30 March 2007


Malware includes all of the various nasty programs and code that internet security is designed to resist. Specifically, it includes viruses, trojan horses, spambots, spyware, and worms. I've included a brief list of malware varieties and added to it when possible. The superscript "T" links to the TechEncyclopedia entry on the subject; "W" links to the related Wikipedia entry.

AdwareT W: any program that runs advertising from the user's browser, whether installed with the user's permission or not.

BotT W: from "robot"; a computer program that does the same then endlessly, such as send spam e-mails (spambots). Bots are a common type of virus or worm payload.

DNS hijackingT: an especially advanced form of malicious internet crime in which the perpetrator creates a website that resembles another, legitimate business website (or pharm), and then causes browsers directed to that site to mimic the URL of the legitimate site. This is an especially frightening technology because it's very difficult for even a savvy computer user to notice the scam.

Mark: the target of a scam, ex ante; a mark has not necessarily been victimized, and may possess the combination of luck, specialized knowledge, mistrust, and common sense to escape the scam. See definition 2.e.2 of the Merriam-Webster dictionary.

PayloadT W: the thing carried by a virus, trojan horse, or a worm. In addition to replicating itself, the malware tends to carry some code that does something destructive once it has infected a host.

Pharm[ing]T W: a website designed to mimic or duplicate as much as possible a legitimate website. Fairly easy to do; one can merely copy the source of a page, plus its stylesheet, and create pseudo-domains like "", so that a visitor is suitably impressed. Pharms are used to "harvest" identity data about victims who visit and are deceived into thinking that it's the legitimate site. Especially sophisticated pharming schemes incorporate DNS hacking, in which the URL displayed is that of the legitimate site.

Phish[ing]T W: this works a lot like fishing; the perpetrator sets a trap, like a fishing lure, whose purpose is to retrieve the victim's identity information. The most familiar phishing campaign involves the "Spanish Prisoner" or "419 Hoax." The great majority of phishing scams appear to warn the mark of some account irregularity, such as with her Washington Mutual checking account, or eBay account, PayPal account, Amazon, etc. There is a high probability that the mark doesn't have any such account, but the phisher sends an immense number of e-mails so that someone is likely to be deceived ("Only Washington Mutual would know I have a checking account with Washington Mutual").

SpambotsT W: a very common form of virus or worm payload. As the name suggests, it's a program that transmits spam using the infected computer. It may also leave spam "comments" on blogs.

Spanish PrisonerW: also known as the "Advanced fee scam" or "419 Scam" (so-called from a section of the Nigerian criminal code that pertains to such scams). The 419 Hoax appears as an e-mail purporting to be from the relative of some terrible person, such as General Sani Abacha or Jean-Bidel Bokassa, who is trying to smuggle a vast sum of money out of the country illegally. For this reason, the mark is urged to be discreet and trusting towards one he imagines to be a partner in the scam. He is told he must supply a fee to help carry out the job, in return for which he will be awarded with a large share of the spoils. Oddly, the 419 scams of today are distinuguished for the historical sophistication of their backstories.

SpywareT W: records the keystrokes and mouse clicks of a computer user, then transmits these to the perpetrator in order to steal the victim's identity. Sometimes spyware "announces" that it is spyware. The license agreement that everyone accepts without reading may actually state that the browser is installing spyware. For example, it might say that the program performs anonymous profiling, which means that the user's habits are being recorded. Such software is used to create marketing profiles.

Trojan horsesT W: this is a form of malware that is designed to defeat computer security by posing as a legitimate site. One strategy involves a hoax, in which victims log into a bogus site cleverly disguised to resemble a legitimate e-commerce site. These are very frequently abetted by a concomitant phishing campaign. A common scheme is to send the intended victim ("mark") an e-mail announcing that she has a problem with her eBay account, and a hotlink to a website where she can log in and correct the problem. Needless to say, the link goes to a domain controlled by the perpetrator, and when the user logs into what she thinks is her eBay account, the website collects the username and password.

Another approach is for the perpetrator to write code that provides access to the harddrive of a victim's computer whenever the victim's computer accesses the internet (a "backdoor"). This allows the perpetrator to use the infected computer as a "bot," or malware host, that attacks other computers. In this way, the perpetrator can easily protect his identity. The computer user installs the code thinking it is freeware; or, else, the OS may be prompted to automatically install the program before the user knows what is happening.

As a general rule, trojan horses of this variety are attacked when visiting porn sites because the latter require bandwidth, and the webmaster uses the porn to lure visitors. Pornography is a seedy business, of course, and visitors are ashamed of their vice. So they are easy targets.

VirusT W: a virus is a malicious piece of code transmitted either through a circulating disk or else through downloaded files from the internet. Initially, computer viruses were similar to biological viruses; the malicious code had to upload itself from the perpetrator's disk to a public computer, like those at a library or copy shop; and it had to copy itself from the infected computer to any disk unfortunate enough to be inserted into that computer's floppy disk drive.

In order to replicate itself (and do whatever damage the virus was intended to do, beyond replicating itself), the virus has to be attached to an executable file; as such it must be camouflaged as a legitimate program. Because of program uploading rules for different operating systems, the Windows and DOS variants are massively more vulnerable to all forms of malware than Mac OS and others.

Viruses occasionally were formed with criminal or vandalizing intent. The Stoned Virus, which I recall suffering in 1995, was a fairly inoffensive virus that merely urged me to legalize marijuana whenever I booted up my ancient PC. More recently, the Samy Virus was the fastest-spreading virus to date; it infected MySpace profiles. The Michaelangelo Virus was fairly nasty, but that was in 1992. For the most part, viruses are relatively minor threats and greatly outclassed by other forms of malware.

WormsT W: often confused with viruses; worms, like viruses, are self-replicating computer programs. Originally, viruses were likely to be spread by swapping disks, while worms were spread by networks.

ZombieT W: typically, the "payload" of a worm or other form of malware.. A zombie is designed to provide access to the hard drive of an infected computer by transmitting network access information to the perpetrator's computer. This turns the victim's computer into a captive server, and unwilling accomplice to the perpetrator. The linked Wikipedia entry refers to such a computer.

SOURCES & ADDITIONAL READING: the superscript "T" links to the TechEncyclopedia entry on the subject; "W" links to the related Wikipedia entry. Internet Fraud Watch; Data Wales, "The Internet Fraud Advisory"—list of common internet frauds; FBI site on online scams;

Symantec, "What is the difference between viruses, worms, and Trojans?"; ComputerWorld, "Spam, Malware, and Vulnerabilities Top Stories";

Labels: ,

16 March 2007

List of Linux-related Programming Environments

(Linux article)

What follows is a provisional list of Linux-derivatives I created as an appendix to my introductory post on Linux. Let me repeat that Linux is not an operating system, but the kernel to an operating system. In nearly all cases, the preponderance of the OS is actually GNU. So I will hereafter refer to a complete Linux-based OS as "GNU/Linux" unless, of course, I have an example of a Linux-based OS that does not have mostly-GNU Project system software.

GNU/Linux Packages:
  • Debian: actually, the name of a foundation started by Deb[ra] & Ian Murdock (1993); includes a distribution of GNU/Linux and also a "shadow" distribution of GNU/Hurd; moreover, it also offers distributions of GNU/OpenBSD & GNU/NetBSD. Debian GNU/Linux uses both the KDE graphical user interface (GUI) as well as GNOME, and hence has its own family of applications (as opposed to those in the GNOME Project).

    Debian is generally known as the most stable and cautious of the distributions, with extremely rigorous testing.
  • Hurd: GNU Project's in-house kernel; an alternative to Linux in the sense that Linux (as a free BSD 4.4-Lite compatible kernel) and Hurd are oth designed to run a complete operating system. Hurd is interesting partly because it is built around the Carnegie-Mellon University (CMU) Mach µ-kernel, which was also the µ-kernel for NextStep/Openstep and Mac OS X. However, for reasons too complex to explain here, the Hurd kernel has never been officially released; it is undoubtedly the software with the longest gestation period in history, having been started in 1990.
  • Mandriva (formerly Mandrake): a Franco-Brazilian fork of Red Hat Linux (c.1998) that is supposed to be especially easy to use. It is one of the more polished corporate entities marketing Linux; it gets much of its income through Club Mandriva, which offers support and tutorials. Mandriva uses the KDE GUI.
  • Red Hat [Enterprise Linux]: oddly, a commercial version of GNU/Linux. Red Hat makes its money selling instructional material and support packages for its versions. I thought I should mention that RHEL is a version developed chiefly for commercial applications
  • SuSE: developed in Germany as a fork of Slackware; purchased by Novell in 2004; the company, like Red Hat, made its money publishing manuals (and, I would assume, a slight rent on the updated packaging of GNU/Linux). Novell has released the one proprietary component of SuSE, YaST, to the public under the GNU-GPL.
  • Softlanding/Slackware: Softlanding Linux System (SLS) was the first common GNU/Linux package; in '93 its developers made some unpopular changes, and a fork of SLS known as Slackware took its place as the leading GNU/Linus OS
  • Ubuntu: South African package that is distinguished for its unusual ease of use. Ubuntu also supports Xubuntu, which is a slimmed-down version of Ubuntu with an XFCE Gui rather than Ubuntu's customary KDE GUI.

  • GNOME: the GUI developed by the GNU Project; used chiefly for GNU/Linux operating systems;
  • KDE: an alternative GUI developed for Unix operating systems. KDE was in fact the first GUI developed for the GNU/Linux environment, in 1997. However, it was developed with the Qt toolkit, leading to fears that KDE would ultimately become mired in litigation or else become proprietary software. Hence, the GTK+ toolkit was developed in-house by the GNU Project, which was followed by the creation of the all-GNU GNOME.
  • Rox: an alternative GUI developed for Unix operating systems; developed as a graphical implementation of the ROX FILER file management system (which is, in turn, a distinctly Unix-like way of managing files). Rox was created with the GTK+ toolkit.
  • XFCE: an alternative GUI developed for Unix operating systems; initially based on the XForms toolkit (whence its name), XFCE was rebuilt using the GTK+ toolkit. It tends to require considerably less system resources than does KDE.
Toolkits are pre-programmed modules for adding buttons and other graphical components to applications. Toolkits ensure that all the applications built for the related GUI will have the same appearance.
  • Gnome-GCJ: a toolkit for creating GTK+ widgets, but in Java rather than C; includes the GNU Compiler for Java (GCJ)
  • GTK+: a toolkit developed by the GNU Project for developing GNOME.
  • Qt/X11: toolkit used for the development of the KDE environment. KDE was originally developed in Germany in 1997; Qt was not (at the time) under the GNU-GPL and this created a problem when GNU/Linux distributions were paired with KDE. As a consequence, GNOME was developed with a GNU Project toolkit (GTK+). Subsequently, Qt was released to the FSF under a dual-license agreement, so that there are now two competing and perfectly compliant free GUI's. Qt was also used for the development of the web browser Opera, Google Earth, and other important interfaces. It was developed by the Norwegian company Trolltech.
  • XForms: Not directly related to Linux; XForms (in this sense) is a GUI toolkit created for the implementation of X Windows graphical environments. Initially used to create XFCE.
  • AbiWord: GNOME Project word processor; similar in style to MS Word [*].
  • Agnubis: GNOME presentation software; somewhat similar in style to MS PowerPoint [*].
  • Bourne-Again Shell (bash): Revised and improved version of the Korn (not the Bourne!) Shell.
  • Glade: GNOME user interface builder; a "meta" programming language that creates forms and saves them as XML files, allowing any programming language to read them.
  • GNOME DB: GNOME Project database management software.
  • Gnumeric: GNOME Project spreadsheet; similar in style to MS Excel [*].
  • Mozilla Firefox & Thunderbird: Mozilla was a spinoff that incorporated much of the Netscape Navigator technology. Firefox and Thunderbird are the web browser and mail client programs for Mozilla; it is the firm editorial position of this blog that they are the best available. They appeared as part of the GNOME HTML widget development.
  • Glade: GNOME user interface builder; a "meta" programming language that creates forms and saves them as XML files, allowing any programming language to read them.
  • MULE: MUltiLingual Enhancement to GNU Emacs. Initially, the GNU Project attempted to extend Emacs to support many languages, but this stalled in 1987. MULE is created by Satoru Tomura, Kennichi Hand, Mikiko Nishikimi, and Naoto Takahasi while working for the Japanese Ministry of Economy, Trade, & Industry (METI), and hence, the work is not covered by the GNU-GPL. Nevertheless, it is an essential part of the GNU system.
  • Yet another Setup Tool (YaST): a proprietary program released by SuSE; it was a program setup and configuration tool. Mildly interesting since it was a proprietary utility embedded in an open-source OS.

XForms: confusingly, there are two things known as XForms. "XForms" may refer to the GUI toolkit mentioned above, or it may refer to the web page markup language. The Wikipedia entry for XForms applies to the markup language.
SOURCES & ADDITIONAL READING: AbiWord page; Agnubis; Debian page; Evolution page; "Glade User Interface Builder," from The Mono Handbook, by Johannes Roith & Miguel de Icaza; "What is Gnome-GCJ?" & "The java-gnome language bindings project"; GNOME DB manual; Gnumeric manual; Hurd page; "The Perfect Desktop - Debian Etch (Debian 4.0)," Howto Forge; "Kicking the tires of Mandriva 2007.1 beta 2," tuxmachines.org; Rox page; SUSE review, LinuxPlanet; Slackbook (guide to Slackware); Ubuntu Wiki; XFCE Wiki;

Wikipedia: KDE, SuSE Linux; XFCE, GTK+, Ubuntu; Freshmeat: XForms; GNOME Project Listing;

Labels: , , , , ,

15 March 2007


Linux is the name of a Unix-like operating system kernel developed by Linus Torvalds in 1991. Linux is not, strictly speaking, an OS since any working installation of it must have libraries, utilities, shells, and compilers from elsewhere. In the vast majority of cases, these are supplied by the GNU project, and hence covered by the GNU-General Public License. GNU/Linux is a variant of the BSD 4.4-Lite version of Unix. Officially, that means it is Unix-like, rather than Unix.

Oddly, the technical differences tend to be very subtle and recondite, since there have been several major efforts to merge and optimize all the existing versions into one super-duper version (most famously, AT&T's & Sun Microsystem's SVR4). The differences in copyrighting and libraries is another matter. Each of the innumerable flavors has a corpus of libraries that are suited to peculiar computer/mission combinations. GNU/Linux packages like GNU/Debian, Red Hat Enterprise Linux, and Ubuntu are special combinations of GNU components, a Linux kernel, and some 3rd source components that optimize the software to a particular computer and mission.

Initially, Linux was an exceptionally challenging software for home use. I knew several people who attempted to install it who gave up in despair. In the last four years, the situation has improved considerably, although there remains a large population of competing Linux packages.

SOURCES & ADDITIONAL READING: "SCO, GNU, and Linux," Richard Stallman-Free Software Foundation (2003); LinuxPlanet;

Wikipedia, Linux kernel, GNU Project, GNU/Debian, Red Hat & RH-Enterprise Linux, Ubuntu;

BOOKS: Red Hat Linux 9 Bible, Christopher Negus—Wiley Publishing (2003); UNIX: the Complete Reference, by Kenneth Rosen, Douglas Host, James Farber, & Richard Rosinski—Tata McGraw-Hill edition (2002)

Labels: , , ,

09 March 2007


Wi-Fi is the marketing name for the IEEE 802.11 standard for wireless networks. As such it is not the trademark of any business; it belongs to the Wi-Fi Alliance.
Click for larger images

T-Mobile Wireless PC Card

Linksys Wireless Router

Netgear Ethernet hub
Wi-Fi is the technology employed so that many computers in a relatively large open area can be connected to the Internet. It consists of a two-way radio adapter for the individual computer and a wireless router. The router, in turn, has a conventional broadband (Ethernet) connection to the Internet.

To access the Internet remotely, one needs to have a wireless network interface controller (WNIC, or wireless card), which is closely analogous to a network interface card (NIC). The WNIC uses an antanae for two-way communication with the base station. In some cases, a password is required to access the network; in a growing number of cases, it is not. When one turns on a laptop/PDA in a Wi-Fi "hotspot," the WNIC detects the network and tried to connect.

In order to create a Wi-Fi network, the establishment needs a wireless router or wireless access points (WAP); in most cases, routers include a WAP, and they are used when the WLAN is very small. If it's larger, such as a business office with dozens of users, then one will need several WAP's. The WAP's are connected via Ethernet to a hub, and interface with the devices—desktops, PDA's, and printers—via radio signals.

Frequency Issues

Wireless routers naturally use digital radio signals, with frequencies of 2.4 or 5.8 GHz (i.e., 5 or 12.5 cm waves). By comparison, GSM cell phones in the USA use a somewhat lower frequency of 1.9 GHz (16 cm waves). These are the highest frequencies currently in common practical use. Generally speaking, higher frequencies permit higher data throughput and smaller antanae, although they also require higher levels of energy and suffer more physical interference. There are over a dozen Wi-Fi standards now, but they are divided between the 802.11a (and derivatives) and the 802.11b (and derivatives); Wi-Fi receivers on computers work with either one or the other. For example, an end user equipped with an 802.11a WNIC will not be able to connect with an 802.11b access point. This is supposed to be resolved with the future 802.11n standard, which will transmit in both frequencies.

(As a result, WNIC's often have multiple radio cards; so do institutional-grade wireless routers.)

The 802.11a uses the 5 GHz frequency; it handles a very high throughput of data (up to 54 Mbps), but has a range of >20 meters.1 The competing 802.11b standard uses the lower 2.4 GHz frequency, has a throughput of 11 Mbps, and a range of >90 meters. In a large structure, therefore, many more access points are required for the 802.11a than others. Both the 'a and 'b standards are pretty much obsolete; equipment for the 'a standard was late shipping, costlier, and incompatible with the 'b-standard routers that establishments preferred to install. The 'b standard was superseded by 'g, which had the 54 Mbps throughput , and the 'n standard is replacing both.

An early headache for Wi-Fi developers was competition for the 2.3-2.4 wavelength with satellite radio.2 At the same time, the US military complained about the use of the 5 GHz band because it could interview with radar.3

Multiplexing and Modulation

Frequency aside, the big initial difference was that 802.11a used orthogonal frequency division multiplexing (OFDM), while 'b used carrier sense multiple access with collision avoidance (CSMA/CA). "Multiplexing" refers to the type of technology used to allow multiple users access to a single scarce data channel—in this case, a microwave-band radio wavelength with just enough variance that it can be reliably distinguished by receivers. This is a fundamental cleavage in different cell phone formats: how to subdivide a crowded radio channel into many different "conversation." In CSMA/CA, data is transmitted in packets; the WNIC and wireless router wait their turn, while in OFDM different "conversations" are combined into a single stream, and modulated out of the stream by a mathematical equation known as a Fast Fourier Transform. (This is known as "frequency multiplexing," or "frequency division multiple access").

Modulation of radio waves refers to the way that the signal is embedded in the wave emissions. In AM radio (500-1200 KHz), the signals are modulated by amplitude: a louder sound requires a more powerful wave than those before or after.4 In FM radio, the signals are modulated by frequency, and soundwaves are modeled by variances of up to 75 KHz (in other words, 98.1 FM really means 98.025-98.175 MHz, with Ravel's "Bolero" starting closer to 98.025 and ending up at 98.175). This works fine with analog radio because the highest pitched sounds audible to the human ear are about 15 KHz, or 1/33 the frequency of the lowest AM radio signals.

Phase Shift
With digital radio, however, modulation is a more sensitive matter. There is more data per wavelength, and the frequency is higher. Accuracy is much more urgent. As it happens, there are several different types of modulation in digital radio.
  1. Frequency Shift Keying (FSK): a binary form of FM in which there are two distinct frequencies.
  2. Phase Shift Keying (PSK): a system in which individual waves are interrupted at their peak and resume at the trough (or any other phase of the wave). Used on the original 802.11 standard.
  3. Complemetary Code Keying (CCK): used in 802.11b standard, this is a complex scheme that combines multiplexing with modulation.5
  4. Orthogonal frequency-division multiplexing: like CCK, a combination of modulation and multiplexing. Used in the 802.11a, 'g, and 'n standards, with extraordinarily high performance.6
It would appear that OFDM has become the universal standard in both Wi-Fi transmissions and digital radio.


1 Jim Geier, "The BIG Question: 802.11a or 802.11b?," Wi-Fi Planet (24 Jan 2002)

2 Ed Sutherland, "Sirius Spectral Problems for 802.11b," Wi-Fi Planet (19 March 2002)

3 Eric Griffith, "The DOD vs. Wi-Fi?" Wi-Fi Planet (17 Dec 2002)

4 For an excellent article on both analog and digital modulation, see Ian Poole, "Modulation basics, part 1: Amplitude and frequency modulation," "part 2: Phase modulation," and "part 3: Spread spectrum and OFDM," DSP Design (June 2008). Any mistakes in the part about modulation are ones I made, not Mr. Poole.

5 For a useful explanation of CCK, see Bob Pearson, "Complementary Code Keying Made Simple" , Intersil Americas Inc. (2001). CCK is technically related to Code Division Multiple Access (CDMA) multiplexing used on many cell phones. While an interesting subject, both CCK and OFDM are outside the scope of this post.

6 For a useful explanation of OFDM, see Rethnakaran.P & Herbert Dawid, "An Orthogonal Frequency Division Multiplexing" , Digital Communication Solutions, Synopsys Inc (2003).

Additional Reading and Sources

Jim Geier, "802.11 Alphabet Soup," Wi-Fi Planet (5 Aug 2002); old article, but clear intro to Wi-Fi protocols. See also "Wireless LAN glossary" Whatis.com (19 Aug 2005)

Jack Hanlin & Derek Walker, "Wi-Fi," SearchMobileComputing.com (20 Oct 2008)

"Set up a wireless LAN" Hewlett-Packard How to guides

Labels: , ,