Understanding tech language: The difference between malware and a virus

While cleaning up an infected PC, Flingwing asked the Antivirus & Security Software forum to explain the difference between malware and viruses.

Depending on how technically correct you want to be, viruses are a subset of malware, or the two words mean the same thing.

The word malware (malicious software) describes any piece of code designed to infect your computer (or mobile device) and make it do things that you don't want it to do, such as mass-mail spam or steal your banking passwords. Trojans, worms, and rootkits are all types of malware.

And so is a virus, in its most technically-correct meaning. A virus is malicious code that spreads by infecting existing files, similar to the way a biological virus spreads by infecting living cells.

[Email your tech questions to answer@pcworld.com.]

Once common, true computer viruses have become quite rare. Criminals have found better ways to spread malicious code.

So if viruses are rare, why do people still talk about them? And why do we still run antivirus programs?

Viruses were the dominant form of malware in the 1980s and 90s, when personal computers were first becoming common. At that time, there was no commonly-used umbrella term such as malware, so people called any malicious program a virus.

And the word has stuck. Although that program you keep running in the background protects you (hopefully) from all forms of malware, it's called antivirus because that type of program has always been called antivirus.

By the way, if you've got a malware problem that isn't merely linguistic, see When malware strikes: How to clean an infected PC.

Read the original forum discussion.

When he isn't bicycling, prowling used bookstores, or watching movies, PC World Contributing Editor Lincoln Spector writes about technology and cinema.
More by Lincoln Spector

View the original article here

Facebook fixes timeline bug, cites language trouble in delay

A Facebook engineer blamed language difficulties and documentation issues for a delay in fixing a bug that let a security researcher post directly to founder Mark Zuckerberg's Timeline, which is restricted if two users aren't friends.

Khalil Shreateh, who lives in Palestine, demonstrated the vulnerability by writing a message on Zuckerberg's Timeline after an earlier bug report he submitted wasn't acted upon, according to his blog.

The flaw was then fixed on Thursday, wrote Facebook software engineer Matt Jones. The social networking site on Sunday confirmed Jones' post, which attributed the delay to the volume of reports Facebook receives and communication issues.

"For background, as a few other commenters have pointed out, we get hundreds of reports every day," he wrote. "Many of our best reports come from people whose English isn't great - though this can be challenging, it's something we work with just fine and we have paid out over $1 million to hundreds of reporters."

Shreateh violated Facebook's bug reporting policy by demonstrating it on a real user's page, Jones wrote. Shreateh had initially demonstrated the flaw to Facebook by posting a message on the page of a woman who went to college with Zuckerberg.

It appears from email correspondence posted by Shreateh on his blog that Facebook did not feel at first that he had found a bug. Shreateh then posted the message on Zuckerberg's timeline. His blog includes a screenshot of that message in which he apologized to Zuckerberg for taking the issue directly to the CEO.

Facebook briefly suspended but reinstated his account, advising him that his report didn't contain enough technical details. The company said he was ineligible for receiving a reward under Facebook's bug bounty program because he violated their terms of service, an email message showed.

Jones wrote that Facebook lets security researchers open test accounts so vulnerabilities aren't tested on real user ones.

"The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission," Jones wrote. "Exploiting bugs to impact real users is not acceptable behavior for a white hat."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

View the original article here

SAP creates LAVA 'design language' to heat up analytics

SAP’s Business Objects BI (business intelligence) product line may soon begin receiving a visual overhaul based on a new “design language” or methodology called LAVA (Lightweight Applied Visual Analytics).

There are six design principles within LAVA, according to a recent post on an SAP blog.

One is “lean appearance,” where analytic applications have a “clean, minimal display style that focuses on the data itself versus on irrelevant faux decorations like gradations, drop shadows, or reflective surfaces,” according to the post by Anita Gibbings, director of BI solutions marketing.

LAVA also introduces “points,” or “mini-charts” that deliver information in bite-sized pieces. “Think of them as chart tweets,” she wrote.

A related concept is “channels,” which are “simple containers for displaying and navigating to multiple Points and Charts”; and “boards,” a type of dashboard. “Initially these will be simple containers for Channels and free-standing charts, and will be expanded to provide templates suited to known analytic consumption purposes,” according to the post.

LAVA’s fifth element involves “lattices.” These are “multi-layer, manipulable bar chart[s], enabling user-driven drill-down filtering and other operations,” according to the post.

Finally, LAVA employs what SAP calls “Sn@p Navigation,” which “enables the fluid creation and curation of visual analytic environments and collections,” Gibbings wrote.

The question now is how quickly SAP manages to fully enmesh LAVA within Business Objects.

An initial step has already been taken, according to Gibbings. “Lean appearance is now the default for SAP visual analytics,” she wrote. Some additional details could be released in “a month or so,” she added.

That time frame coincides roughly with SAP’s annual Business Objects user group conference. Further details couldn’t be obtained from SAP on Friday.

One SAP BI expert praised LAVA, saying the approach will help tackle today’s analytic challenges.

“The tools we have [in Business Objects] are extremely powerful and really good at visualizing data,” said Greg Myers, analytics architect and member of the SAP Mentor program for especially involved community members. “What they’re not so good at is visualizing vast amounts of data. That’s where HANA and LAVA come into play.”

HANA is SAP’s in-memory database platform, which has become the central pillar of its software development efforts.

LAVA’s design principles, which emphasize cleaner and simpler ways of getting at data, are also a response to the rise of mobile devices, Myers said.

Chris Kanaracus covers enterprise software and general technology breaking news for the IDG News Service.
More by Chris Kanaracus

View the original article here