is running. For example, when a scheduled scan executes, it is considered active.

Activity log

A type of report in which all the recorded events are sequentially organized.

Administrative domain

An environment or context defined by a security policy, security model, or security architecture.

Administrator

An individual who:

• Oversees the operation of a network.
  
• Is responsible for installing programs on a network and configuring them for distribution to workstations.
  
• May also update security settings on workstations.
  

Adware

Adware is a software package that facilitates the delivery of advertising content to the user. Learn more about different adware risks.

Age

A rating used to calculate the vulnerability based on the relative amount of time since the discovery of the vulnerability. According to experts, the potential for exploiting a vulnerability increases as the age of the vulnerability increases. The assumption that people are likely to be aware of the existence of the vulnerability supports this statement. The L-3 Network Security researchers assign lower ratings to the age factor of recently discovered vulnerabilities. Older vulnerabilities are rated higher.

Alarm

A sound or visual signal triggered by an error condition.

Alert

An automatic notification that an event or error has occurred.

Alertable event

Any event or member of an event set configured to trigger an alert.

Also Known As

Names that other antivirus vendors use to identify a threat. Often Symantec's bloodhound heuristics will identify a potential threat before a specific detection is added. In such cases, the name of the bloodhound detection will appear in this field.

Antivirus

A subcategory of a security policy that pertains to computer viruses.

Application server

A software server that lets thin clients use applications and databases that are managed by the server. The application server handles all the application operations and connections for the clients.

Asset

A physical item, informational item, or capability required by an organization to maintain productivity. Examples include a computer system, a customer database, and an assembly line.

Asset measure

A quantitative measurement of an asset. The asset measure is the confidentiality, integrity, and availability of an asset in relation to other assets in an organization.

Asset value

The perceived or intrinsic worth of an asset.

Attack signature

The features of network traffic, either in the heading of a packet or in the pattern of a group of packets, which distinguish attacks from legitimate traffic.

Attribute

A property of an object, such as a file or display device.

Authenticated, self-signed SSL

A type of SSL that provides authentication and data encryption through a self-signed certificate.

Authentication

The assurance that a party to some computerized transaction is not an impostor. Authentication typically involves using a password, certificate, PIN, or other information that can be used to validate the identity over a computer network.

AutoInstall package

An executable created by AI Snapshot and AI Builder that contains one or more applications distributed to client computers using the Symantec Ghost Console.

Backup regime

A group of settings that determines which computer to include in a backup task, as well as other details such as scheduling.

Banner grab

A client receives this readable string immediately following a connection to a server. The type of received string usually identifies the operating systems and server types.

Baseline risk

The risk that exists before safeguards are considered.

Benefit

The effectiveness of a safeguard in terms of vulnerability measure. If the safeguard is applied by itself, it lowers the danger that the vulnerability poses by the amount specified.

Bits per second (bps)

A measure of the speed at which a device, such as a modem, can transfer bits of data.

Blank

To clear or not show an image on the computer screen. You can configure a pcAnywhere host to blank the host's screen once a connection has been made. This enhances the security of an unattended pcAnywhere host.

Blended Threat

Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:

• Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
  
• Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
  
• Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
  
• Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
  
• Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
  

Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.

Boot package

A file, bootable disk, Ghost image, or Preboot Execution Environment (PXE) image of a bootable disk that contains the Symantec Ghost executable and any drivers required to start a client computer and Symantec Ghost.

Broadcast

To simultaneously send the same message to all the users on a network.

Broadcast alert action

An AMS2 response to an alert in which a message is sent to all the computers logged onto the server that generates the alert.

Bug

A programming error in a software program that can have unwanted side effects. Some examples include Various web browser security problems and Y2K software problems.

Callback

A security feature that lets a host disconnect a remote caller after a successful connection and then recall the remote computer, either for security verification or financial responsibility.

Canvas

The window in which hosts and other drawing objects, which represent a network scheme, are placed.

Capability

The measure of a threat's technical expertise or knowledge of a system's connectivity.

Capability Maturity Model for Software (CMM or SW-CMM)

A model for judging the maturity of the software processes of an organization and for identifying the key practices that are required to increase the maturity of these processes.

Captured attack sessions

A record of any network session that contains an attack signature. You can configure NetProwler to capture a record of any type of attack. You can view these sessions in the Attack Sessions branch of either the NetProwler Console or the Agent Graphical User Interface (GUI).

Case-sensitive

The discrimination between lowercase and uppercase characters.

Causes system instability

This payload may cause the computer to crash or to behave in an unexpected fashion.

Certificate

Cryptographic systems use this file as proof of identity. It contains a user's name and public key.

Certificate authority

An office or bureau that issues security certificates.

Certificate authority-signed SSL

A type of SSL that provides authentication and data encryption through a certificate that is digitally signed by a certificate authority.

Certificate store

A database that contains security certificates.

Channel

In communications, a medium for transferring information, which is also called a line or circuit. Depending on its type, a communications channel can carry information in analog or digital form. A communications channel can be a physical link, such as a cable that connects two stations in a network, or it can consist of some electromagnetic transmission.

Client

A program that makes requests of, or transmits data to, a parent server program.

Client computer

A computer that runs a client program. In a network, the client computer interacts in a client/server relationship with another computer running a server program.

Client/server program

A program in which one portion of the program is installed on a computer that acts as a server for that particular program; and, another portion is installed on one or more client computers.

Client/server relationship

A relationship in which two computers, usually a server and client, communicate across a network. Usually one computer manages or supplies services to the other computer.

Client-side reporting

A method of reporting in which data is retrieved from the server and processed at the client.

Clone

To make a specified folder on the host or remote computer identical to a specified folder on another computer. Any files in the source folder are copied to the destination folder. Files that are in the destination folder and that are not in the source folder are deleted from the disk. Also see synchronize.

Cluster server

A group of two or more servers linked together to balance variable workloads or provide continued operation in the event that one server fails.

CME initiative

The CME initiative is an effort headed by the United States Computer Emergency Readiness Team (US-CERT), in collaboration with key organizations within the security community. Through the adoption of a neutral, shared identification method, the CME initiative seeks to: reduce the public's confusion in referencing threats during malware incidents; enhance communication between anti-virus vendors; and improve communication and information sharing between anti-virus vendors and the rest of the information security community.

CME number

A Common Malware Enumeration (CME) number is a unique, vendor-neutral identifier for a particular threat (see CME initiative above).

Command-Line Interface (CLI)

A utility providing an alternate way to execute the ESM commands in UNIX and Windows NT environments. The CLI supports most of the ESM commands available in the ESM Console. In addition, you can create Agent records, remove modules, or execute batch files that contain CLI commands from the Command Line Interface.

Common Information Model (CIM)

A common data model of an implementation-neutral schema for describing overall management information in a network/enterprise environment. A Specification and Schema comprise CIM. The Specification defines the details for integration with other management models (such as the SNMP MIBs or the DMTF MIFs), while the Schema provides the actual model descriptions.

Communications

The transfer of data between computers by a device such as a modem or cable.

Communications device

Also called the connection device. The communications device is a modem, network interface card, or other hardware component enabling remote communications and data transfer between computers.

Communications link

A connection between computers (and/or peripherals) enabling data transfer. A communications link can be a network, modem, or cable.

Communications port (COM port)

Also called a serial port. The COM port is a location for sending and receiving serial data transmissions. The ports are referred to as COM1, COM2, COM3, and COM4.

Communications protocol

A set of rules designed to enable computers to exchange data. A communications protocol defines issues such as transmission rate, interval type, and mode.

Communications session

The time during which two computers maintain a connection and are usually engaged in transferring information.

Compile

To convert a high-level script into a low-level set of commands that can be executed or run. Syntax errors are discovered when a script is being compiled.

Compromises security settings

This payload may attempt to gain access to passwords or other system-level security settings. It may also search for openings in the Internet-processing components of the computer to install a program on that particular system, which an individual could remotely control over the Internet.

Connection

The successful establishment of a communications link.

Connection item

An item representing a pcAnywhere file, which contains connection device information and security settings to be used during a session.

Console

1. A program interface for the management of software or networks. 2. In a mainframe or UNIX environment, a terminal consisting of a monitor and keyboard.

Content filtering

A subcategory of a security policy that pertains to the semantic meaning of words in text (such as email messages). It can also include URL filtering.

Crash recovery

A file transfer option that directs pcAnywhere to continue transferring files where it left off when computers are reconnected after a broken connection, instead of restarting the transfer.

Current risk

The remaining risk after safeguards have been applied.

Current vulnerability measure

The danger posed by a vulnerability after accounting for the safeguards you use to secure it. If you use a valid safeguard, the current vulnerability measure is less than the default vulnerability measure.

CVE References

A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. (Source: CVE Web site)

Click here to read more about Symantec and CVE compatibility.

Damage

The damage component measures the amount of harm that a given threat might inflict. This measurement includes triggered events, clogging email servers, deleting or modifying files, releasing confidential information, performance degradation, errors in the virus code, compromising security settings, and the ease with which the damage may be fixed.

Data conversion

To convert the configuration files (for example, connecting to a host computer) from an earlier version of pcAnywhere so that you can use them in the current version. You can also use data conversion to import or export configuration files to or from text files for record-keeping purposes.

Data template

A template that defines files or registry entries to be included in a backup.

Data transfer

The movement of information from one location to another. The transfer speed is called the data rate or data transfer rate.

Data transmission

The electronic transfer of information from a sending device to a receiving device.

Default threat measure rating

A rating based on the appropriate threat profile and the estimations of security experts. Expert estimations were obtained using the Delphi inquiry method.

Default vulnerability measure

The danger posed by a vulnerability before you account for the safeguards that you use to secure it. If you use a valid safeguard, the current vulnerability measure is less than the default vulnerability measure.

Degrades performance

This payload slows computer operations, which could involve allocating available memory, creating files that consume disk space, or causing programs to load or execute more slowly.

Deletes files

This payload deletes various files on the hard disk. The number and type of files that may be deleted vary among viruses.

Deploy

To perform a remote installation.

Desktop computer

1. A computer used primarily to perform work for individuals rather than to act as a server. 2. A personal computer or workstation designed to reside on or under a desktop.

Dial

To initiate a connection via LAN, modem, or direct connection, regardless of whether actual dialing is involved.

Dialers

A dialer is any software package that dials a high cost toll number, sometimes by changing the modem configuration, or requests payment for access to particular content.

Direct connection

A form of data communication in which one computer is directly connected to another, usually via a null modem cable.

Disabled

A status indicating that a program, job, policy, or scan is not available. For example, if scheduled scans are disabled, a scheduled scan does not execute when the date and time specified for the scan is reached.

Discovery

A process in which one computer attempts to locate another computer on the same network or domain.

Distributed Management Task Force (DMTF)

An industry organization that leads the development, adoption, and unification of management standards and initiatives for desktop, enterprise, and Internet environments. Working with key technology vendors and affiliated standards groups, the DMTF enables a more integrated, cost-effective, and less crisis-driven approach to management through interoperable management solutions.

Distribution

This component measures how quickly a threat is able to spread.

Domain

A group of computers or devices that shares a common directory database and is administered as a unit. On the Internet, domains organize network addresses into hierarchical subsets. For example, the .com domain identifies host systems used for commercial business.

Domain Name System (DNS)

A hierarchical system of host naming that groups TCP/IP hosts into categories. For example, in the Internet naming scheme, names with .com extensions identify hosts in commercial businesses.

Download

To transfer data from one computer to another, usually over a modem or network. Download usually refers to the act of transferring a file from the Internet, a Bulletin Board System (BBS), or an online service to an individual's computer.

Download folder

The folder in which files that are received during file transfer are stored.

Driver

A program that interprets commands for transferring to and from peripheral devices and the CPU.

Electronic exposure

A rating used to calculate the vulnerability based on whether a threat must have electronic access to your system to exploit a vulnerability.

Enabled

A status indicating that a program, job, policy, or scan is available. For example, if the scheduled scans are enabled, any scheduled scan will execute when the date and time specified for the scan are reached.

Encrypted Virus

A virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect.

Encryption

A method of scrambling or encoding data to prevent unauthorized users from reading or tampering with the data. Only individuals with access to a password or key can decrypt and use the data. The data can include messages, files, folders, or disks.

Extended Partition Boot Record (EPBR)

Each logical partition resembles a physical hard disk, and on each logical hard disk, an EPBR occupies the same position as the MBR of a physical hard disk.

ESM Agent

A software component that performs security assessment on a host system and returns the results to the ESM Manager. The ESM Agents also store snapshot files of system-specific and user-account information, make user-requested corrections to files, and update snapshots to match corrected files.

ESM Enterprise Console

A Graphical User Interface (GUI) used to administer managers and agents. It receives user input, sends requests to the ESM Manager, and formats the returned security assessment data for display. The ESM Enterprise Console is supported for ESM versions 5.0 and later. Older versions of ESM use the ESM GUI.

ESM Manager

A software component that coordinates the work of its assigned ESM Agents, provides communication between the Agents and the ESM user interfaces, and stores security data gathered by the Agents.

Event

A significant occurrence in a system or application that a program detects. Events typically trigger actions, such as sending a user notification or adding a log entry.

Event class

A predefined event category used for sorting reports and configuring alerts.

Event normalization

The process by which events from disparate sources are mapped to a consistent framework.

Event viewer (ITA event viewer)

A separate Windows NT or UNIX Graphical User Interface (GUI) for viewing event data captured by intruder alert agents.

Exploit

A program or technique that takes advantage of a vulnerability in software and that can be used for breaking security, or otherwise attacking a host over the network.

Exposure

An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:

• Allows an attacker to conduct information gathering activities
  
• Allows an attacker to hide activities
  
• Includes a capability that behaves as expected, but can be easily compromised
  
• Is a primary point of entry that an attacker may attempt to use to gain access to the system or data
  
• Is considered a problem according to some reasonable security policy
  

*Source:
CVE Web site

Extended (partition)

An extended partition is a primary partition that was originally developed in order to overcome the four-primary-partition limit. The extended partition is a container, or a place-holder, for logical partitions. The extended partition itself does not contain any data, nor does it receive a drive letter assignment. It can contain any number of logical partitions, and each logical partition receives a drive letter assignment, as long as the logical partition is recognized by the operating system.

eXtensible Markup Language (XML)

The common language of the Web used to exchange information.

External Hostile Structured (EHS) threat

An individual or group outside of an organization that is motivated to attack, exploit, or disrupt mission operations. This highly funded, extremely skilled threat has substantial resources and unique tools. Foreign intelligence services, criminal elements, and professional hackers involved in information warfare, criminal activities, or industrial intelligence often fall into the EHS threat category.

External Hostile Unstructured (EHU) threat

An individual outside of an organization who is motivated to attack, exploit, or disrupt mission operations. This individual has limited resources, tools, skills, and funding to accomplish a sophisticated attack. Many Internet hackers and most crackers and vandals fall into the EHU threat category.

External Nonhostile Structured (ENS) threat

An individual outside of an organization who has little or no motivation for attacking it. However, this threat has special resources, skills, tools, or funding to launch a sophisticated attack. System and network security professionals who use the Internet to obtain information or improve their skills usually fall into the ENS threat category.

External Nonhostile Unstructured (ENU) threat

An individual outside of an organization who has little or no motivation for attacking. This threat has limited resources, skills, tools, or funding to launch a sophisticated attack. Common Internet users fall into the ENU threat category.

External threat

A threat that originates outside of an organization.

File Allocation Table (FAT)

File Allocation Table. FAT can refer to three different types of partitions: FAT12, FAT16, and FAT16b. FAT16b is the most common type, and is used for partitions that are larger than 32 MB. FAT12 and FAT16 partitions were used with MS-DOS 5.0, and are still used with Windows 98 (depending on the partition size). The FAT file system format is used and recognized by DOS, Windows 3.x, Windows 95, Windows NT, OS/2, and nearly all other operating systems.

FAT32

32-bit File Allocation Table. File system format recognized by Windows 95 B (or later versions) and Windows NT 5(or later versions).

FAT32x

A FAT32 partition that crosses over the 1024th cylinder of a hard drive.

File transfer

The process of using communications to send a file from one computer to another. In communications, a protocol must be agreed upon by sending and receiving computers before a file transfer can occur.

Firewall Rules

A security system that uses rules to block or allow connections and data transmission between your computer and the Internet.

Fully Qualified Domain Name (FQDN)

A URL consisting of a host and domain name, including top-level domain. For example, the parsing of the FQDN, www.symantec.com, is:

• www is the host,
  
• symantec is the second-level domain, and
  
• com is the top-level domain.
  

An FQDN always starts with a host name and continues to the top-level domain name, so www.sesa.symantec.com is also an FQDN.

Geographic distribution

This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).

Group

In Windows NT user manager, an account that contains other accounts, which are called members. Permissions and rights granted to a group are also provided to its members, making groups a convenient way to grant common capabilities to collections of user accounts.

Hack tool

Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk. Hack tools also generally:

• Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system it is installed on, and/or
  
• Facilitate an attempt at disabling a target computer, preventing its normal use
  

One example of a hack tool is a keystroke logger -- a program that tracks and records individual keystrokes and can send this information back to the hacker. Also applies to programs that facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt.

Hardware setup

A set of hardware parameters, such as modem type, port/device, and data rate, which is used as a singular named resource in launching a host or remote session.

HLLC

Refers to a virus compiled using a high-level language that adds itself to a location on the system from which it can be easily executed.

HLLO

Refers to a virus compiled using a high-level language that overwrites files.

HLLP

Refers to a virus compiled using a high-level language that is parasitic; that is, the virus infects files with itself.

HLLW

Refers to a worm that is compiled using a High-Level Language. (Note: This modifier may or may not be used as a prefix - it is only a prefix in the case of a DOS High-Level Language Worm. If the Worm is a Win32 file, the proper name is W32.HLLW.)

Hoax

Hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails. Learn more about different hoaxes.

Host

1. In a network environment, a computer that provides data and services to other computers. Services may include peripheral devices, such as printers, data storage, email, or World Wide Web access. 2. In a remote control environment, a computer to which remote users connect to access or exchange data.

Hypertext Transfer Protocol Secure (HTTPS)

A variation of HTTP that is enhanced by a security mechanism, which is usually the Secure Sockets Layer (SSL).

Ignore

A condition that prevents an action from being executed on a rule.

Image file

A file that is created using Norton Ghost. An image file of a disk or partition is created and used to produce duplicates of the original disk or partition.

Image file definition

A description of the properties of an image file, including the image file name, location, and status

Impact

The effect, acceptable or unacceptable, of an incident on a system, operation, schedule, or cost. Unacceptable impact is impact deemed, by the system owner and as compared to the missions and goals of the U.S. Department of Defense (DOD), as severe enough to degrade an essential mission, capability, function, or system causing an unacceptable result. Like impact, unacceptable impact refers to the total system and all areas of operational concern, not only confidentiality.

Inactive

A status indicating that a program, job, policy, or scan is not currently running. For example, when a scheduled scan awaits for the specified date and time to execute, it is inactive.

Incident

The actualization of a risk. The event or result of a threat that exploits a system vulnerability.

Incident response

The ability to deliver the event or set of events to an incident management system or a HelpDesk system to resolve and track incidents.

Incident response cycle

The sequence of phases that a security event goes through from the time it is identified as a security compromise or incident to the time it is resolved and reported.

Infection Length

This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan Horse, the length represents the size of the file.

Information

A rating used to calculate a vulnerability, based on the relative availability of information that discloses a vulnerability. For example, if a vulnerability is disclosed in books or on the Internet, then the information factor is rated high. If a vulnerability is not well-known and little or no documentation on the vulnerability exists, then information is rated low.

Initialize

To prepare for use. In communications, initialize means to set a modem and software parameters at the start of a session.

Integrated Services Digital Network (ISDN)

A type of phone line used to enhance Wide Area Network (WAN) speeds. ISDN lines can transmit at speeds of 64 or 128 kilobits per second (Kbps), as opposed to standard phone lines, which transmit at only 9600 bps. The phone company installs an ISDN line at both the server and remote sites.

Internal Hostile Structured (IHS) threat

An individual or group within an organization that is motivated to disrupt mission operations or exploit assets. This threat has significant resources, tools, and skills to launch a sophisticated attack and potentially remove any evidence of the attack. An IHS threat is unlikely to act but has the greatest potential to cause damage. Highly skilled, disgruntled employees (such as system administrators or programmers) or technical users who could benefit from disrupting operations often fall into the IHS threat category.

Internal Hostile Unstructured (IHU) threat

An individual within an organization who has physical access to network components. This individual is motivated to disrupt the operations of the organization but lacks the resources, tools, or skills necessary to launch a sophisticated attack. It would not be unusual for this threat to attack the organization by deploying a common virus. Unskilled, disgruntled employees or users who could benefit from disrupting operations often fall into the IHU threat category.

Internal Nonhostile Structured (INS) threat

An individual within an organization who has physical access to network components. This individual is not motivated to disrupt mission operations but can do so by making common mistakes. Individuals executing INS threats are usually skilled and have tools to assist them in performing security-related functions. System administrators, network engineers, and programmers often fall into the INS threat category.

Internal Nonhostile Unstructured (INU) threat

An individual within an organization who has physical access to network components. This individual is not motivated to disrupt mission operations but can do so unknowingly. Individuals executing INU threats do not have any unusual skills or tools and are not interested in attacking. Usually, they are typical users who make mistakes that can impact mission operations. The INU threat category is typically the most likely to disrupt operations.

Internal threat

A threat that originates within an organization.

Internet Engineering Task Force (IETF)

An international community of network designers, operators, vendors, and researchers who are concerned with the evolution of Internet architecture and the smooth operation of the Internet. IETF is open to any interested individual. The technical work of the IETF is done in its working groups, which are organized by topic into several areas (such as routing, transport, security, and so on). Much of the work is handled via mailing lists.

Internet Protocol (IP) address

Identifies a workstation on a TCP/IP network and specifies routing information. Each workstation on a network must be assigned a unique IP address, which consists of the network ID, plus a unique host ID assigned by the network administrator. This address is usually represented in dot-decimal notation, with the decimal values separated by a period (for example 123.45.6.24).

Internet Relay Chat (IRC)

IRC is a multi-user chat system, where people meet on "channels" (rooms, virtual places, usually with a certain topic of conversation) to talk in groups, or privately. This system also allows for the distribution of executable content.

Interrupt Requests (IRQ)

Also called hardware interrupts. IRQ means that a connection device signals other hardware components that it needs attention. When you install new devices (such as serial ports, modems, and mouse devices), you may find that previous devices no longer work, because the new devices use the previously used IRQs.

Intruder Alert agent

In Intruder Alert, the agent monitors the hosts and responds to events, by performing defined actions based on applied security policies.

Intruder Alert manager

A software application that runs in the background mode as either a UNIX daemon or a Windows NT service.

Managers:

• Maintain secure communications with all registered Agents,
  
• Maintain the master list of domains and policies applied to each Agent,
  
• Communicate domain and policy changes to Agents,
  
• Receive and store event data from Agents, via the Record to Event Viewer action,
  
• Serve as the communications link among the Intruder Alert Administrator, Intruder Alert Event Viewer, and Agents, and
  
• Maintain the list of policies and the domains to which they are applied.
  

Intrusion Detection

A security service that monitors and analyzes system events to find and provide real-time or near real-time attempt warnings to access system resources in an unauthorized manner. This is the detection of break-ins or break-in attempts, by reviewing logs or other information available on a network.

Intrusion Detection Exchange Format (IDEF)

See Intrusion Detection Working Group (IDWG).

Intrusion Detection Working Group (IDWG)

A group that defines data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, as well as to management systems that may need to interact with them. The IDWG coordinates its efforts with other Internet Engineering Task Force work groups.

Joke programs

Programs that alter or interrupt the normal behavior of your computer, creating a general distraction or nuisance.

Known Dependencies

These programs have been known to install the security risk as a component, and will therefore not function as intended if the security risk is removed from the computer.

Large scale e-mailing

This type of payload involves sending emails to large numbers of people. This is usually done by accessing a local address book and sending emails to a certain number of people within that particular address book.

Launch

To start a program or application. In pcAnywhere, the host computer is launched so that a remote computer can call it and begin a remote control session.

Leased line

A telephone channel that is leased from a common carrier for private use. A leased line is faster and quieter than a switched line, but generally more expensive.

Local Area Network (LAN)

A group of computers and other devices in a relatively limited area (such as a single building) that are connected by a communications link, which enables any device to interact with any other device on the network.

Log

A record of actions and events that take place on a computer. Logging creates a record of actions and events that take place on a computer.

Logical (partition)

A logical partition is a partition that resides within an extended partition and receives a drive letter assignment (provided that the partition type is recognized by the operating system). Logical partitions are typically used to store data, although some operating systems can be installed on a logical partition.

Logon procedures

The process of identifying oneself to a computer after connecting to it over a communications line. During the logon procedure, the computer usually requests a user name and password. On a computer used by more than one person, the logon procedure identifies the authorized users, keeps track of their usage time, and maintains security by controlling access to sensitive files or actions.

Macro

A set of keystrokes and instructions that are recorded, saved, and assigned to a short key code. When the key code is typed, the recorded keystrokes and instructions execute (play back). Macros can simplify day-to-day operations, which otherwise become tedious. For example, a single macro keystroke can set up a connection using pcAnywhere.

Macro keys

Key codes assigned to sets of specific instructions. Also see macro.

Macro virus

A program or code segment written in the internal macro language of an application. Some macros replicate, while others infect documents.

Malware

Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy.

Management Information Base (MIB)

A database of objects that can be monitored by a network management system. Both SNMP and RMON use standardized MIB formats that allow any SNMP and RMON tool to monitor any device defined by an MIB.

Master Boot Record (MBR)

Master Boot Record. The Master Boot Record is contained in the first sector of the hard drive. It identifies where the active partition is, and then starts the boot program for the boot sector of that partition. The boot sector identifies where the operating system is located and enables the boot information to be loaded into the computer's main storage or RAM. The Master Boot Record includes a table that locates each partition that is present on the hard drive.

MD5

A hash function such as MD5 is a one-way operation that transforms a data string of any length into a shorter, fixed-length value. No two strings of data will produce the same hash value.

An MD5 checksum verifies the data integrity by running a hash operation on the data after it is received. The resultant hash value is compared to the hash value that was sent with the data. If the two values match, this indicates that the data has not been altered or tampered with, and its integrity may be trusted.

Click here to learn more about MD5 and to download an MD5 checksum utility.

Click here for a list of MD5 hashes for all available Virus Definitions Intelligent Updater downloads.

Microsoft Management Console (MMC)

An extensible, common console framework for management applications. Management applications are composed of MMC snap-ins, which add management functionality to MMC. The Symantec System Center console and the Symantec AntiVirus Corporate Edition snap-ins add functionality to administer computers that run the Symantec AntiVirus Corporate Edition software.

Middleware

An application connecting two otherwise separate applications.

Misleading applications

Programs that report false or significantly misleading information on the presence of a security risk, threat or system issue on the computer being scanned.

Mobile Code

Code (software) that is transferred from a host to a client (or another host computer) to be executed (run). A worm is an example of malicious mobile code.

Mode

A system state in which a single action or a series of actions are performed. A mode has an On condition and an Off condition.

For example, an Outbreak mode under Symantec Mail Security for MS Exchange might look like:

• Mode On condition: More than 30 email messages with the same subject line are detected in a period of 10 minutes.
  
• Action(s): Quarantine all emails with subject line , run LiveUpdate every 10 minutes.
  
• Mode Off condition: Less than 10 email messages with the same subject line are detected in a period of 10 minutes.
  

Modem

A device that enables a computer to transmit information over a standard telephone line. Modems can transmit at different speeds or data transfer rates. See also baud rate, bps.

Modifies files

This payload changes the contents of files on the computer and may corrupt files.

Module

An executable that runs security checks on specific areas of the server or workstation security.

Motivation

The relative amount of incentive that a threat has to compromise or damage the assets of an organization.

Multicast

To simultaneously send the same message to a list of recipients on a network.

Name of attachment

Most worms are spread as attachments to emails. This field indicates the usual name or names that the attachment can be called.

NetProwler agent

A component that monitors the traffic on a network segment to detect, identify, and respond to intrusion attacks.

NetProwler console

The Graphical User Interface (GUI) provided for managing all the agents assigned to a NetProwler manager. From the console, you can assign agents, configure agents, monitor agent alerts, query the NetProwler manager for specific information, and generate or view security reports.

NetProwler manager

A component that coordinates the work of NetProwler agents, provides communication between the agents and the user interfaces, and stores security data gathered by the agents.

Network

A group of computers and associated devices connected by communications facilities (both hardware and software) to share information and peripheral devices, such as printers and modems. Also see LAN.

Network resource

Any device or node on a network that NetRecon can identify. Examples include computers, printers, routers, and hubs (certain types). Since devices can be known to a network in multiple ways (for example, one computer may have multiple IP addresses, a NetBIOS name, and a NetWare name), the number of network resources discovered by NetRecon is generally much greater than the number of physical devices connected to the network.

Network station

A computer connected to a LAN through a network adapter card and software.

New Technology File System (NTFS)

File system format recognized only by Windows NT.

Node

1. In a tree structure, a point where two or more lines meet. 2. In a network, any addressable device attached to the network that can recognize, process, or forward data transmissions.

Notification

A predefined response triggered by a system condition, such as an event or error condition. Typical responses include sound or visual signals, such as displaying a message box, sending email, or paging an administrator. The administrator may be able to configure the response. Also see alert.

N-Tier system

A system with managed endpoints, middleware, stand-alone tools, and backend systems.

Null modem cable

A cable that enables two computers to communicate without using modems. A null modem cable accomplishes this by crossing the sending and receiving wires, so that the wire used for transmitting by one device is used for receiving by the other, and vice versa.

Number of countries

A measure of the number of countries where infections are known to have occurred.

Number of infections

Measures the number of computers known to be infected.

Number of sites

Measures the number of locations with infected computers. This normally refers to organizations, such as companies, government offices, and so on.

Occurrence measure

The likelihood that a threat will manifest itself within an organization.

Organizational unit

A group of associated systems whose hierarchy generally reflects the network topology. Organizational units can be nested and inherit their properties from parent units when they have not already been associated with a configuration.

Overlapping safeguards

Two or more assigned safeguards that secure the same vulnerability.

Package

An object that contains the files and instructions for distributing software.

Package definition

A link from the console to an AI package, either on an attached drive or on a Web server.

Parameter

A value that is assigned to a variable. In communications, a parameter is a means of customizing program (software) and hardware operation.

Parent server

A computer that runs the Symantec AntiVirus Corporate Edition Server software, as well as manages and communicates with computers that run the Symantec AntiVirus Corporate Edition Client software. The virus definition files and configuration updates are pushed from the parent server to its managed clients. Alerts are sent from the managed clients to the parent server.

Parity

The quality of an integer being odd or even. Also see parity bit, parity checking.

Parity bit

An extra bit (either 0 or 1) that is added to a group of bits to make it either even or odd, depending on whether even parity or odd parity is used. Parity bit is used to check for errors in data transfers between computers, usually over a modem or null modem cable.

Parity checking

The process of verifying the integrity of data transferred between computers, usually over a modem or null modem cable. The most common methods are even parity checking and odd parity checking. Depending on the parity checking method used, an extra bit, called a parity bit, is added to each group of bits to make the number of transmitted bytes either even or odd. Both computer systems must use the same method of parity checking.

Password

A unique string of characters that a user types as an identification code to restrict access to computers and sensitive files. The system compares the code against a stored list of authorized passwords and users. If the code is legitimate, the system allows access at the security level approved for the owner of the password.

Payload

This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.

Payload trigger

The condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others may trigger their payload based on the execution of certain programs or on the availability of an Internet connection.

Peripheral device

A piece of equipment (usually attached to one of the computer's ports) that lets users send and receive data to and from a computer. Printers, modems, mouse devices, and keyboards are all peripheral devices.

Phishing

Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identify thieves. They use SPAM, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts.

Physical exposure

A rating used to calculate the vulnerability, based on whether a threat must have physical access to your system to exploit a vulnerability.

Ping

A basic Internet program that lets you verify that a particular Internet address exists and can accept requests. The act of using the ping utility or command. Pinging is diagnostically used to ensure that a host computer, which you are trying to reach, actually operates.

Policy

The method of action selected from alternatives, given specific conditions to guide and determine present and future decisions.

Policy library

A repository of all of the policies (preconfigured and user-defined) in ITA.

Polymorphic Virus

A virus that can change its byte pattern when it replicates; thereby, avoiding detection by simple string-scanning techniques.

Port

A hardware location for passing data in and out of a computing device. Personal computers have various types of ports, including internal ports for connecting disk drives, monitors, and keyboards, as well as external ports, for connecting modems, printers, mouse devices, and other peripheral devices.

In TCP/IP and UDP networks, port is the name given to an endpoint of a logical connection. Port numbers identify types of ports. For example, both TCP and UDP use port 80 for transporting HTTP data. A threat may attempt to use a particular TCP/IP port.

Potential damage

A rating used to calculate a vulnerability, based on the relative damage incurred if a threat exploits a vulnerability. For example, if a threat can obtain root privileges by exploiting a vulnerability, the potential damage is rated high. If a vulnerability only lets the threat browse a portion of a file system, and this type of activity causes little or no damage to the network, the potential damage is rated low.

Potentially unwanted application

Programs that computers users wish to be made aware of. These programs include applications that have an impact on security, privacy, resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission or notice on a system or be deemed to be separate and different from the application installed.

Predictive risk assessment

A process that consists of risk assessment, business objectives, business objective risk, business task, business task risk, and Business Impact Assessment (BIA).

Predictive vulnerability assessment

A process consisting of vulnerability assessment, safeguards, safeguard assessment, assets, asset value, asset measure, risk, risk measure, and residual risk.

Primary (partition)

A primary partition is referenced in the Master Boot Record partition table and is normally used to contain operating systems and their associated application files. One primary partition on a drive will be active at a time, and any others will typically be hidden and inaccessible (for purposes of DOS compatibility and in order to prevent data corruption between operating systems). A four-primary-partition limit exists on all PC hard drives; one of these primary partitions can be an extended partition, which can contain any number of logical partitions.

Primary server

A computer that runs the Symantec AntiVirus Corporate Edition Server software, which is responsible for configuration and virus definition file update functions in a server group. When you perform a task at the server group level in the Symantec System Center, the task runs on the primary server. The primary server forwards the task to its secondary servers. If the primary server runs Alert Management System2, it processes all the alerts.

Probe

Any effort, such as a request, transaction, or program, which is used to gather information about a computer or the network state. For example, sending an empty message to see whether a destination actually exists.

Ping is a common utility for sending such a probe. Some probes are inserted near key junctures in a network for monitoring or collecting data about network activity.

Profiler

An automated configuration tool that scans a network for live systems and guides you through the process of defining systems that you want to monitor, as well as attack signatures that you want associated with each system.

Profiling

The process of scanning a network for live systems to monitor and of associating attack signatures with those particular systems. Also see profiler.

Property filtering

A subcategory of a security policy that pertains to the properties of email messages, such as attachment size, number of recipients, or whether an attachment is encrypted.

Protocol

A set of rules enabling computers or devices to exchange data with one another with as little error as possible. The rules govern issues, such as error checking and data compression methods. Also see communications protocol.

Proxy

A software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved.

Quarantine

To isolate files suspected to contain a virus, so that the files cannot be opened or executed. The Symantec AntiVirus Corporate Edition heuristically detects suspect files and virus-infected files that cannot be repaired with the current set of virus definitions. From the Quarantine on the local computer, quarantined files can be forwarded to a central network quarantine and submitted to Symantec Security Response for analysis. If a new virus is discovered, the updated virus definitions are automatically returned.

Rapid Release Virus Definitions

Rapid release definitions are most valuable during a high-level outbreak when users are unable to wait for definitions to undergo full quality assurance testing. Rapid release definitions are available here. While rapid release definitions have not been fully certified, Symantec Security Response makes every effort to ensure that all definitions function correctly.

Record

To capture and store a set of data that consists of a series of actions and events.

Region

The part of a network administrated by an ESM Console user. An ESM region can contain managers, domains, agents, security policies, and a summary database that contains the results of the ESM policy runs.

Releases confidential information

This payload may attempt to gain access to important data stored on the computer, such as credit card numbers.

Remote

A computer that connects with a host computer and takes control of it in a remote control session.

Remote access

A program that allows one computer to gain access to another computer without authorisation or a visible presence.

Remote communication

The interaction with a host by a remote computer through a telephone connection or another communications line, such as a network or a direct serial cable connection.

Remote control session

A process in which a remote computer calls and connects with a host computer. Then, the remote computer operates the host while the host's video display is transmitted to the remote computer's monitor. CPU activity takes place on the host.

Remote networking

A connection in which a computer calls a network device, and then operates as a node on that particular network. Remote networking is also referred to as Dial-Up Networking or remote access. Also see remote control session.

Removal

Measures the skill level required to remove the threat from a given computer. Removal sometimes involves deleting files and modifying registry entries. The three levels are Difficult/High (requires an experienced technician), Moderate/Medium (requires some expertise), and Easy/Low (requires little or no expertise).

Replication

The process of duplicating data from one database to another.

Report

A set of data that is organized and formatted according to specific criteria.

Residual risk

The risk that remains after the application of selected safeguards.

Response actions

Actions that you can configure NetProwler to perform when it detects an attack. Response actions include capturing the attacker's session, resetting the session, emailing an administrator, or paging an administrator.

Retrovirus

A computer virus that actively attacks an antivirus program or programs in an effort to prevent detection.

Risk

A threat that exploits a vulnerability that may cause harm to one or more assets.

Risk assessment

The computation of risk. Risk is a threat that exploits some vulnerability that could cause harm to an asset. The risk algorithm computes the risk as a function of the assets, threats, and vulnerabilities. One instance of a risk within a system is represented by the formula (Asset * Threat * Vulnerability). Total risk for a network equates to the sum of all the risk instances.

Risk impact

Risk Impact is an overall assessment of how a security risk affects a computer. Symantec provides a risk impact rating scale from low to high, which takes into consideration the following factors:

• Performance
  This component measures the negative impact that the presence of a security risk has on the computer's performance. A low rating indicates that there is minimal degradation to the computer's performance, while a high rating indicates that the computer's performance is seriously degraded.
  
• Privacy
  This component assesses the level of privacy that is lost due to the presence of a security risk on a computer. Privacy may be lost due to activities such as monitoring Web sites visited or transmission of other personal information. A low rating indicates that the presence of the security risk results in little or no loss of privacy, while a high rating indicates that personal and other sensitive information may be stolen.
  
• Removal
  This component assesses the difficulty in removing a security risk from a computer. Several security risks have functioning uninstallers and are relatively easy to remove.
  In other cases it may be necessary to uninstall the security risk by manually deleting files and registry entries. A program that is easily removed from a computer has a low rating, while a high rating is given to security risks that are difficult to remove.
  
• Stealth
  This component assesses how easy it is to determine if a security risk is present on a computer. A low rating indicates a program that makes little or no attempt to hide its presence on the compromised computer. A high rating indicates that the security risk is employing techniques to hide its presence on the computer, which may make it difficult to determine if the security risk is installed on the computer.
  

Risk management team

A group of people who hold varying views of a network: the people who use the network, and those who define the purpose of the network. The team should include end users, system administrators, system security officers, system engineers, and the owners of the data, residing on the network.

Rootkit

A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit, such as installation and any form of code execution, are done without end user consent or knowledge.

Rootkits do not infect machines by themselves like viruses or worms, but rather, seek to provide an undetectable environment for malicious code to execute. Attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques, to manually install rootkits. Or, in some cases, rootkits can be installed automatically upon execution of a virus or worm or simply even by browsing to a malicious website.

Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels.

Risk measure

A quantitative measurement of risk. The product of the asset measure, threat measure, and vulnerability measure, based on proven algorithms.

Risk measure

A quantitative measurement of risk. The product of the asset measure, threat measure, and vulnerability measure, based on proven algorithms.

RS-232-C standard

An industry standard for serial communication connections. Specific lines and signal characteristics control the transmission of serial data between devices.

Rule

A logical statement that lets you respond to an event, based on predetermined criteria.

Run

To execute a program or script.

Safeguard

A process, procedure, technique, or feature intended to mitigate the effects of risk. Safeguards rarely, if ever, eliminate risk-they reduce it to an acceptable level.

Safeguard assessment

A process identifying the safeguards that best support the risk-reduction strategy formed during the risk assessment phase.

Script

A type of program that consists of a set of instructions for an application. A script usually consists of instructions that are expressed using the application's rules and syntax, combined with simple control structures. The pcAnywhere source scripts have a .scr extension; compiled, executable pcAnywhere scripts have a .scx extension.

Secondary server

A computer running the Symantec AntiVirus Corporate Edition Server software, which is a child of a primary server. In a server group, all the secondary servers retrieve information from the same primary server. If the secondary server is a parent server, it in turn passes information to its managed clients.

Secure Sockets Layer (SSL)

A protocol that allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection.

Security architecture

A plan and set of principles that describe the security services that a system is required to provide to meet the needs of its users, the system elements required to implement the services, and the performance levels required in the elements to deal with the threat environment.

Security assessment tools

Programs used primarily to perform security related network or local system administrative tasks that contain functionality that may provide information for unauthorized access to computer systems or render them inoperable.

Security life cycle

A method of initiating and maintaining a security plan. It involves assessing the risk to your business, planning ways to reduce the risk to your business, implementing the plan, and monitoring your business to verify that the plan reduced the risk.

Security response

The process of research, creation, delivery, and notification of responses to viral and malicious code threats, as well as operating system, application, and network infrastructure vulnerabilities. Also see notification.

Security services

The security management, monitoring, and response services that let organizations leverage the knowledge of Internet security experts to protect the value of their networked assets and infrastructure.

Sequence number

Only the Norton AntiVirus Corporate products use the sequence numbers, which are an alternate method of representing the date of the latest definitions or required definitions. Sequence numbers are sequentially assigned to signature sets, and they are always cumulative. A signature set with a higher sequence number supersedes a signature set with a lower sequence number.

Serial communication

The transmission of information between computers, or between computers and peripheral devices, one bit at a time over a single line (or a data path that is one-bit wide). Serial communications can be either synchronous or asynchronous. The sender and receiver must use the same data transfer rate, parity, and flow control information. Most modems automatically synchronize to the highest data transfer rate that both modems can support.

pcAnywhere uses the asynchronous communications standard for personal computer serial communications.

Serial interface

A data transmission scheme in which data and control bits are sequentially sent in a one-bit-wide data path over a single transmission line. Also see the RS-232-C standard.

Serial port

Also known as a communications port or COM port. The serial port is a location for sending and receiving serial data transmissions. DOS references these ports by the names COM1, COM2, COM3, and COM4.

Serial transmission

The transmission of discrete signals one after the other. In communications and data transfer, serial transmission involves sending information over a single wire, one bit at a time. This is the method used in modem-to-modem communications over telephone lines.

Server group

A container of Symantec AntiVirus Corporate Edition servers and clients that share communication channels. Server group members can be managed as a unit. Server groups are independent of Windows NT/2000 domains.

Servlet

A Java applet that runs within a Web server environment.

Session

In communications, the time during which two computers maintain a connection and are usually engaged in transferring information.

Severity

A level assigned to an incident. See incident.

Shared drives

This field indicates whether the threat will attempt to replicate itself through mapped drives or other server volumes to which the user might be authenticated.

Size of attachment

This field indicates the size of the file attached to the infected email.

Source computer

A computer (with drivers and applications installed) that is used as a template. An image file of this computer is created and cloned onto other client computers.

SpeedSend

An option that enhances file transfer performance when sending files with duplicate file names, by comparing the two files and transferring only the data that is different in the source file.

Spyware

Spyware is any software package that tracks and sends personally identifiable information or confidential information to third parties. Personally identifiable information is information that can be traced to a specific person such as a full name. Confidential information includes data that most people would not be willing to share with someone and includes bank details, credit card numbers, and passwords. Third parties may be remote systems or parties with local access. Learn more about spyware.

Stateful dynamic signature inspection

An intrusion detection method used to detect attacks. Stateful refers to the virtual processor that lets NetProwler build a context around a monitored network session, enabling efficient analysis and recording of complex events.

Dynamic refers to the ability to create and activate new attack signatures without taking the system offline. Signature Inspection is a method of detection that compares an attack signature with a cache of attack signatures on NetProwler.

Structured external threat

An individual outside of your organization who may be a threat. This person is technically skilled, may collaborate with others, and may use automated tools.

Structured internal threat

An individual inside your organization who may be a threat. This person is technically skilled, may collaborate with others, and may use automated tools.

Structured threat

An individual who may be a threat to your organization. This person is technically skilled, may collaborate with others, and may use automated tools.

Subject of email

Some worms spread by sending themselves to other people through email. This field indicates the subject of the email that the worm sends.

Switched line

A standard dial-up telephone connection; the type of line that is established when a call is routed through a switching station. Also see leased line.

Symantec System Center (SSC) console

A type of software used to monitor and control computers that run supported Symantec client or server software. The SSC console is a snap-in to the Microsoft Management Center management tool. Additional snap-ins, such as the Norton AntiVirus Corporate Edition snap-in, add product-specific management capabilities to the SSC console.

Synchronize

To copy files between two folders on host and remote computers to make the folders identical to one another. (Copying occurs in both directions.) If there are two files with the same name, the file with the most current date and time is copied. Files are never deleted during the synchronization process. See also clone.

Synchronous transmission

A form of data transmission in which information is sent in blocks of bits separated by equal time intervals. The sending and receiving devices must first be set to interact with one another at precise intervals, then data is sent in a steady stream. Also see asynchronous transmission.

Syntax error

An error made by an author when creating a script, such as not enclosing a string in quotes or specifying the wrong number of parameters. Syntax errors are detected during the script compilation and are written to a file with the same source file name and the .err extension. You can use the pcAnywhere Editor to view the .err file, make corrections to the script, and re-attempt compilation.

Systems Security Engineering-Capability Maturity Model (SSE-CMM)

A system for describing the essential characteristics of an organization's security engineering process, which must exist to ensure good security engineering. Engineering organizations can use the model to evaluate and refine security engineering practices; customers, to evaluate a provider's security engineering capability; and security engineering evaluation organizations, to establish organizational, capability-based confidences.

System

A set of related elements that work together to accomplish a task or provide a service. For example, a computer system includes both hardware and software.

Systems Affected

Refers to operating systems or applications that are vulnerable to a threat.

Systems Not Affected

Refers to operating systems or applications that are not vulnerable to a threat. The list of systems may change as more information about a given threat becomes available.

Target of infection

Systems, files, or media (for example, hard drives), that a threat attempts to infect or otherwise disrupt.

Technical description

This section describes the specific details of the infection, such as registry entry modifications and files that are manipulated by the virus.

Telephony Application Programming Interface (TAPI)

Microsoft Windows operating systems use this standard to connect a computer to telephone services. Windows uses TAPI to automatically detect and configure communication hardware, such as modems, which are installed on a computer.

Template

In Enterprise Security Manager (ESM), a file that includes module control directives and definitions of objects, and their expected states.

Terminal services

A Microsoft technology that lets users remotely execute Windows-based applications on a terminal server. Applications run entirely on the server. The server transfers only the user interface, keystrokes, and mouse movements between the server and client.

Threat

A circumstance, event, or person with the potential to cause harm to a system in the form of destruction, disclosure, data modification, and/or Denial of Service (DoS).

Threat assessment

The severity rating of the virus, worm, or Trojan horse. The threat assessment includes the damage that this threat causes, how quickly it can spread to other computers (distribution), and how widespread the infections are known to be (wild).

Threat containment

A measure of how well current antivirus technology can keep this threat from spreading. As a general rule, older virus techniques are generally well-contained; new threat types or highly complex viruses can be more difficult to contain, and are correspondingly more a threat to the user community. The measures are Easy (the threat is well-contained), Moderate (the threat is partially contained), and Difficult (the threat is currently uncontainable).

Threat measure

A quantitative measurement of a threat. A threat's physical access, electronic access, capability, motivation, and occurrence measure determine the threat measure.

Threat safeguard

A process, procedure, technique, or feature that deters one or more threats to the network, by reducing the risk linked to a system's threat measure.

Threshold

The number of events that satisfy certain criteria. Administrators define threshold rules to determine how notifications are to be delivered.

Time stamp of attachment

This field indicates the date and time of the file attachment.

Time-out

A predetermined period of time during which a given task must be completed. If the time-out value is reached before or during task execution, the task is canceled. You can configure a pcAnywhere host to disconnect from a remote computer after a certain amount of time has passed without activity.

Trackware

Trackware is any software package that tracks system activity, gathers system information, or tracks user habits and relays this information to third-party organisations. The information gathered by such programs is neither personally identifiable nor confidential.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A common set of protocols used on the Internet to link dissimilar computers across many kinds of networks.

Tune-up pack

An executable that installs software enhancements to a specific version of ESM.

Unstructured external threat

An individual outside your organization who may be a threat. This person is technically unskilled or unsophisticated.

Unstructured internal threat

An individual inside your organization who may be a threat. This person is technically unskilled or unsophisticated.

Unstructured threat

A threat that tends to be technically unskilled or unsophisticated.

Upload

To send a file from one computer to another via modem, network, or serial cable. With a modem-based communications link, the process generally involves the requesting computer instructing the remote computer to prepare to receive the file on its disk and wait for the transmission to begin. Also see download.

User account

A Windows NT file that contains information that identifies a user to Windows NT. This includes the user name and password, groups in which the user account has membership, and the rights and permissions that the user has for using the system and accessing its resources.

User manager

A Windows NT utility that enables users with administrative privileges to edit and define individual user accounts and privileges for the local workstation.

Variants

New strains of viruses that borrow code, to varying degrees, directly from other known viruses. The variants are usually identified by a letter, or letters, following the virus family name; for example, VBS.LoveLetter.B., VBS.LoveLetter.C, and so on.

Virus Definitions (Intelligent Updater™)

Symantec Security Response fully tests the Intelligent Updater definitions for quality assurance. The definitions are posted daily and can be downloaded from the Symantec Security Response Web site and manually installed.

Corporate network administrators, as well as end users who practice potentially risky Internet behavior (for example, clicking on email attachments from unknown senders or attachments included in unexpected emails, downloading files from newsgroups or suspicious Web sites, and so on) benefit the most from downloading and installing the Intelligent Updater definitions on a daily basis. Intelligent Updater definitions are available here.

Home users: While it is possible, it is not absolutely necessary for you to download and install the Intelligent Updater definitions daily. Symantec receives samples of new risks every day and we build new definitions for these risks daily. However, in many cases these risks are not in the wild, or if in the wild, they have a very low incidence of infection. In any event, if we detect that a risk in the wild is rapidly spreading, we immediately release LiveUpdate packages to fully protect our customers. Additionally, if you suspect that a risk is present on your computer, take advantage of the Scan and Deliver functionality to submit the suspect file for analysis by Symantec Security Response.

For detailed instructions on how to download and install the Intelligent Updater definitions from the Symantec Security Response Web site, click here.

Virus Definitions (LiveUpdate™ Daily)

LiveUpdate Daily definitions are made available each day, providing the most convenient method for protecting your PC from risks. Symantec Security Response fully tests all the definitions for quality assurance before they are posted to the LiveUpdate servers. LiveUpdate Daily is available for the Norton AntiVirus™ 2008, Norton Internet Security™ 2008, Symantec AntiVirus™ Corporate Edition 10.0, and Symantec Client Security™ 3.0 products.

For more information on how LiveUpdate works, click here.

For detailed instructions on how to run LiveUpdate, click here.

Virus Definitions (LiveUpdate™ Plus)

LiveUpdate Plus definitions are available for enterprise customers with Platinum Support entitlements. LiveUpdate Plus allows for daily definition updates for large networks that use the LiveUpdate Administration Utility. For more information on the LiveUpdate Administration Utility, click here.

Virus Definitions (LiveUpdate™ Weekly)

LiveUpdate is the easiest way to obtain definitions and product updates for consumer products. Symantec Security Response fully tests all the definitions for quality assurance before they are posted to the LiveUpdate servers. These definitions are released once each week (usually Wednesdays), unless there is a major outbreak.

For more information on how LiveUpdate works, click here.

For detailed instructions on how to run LiveUpdate, click here.

Virus definitions file

A file that provides information to antivirus software to find and repair risks. In the Symantec AntiVirus Corporate Edition, the administrator must regularly distribute updated definition files to the servers and clients of the Symantec AntiVirus Corporate Edition. Definition files contain protection for all the latest viruses, worms, Trojans and security risks.

Voice first

A functionality that allows the host and remote users have a voice conversation before beginning a data session. Use voice first when you have only one phone line and want to speak with the other user before starting the session.

Vulnerability

A (universal) vulnerability is a state in a computing system (or set of systems) which either:

• Allows an attacker to execute commands as another user
  
• Allows an attacker to access data that is contrary to the specified access restrictions for that data
  
• Allows an attacker to pose as another entity
  
• Allows an attacker to conduct a denial of service
  

*Source: CVE Web site

Vulnerability assessment

The identification and quantification of a system's technical and environmental vulnerabilities.

Vulnerability Management

The practice of identifying and removing weaknesses that can be used to compromise the confidentiality, integrity, or availability of a computer information asset. A vulnerability management is a preventative information security practice that identifies and removes weaknesses before they can be used to compromise a computer information asset.

Vulnerability measure

A quantitative measurement of vulnerability. Symantec Risk Assessor measures each vulnerability through its physical exposure, electronic exposure, potential damage, age, and information.

Vulnerability measure factors

The elements used to calculate the danger posed by a vulnerability (vulnerability measure). Each vulnerability is rated in terms of its physical exposure, electronic exposure, potential damage, information, and age.

Vulnerability safeguard

A process, procedure, technique, or feature that assists in securing a vulnerability, by reducing the risk linked to the system's vulnerability measure.

Warning

A message that informs the user that performing an action can or will result in data loss on the user's system.

Web-Based Enterprise Management (WBEM)

A set of management and Internet standard technologies developed to unify the management of enterprise computing environments. WBEM enables the industry to deliver a well-integrated set of standards-based management tools that leverage emerging Web technologies.

Wild

The wild component measures the extent to which a virus is already spreading among computer users. This measurement includes the number of infected independent sites and computers, the geographic distribution of infection, the ability of current technology to combat the threat, and the complexity of the virus.

Wildcard

A symbol that enables multiple matching values to be returned based on a shared feature. The script language has two wildcards:

1. The question mark (?) stands for any single character.
   
2. The asterisk (*) stands for any character string of any length.
   

For example, the file specification *.* would return all the files, regardless of their file names.

The file specification *.sc? would return all the file names with a three-character extension beginning with sc (such as compusrv.scr, compusrv.scx, and so on).

Workstation

1. A networked computer that uses server resources.
   
2. A computer that is connected to a mainframe computer. It is usually a personal computer connected to a Local Area Network (LAN), which shares the resources of one or more large computers.
   

   Workstations differ from terminals or dumb terminals in that they can be used independently of the mainframe. Also, they can have their own applications installed, as well as their own hard disks.
   

3. A type of computer that requires a significant amount of computing power and that can produce high-quality graphics.
   

Zoo

A threat that exists only in virus and antivirus labs, not in the wild. Most zoo threats never get released into the wild, and as a result, rarely threaten users.