• What Is In a Name?

    by  • July 30, 2009 • Computer Security

    In many instances if someone wants a small, self-sticking bandage they ask for a Band-Aid. If they want a cotton tipped swab to clean their ears they ask for a Q-Tip. If they want a cola beverage they ask for a Coke. If they want a facial tissue they ask for a Kleenex.

    In some cases it is because those individuals actually prefer that particular name brand. But, more often than not it is because those brand names have become synonymous with the product types they represent.

    Primarily due to good marketing, these products have become household names and are used almost exclusively, if not interchangeably, when referring to the products they represent.

    While Coca Cola would rather you buy a real Coca Cola, I am sure they don’t mind being so ingrained in American culture that Coke means cola-flavored soda-pop beverage. Kleenex would rather you buy their specific product of facial tissues but they probably get a little chuckle out of people calling Puffs brand facial tissues Kleenex as well.

    There are plenty of examples of this phenomenon. As illustrated above, most are the result of good marketing and quality products and are probably considered a good thing by the owners of the “adopted” name.

    In the world of computer and network security we have a word like that too- hacker. Hacker purists get their feathers ruffled by this hijacking of their title. By its simplest definition it seems that “hacker” refers to someone who uses their computer knowledge and expertise to gain access to a computer or network. Typically, this access is also unauthorized.

    Arguments abound on the Internet for why hackers are good guys who use their curiosity and knowledge to explore the inner-workings of different things and not the malicious, denial-of-service-initiating, credit-card-number-stealing punks the term has become synonymous with.

    O’Reilly publishes a series of books which supports this definition. The book Mac OS X Hacks has absolutely nothing to do with how to attack a Mac Os X system. It is a book of tips and techniques for how to dig into the inner-workings of the operating system and make it do what you want it to do. The book Google Hacks doesn’t teach anyone how to break into the Google.com web site. It is more like a manual for how to effectively use Google to get the information you want.

    That may be a truer, or at least more simple definition of the term hacker. Unfortunately for the purists who are upset by the ubiquitous use of “hacker” to refer to all types of malicious cyber-criminals its probably not going to change.

    The media adopted the term hacker for this purpose a long time ago and it has become the mainstream and most understood way to refer to just about every type of cyber-thug and Internet miscreant you can think of.

    Many argue that hackers are good guys and that those who do damage should be referred to as “crackers”. Most of the general, non-techie population thinks of a Saltine or Ritz brand baked product if you use the term “cracker”.

    Besides, technically a cracker refers to someone who cracks, or breaks the copyright protection on software so that pirate copies can be shared on FTP sites like the underground Warez network. True crackers probably take as much offense to the theft of their trade name as hackers do.

    Maybe instead of getting your feathers ruffled or writing letters to the editor demanding that journalists mis-use the term cracker instead you could just consider it an honor and a tribute to your craft that the term “hacker” has become a part of the standard vocabulary. Just a suggestion.

    Even those involved in the debates don’t always agree what the “proper” definition of hacker or cracker or phreak should be. The bottom line is that if I want a cotton-tipped swab I will ask for a Q-Tip and if I want to refer to any sort of cyber-criminal I will probably call them a hacker. The term is mainstream and here to stay so hacker purists should probably just get used to it.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com