THE WHATIS.COM WORD-OF-THE-DAY March 24, 2003 drive-by download
______________ SPONSORED BY: Global Knowledge BECOME THE EXPERT! Global Knowledge is a worldwide leader in IT education and enterprise training solutions, offering more than 700 courses. For a limited time purchase any 3 courses at one time, and get $1,000 off the total! Choices include Network Security, Microsoft Windows 2000 Server, and Linux Administration. Click here to review our entire course catalog http://WhatIs.com/r/0,,11697,00.htm?globalknowledge ________________ TODAY'S WORD: drive-by download See our complete definition with hyperlinks at http://whatis.techtarget.com/definition/0,,sid9_gci887624,00.html A drive-by download is a program that is automatically downloaded to your computer, often without your consent or even your knowledge. Unlike a pop-up download, which asks for assent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. Frequently, a drive-by download is installed along with another application. For example, a file sharing program might include downloads for a spyware program that tracks and reports user information for targeted marketing purposes, and an adware program that generates pop-up advertisements using that information. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part. Xupiter, an Internet Explorer toolbar program, is frequently installed as a drive-by download. The program is said to replace the user's home page, change browser settings, and use redirection to take all searches to the Xupiter Web site. In some versions, the program initiates drive-by downloads of other programs. Furthermore, although it comes with an uninstall utility, Xupiter is said to be next to impossible for the average computer user to remove. There are some arguments to be made in favor of drive-by downloads, particularly for downloads of patches or service packs that address security flaws. If these were automatically installed, instead of depending on the diligence of server administrators, computers and the Internet in general might be safer from malicious programming such as viruses and worms. In January 2003, a worm called the SQL Slammer exploited a known buffer overflow vulnerability in Microsoft SQL 2000 server systems to cause widespread Internet outages. The attack was launched precisely six months after Microsoft released a patch for the flaw. If the patch had been installed to vulnerable systems, the attack would have had little impact. However, although drive-by downloads for patches might address specific security flaws, they might also conflict with existing system configurations, and thus create more problems than they solve. RELATED TERMS: pop-up download http://whatis.techtarget.com/definition/0,,sid9_gci887635,00.html spyware http://searchcio.techtarget.com/sDefinition/0,,sid19_gci214518,00.html adware http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci521293,00.html redirection http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci214493,00.html patch http://searchsystemsmanagement.techtarget.com/sDefinition/0,,sid20_gci212753,00.html service pack http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci507067,00.html ______________ SELECTED LINKS: SearchSecurity offers a collection of Best Web Links about Malware (Trojan horses, viruses & worms). http://searchsecurity.techtarget.com/bestWebLinks/0,289521,sid14_tax281940,00.html ZDNet's BizTech Library features an article called "Beware of Drive-by Downloads." http://cma.zdnet.com/texis/techinfobase/techinfobase/++wq_qoK6968sW_/zdisplay.html The Counterexploitation Web site has advice about "Adware, Spyware and other unwanted "malware" - and how to remove them." http://www.cexx.org/adware.htm ______________ TODAY'S TECH NEWS: INTERSAN EXTENDS PATHLINE AUTOMATION FEATURES InterSAN is prepping for an upgrade of its Pathline management and automation product. http://searchstorage.techtarget.com/originalContent/0,289142,sid5_gci887497,00.html CIO, CPO RELATIONSHIP BECOMING KEY IN IT SHOPS With government initiatives such as HIPAA (the Health Insurance Portability and Accountability Act) turning up the pressure to protect customer data, organizations have recognized the need to rank privacy ahead of almost all other issues. http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci887780,00.html FREIGHT COMPANY HAULS IN 37,000 WINDOWS PATCHES Administrators at freight giant CNF have installed an eye-popping 37,000 Windows desktop patches since August. An IT manager with CNF explained why they needed so many, and he offered some patch management advice for those who need to patch things up in their own organizations. http://searchwindowsmanageability.techtarget.com/originalContent/0,289142,sid33_gci887247,00.html >> Catch up on all the latest IT news at http://searchtechtarget.techtarget.com/ ______________________ KNOW-IT-ALL QUESTION | Do you speak geek? This operating system originated at Bell Labs in 1969 as an interactive time-sharing system. a. BASIC b. DOS c. Linux d. Unix >> See correct answer http://searchsolaris.techtarget.com/sDefinition/0,,sid12_gci213253,00.html ______________________ QUIZ #36 | Linux Basics Take our latest quiz and see how much you know about Linux. Make Linus Torvalds proud! >> Click to take the quiz http://searchenterpriselinux.techtarget.com/sDefinition/0,,sid39_gci882525,00.html ______________________________ RECENT ADDITIONS AND UPDATES [1] non-geographic number http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci885964,00.html [2] Internet Key Exchange http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci884946,00.html [3] Wi-Fi Protected Access http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci887323,00.html [4] Learning Guide: Introduction to XML http://whatis.techtarget.com/definition/0,,sid9_gci887243,00.html [5] Learning Guide: Security Policy Primer http://whatis.techtarget.com/definition/0,,sid9_gci887248,00.html ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: LOWELL THING, Site Editor ([EMAIL PROTECTED]) ____________________________________________________________________ MARGARET ROUSE, Associate Editor ([EMAIL PROTECTED]) ___________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::: Published by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2003, All Rights Reserved. Unsubscribe from 'Word of the Day' - Simply Reply to this Email with REMOVE within the Body or Subject > or - Go to: http://WhatIs.techtarget.com/register - Log in to edit your profile. - Click on the link to Edit email subscriptions. - Uncheck the box next to the newsletter you wish to unsubscribe from. - When finished, click "Save Changes to My Profile."
