|
Network Chico security
terms glossary
| @ | A
| B | C | D
| E | F | G
| H | I | J
| K | L | M
| N | O | P
| Q | R | S
| T | U | V | W | X
| Y | Z |
Welcome to the Network Chico
computer security terms glossary.
=T=
Telnet Server: Software
that allows a remote user of a Telnet client to connect as a
remote terminal from anywhere on the Internet and control a computer
in which the server software is running.
Time Bomb: A logic bomb
with its trigger condition(s) based on absolute or elapsed date
or time conditions.
TOM: Top Of Memory.
The end of a PC's conventional memory, which, as a matter of
architectural design, was limited to 640KB on most PCs and is
always a multiple of 64KB. Early PCs were seldom fully populated
with RAM, with 64KB, 128KB and 512KB being common values for
very early models.
During startup, the BIOS initializes a value in the BIOS Data
Area (BDA) noting, in kilobytes, how much conventional memory
it found. Boot sector viruses typically read this value, copy
their code to just below the memory location it represents and
then decrease the value in the BDA. This means the virus' resident
code ends up above the TOM subsequently reported to the operating
system or to any programs (boot viruses load before the OS).
With OSes such as DOS, this ensures the virus' code is not overwritten,
but with some more complex OSes this may not be the case. Monitoring
the TOM value in the BDA for unexpected changes can help detect
a virus, but there are legitimate reasons for it to change. It
is a common misconception that PCs reporting less than 640KB
of conventional memory necessarily have a virus. While it is
the case that boot viruses (and many simple DOS executable infectors)
steal RAM from the TOM, this is far from the only explanation
for less than 640KB being reported. For example, many expansion
cards that have their own BIOSes and other common BIOS extensions
(such as on SCSI controllers embedded in a PC's main logic board)
liberate a small amount of conventional RAM from the TOM for
their own purposes (1KB, 2KB and 4KB are common amounts for this).
Similarly, many system BIOSes have an option to move the Extended
DIOS Data Area (EBDA) to the TOM, accounting for 1KB of RAM if
enabled. Further, the various startup modes of Windows 9x and
ways of getting to a DOS prompt to discover the TOM setting of
a machine can also affect what is reported (for example, a machine
in the current author's test network variously reports 640KB,
639KB and 636KB depending whether a straight DOS boot is made,
the DOS prompt is accessed from inside Windows and whether safe
mode is used or not).
Toolbar: A group of buttons
which perform common tasks. A toolbar for Internet Explorer is
normally located below the menu bar at the top of the form. Toolbars
may be created by Browser Helper Objects.
Tracking Cookie: Any cookie
that is shared among two or more web pages for the purpose of
tracking a user's surfing history.
Trigger: The condition
that determines the launching of a virus' or Trojan's payload
is usually called the trigger or trigger condition. Trigger is
also used as a verb to indicate the activation of a payload.
(See also Logic Bomb, Time
Bomb and Immediate Acting)
Trojan: By analogy to
the wooden horse the Greeks reputedly used to break the siege
of Troy, the term Trojan is applied to programs that do something
their programmers intended but that the user would not approve
of if he knew about it. As with so many central terms in this
field, there is considerable debate about phrasing an adequate,
operational definition.
Trojan Creation Tool:
A program designed to create Trojans. Some of these tools merely
wrap existing Trojans, to make them harder to detect. Others
add a trojan to an existing product (such as RegEdit.exe), making
it a Dropper.
Trojan Source: Source
code is written by a programmer in a high-level language and
readable by people but not computers. Source code must be converted
to object code or machine language before a computer can read
or execute the program. Trojan Source can be compiled to create
working trojans, or modified and compiled by programmers to make
new working trojans.
TSR: Terminate but
Stay Resident. This term is properly used of DOS programs
that stay loaded in memory and functional, but allow the user
to return to DOS and continue using the PC for other purposes.
It is a type of poor person's multi-tasking and in the early
days of DOS was very much a black art as several important details
of undocumented DOS internals had to be understood before a reliable
TSR could be written, and many stability problems were attributed
to TSRs. The DOS MEM utility (with the '/C' parameter), and many
third-party utilities, can display a list of what TSRs are loaded
and have 'followed the rules'.
| @ | A
| B | C | D
| E | F | G
| H | I | J
| K | L | M
| N | O | P
| Q | R | S
| T | U | V | W | X
| Y | Z |
|
