HowSpot is advertiser supported. We offer sponsored products through our Download Manager.
All offers are optional. This software may be available for free elsewhere. Learn More.

Computer Security Glossary

They key to computer security is educating yourself on the terms, types of malicious threats, and solutions that are available to you. Check out our glossary of common computer security terms.



Adware—Adware is a legitimate, non-replicating program designed to display ads to the end user, often based on monitoring of browsing habits, and often in exchange for the right to use a program without paying for it.

Anti-antivirus virus—Similar to a retrovirus, anti-antivirus viruses attack, disable, or infect specific antivirus software.

Antivirus software—Antivirus software scans a computer’s memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code.

Antivirus virus—Antivirus viruses specifically look for and remove other viruses.

Applet—An applet is any miniature application transported over the Internet, especially as an enhancement to a web page. Authors often embed applets within the HTML page as a foreign program type.

Java applets are usually only allowed to access certain areas of the user’s system. Computer programmers often refer to this area as the sandbox.

Attack—An attack is an attempt to subvert or bypass a system’s security. Attacks may be passive or active.

  • Active attacks attempt to destroy data.
  • Passive attacks try to intercept or read data without changing it.

Attributes—Characteristics assigned to all files and directories, such as read-only, archive, hidden, or system.


Back to top >>

Back door—A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk.

Background scanning—A feature in some anti-virus software to automatically scan files and documents as they are created, opened, closed, or executed.

Background task—A task executed by the system that generally remains invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.

Backup—A duplicate copy of data made for archiving purposes or for protection against damage and loss Also the process of creating duplicate data. A backup is not considered secure unless it is stored in a location separate from the original.

Boot—To boot a computer is to start or reset the system so it is ready to run programs for the user. Booting the computer executes various programs to check and prepare the computer for use.

Boot record—A program recorded in the boot sector and contains information on the characteristics and contents of the disk and information needed to boot the computer.

Boot sector—An area located on the first track of floppy disks and logical disks that contains boot record.

Boot sector infector (BSI)—A boot-sector infector virus places its starting code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus goes into memory where it can gain control over basic computer functions.

Bot network—A bot network is a network of hijacked zombie computers controlled remotely by a hacker. The hacker uses the network to send spam and launch Denial of Service attacks, and may rent the network out to other cyber criminals.

Browser hijacker—A type of spyware that allows the hacker to spy on the infected PC’s browsing activity, to deliver pop-up ads, to reset the browser homepage, and to redirect the browser to other unexpected sites.

Brute-force attack—An attack in which each possible key or password is attempted until the correct one is found.

Bug—An unintentional fault in a program that causes actions that neither the user nor the program author intended.


Back to top >>

Clean—A computer, file, or disk that is free of viruses is considered clean.

Cluster virus—Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk.

Companion virus—Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.

Compromise—To access a system or disclose information without authorization.

Cookie—Blocks of text places in a file on your computer’s hard disk. Web sites use cookies to identify users who revisit their site.

Cookies might contain login or registration information, “shopping cart” information or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the web site for the user.

Crimeware—Malicious software such as viruses, Trojan horses, spyware, deceptive scripts, and other programs used to commit crimes on the Internet including identity theft and fraud.

Cyber criminals—Hackers, crackers, and other malicious users that use the Internet to commit crimes such as identity theft, PC hijacking, illegal spamming, phishing and pharming, and other types of fraud.

Cyber gangs—Groups of hackers, crackers, and other cyber criminals that pool their resources to commit crimes on the Internet.


Back to top >>

Default password—The password on a system when it is first delivered or installed.

Denial of Service (DoS)—An attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause Denials of Service attacks by destroying or modifying data or by overloading the system’s servers until service to authorized users is delayed or prevented.

Dialer—Programs that use a system, without your permissions or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges.

Direct action virus—A direct-action virus works immediately to load itself into memory, infect other files, and then to unload itself.

Disinfection—Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system, and whenever possible, any affected data is removed.

DNS—Stands for Domain Name System or Domain Name Server. A DNS server helps users to find their way around the Internet by translating each web site’s IP address, which is a string of numbers, into its easy-to-remember domain name.

DOC file—A Microsoft Word Document file. In the past, these files contained only document data, but with many newer versions of Microsoft Word, DOC files also included small programs called macros. Many virus authors use the macro programming language to associate macros with DOC files. This file type has the extension DOC.

DOS—Stands for Disk Operating System. This is generally any computer operating system, though the term is often used as shorthand for MS-DOS.

Dropper—A carrier file that installs a virus on a computer system. Virus authors often use droppers to shield their viruses from antivirus software. The term injector often refers to a dropper that installs a virus only in memory.


Back to top >>

Encrypted virus—An encrypted virus’s code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus. Each time it infects, it automatically encodes itself differently, so its code is never the same. Through this method the virus tries to avoid detection by antivirus software.

Encryption—The scrambling of data so that it becomes difficult to unscramble and interpret.

EXE file—An EXE is an executable file. Usually it is executed by double-clicking its icon or an shortcut on the desktop, or by entering the name of the program at a command prompt. Executable files can also be executed from other programs, batch files, or various script files. The vast majority of known viruses infect executable files. Also called program files.


Back to top >>

False negative—Occurs when antivirus software fails to indicate that an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable.

False positive—Occurs when antivirus software wrongly claims that a virus is infecting a clean file. False positives usually occur when the string chose for the given virus signature is also present in another program.

File viruses—File viruses usually replace or attach themselves to COM and EXE files. They can also infect files with the extensions SYS, DRV, BIN, OVL, and OVY.

Firewall—A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of a computer that acts as a barrier through which all information passing between the networks and the external systems must travel. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules.


Back to top >>

Hacker—A person who creates and modifies computer software and hardware, including computer programming, administration, and security-related items. Criminal hackers create malware in order to commit crimes.

Hijacking—An attack whereby an active, established session is intercepted and used by the attacker. Hijacking can occur locally if, for example, a legitimate user leaves a computer unattended. Remote hijacking can occur via the Internet.

Hole—A vulnerability in the design software and/ or hardware that allows circumvention of security measures.

Host—A term often used to describe the computer file to which a virus attaches itself. Most viruses run when the computer or user tries to execute the host file.


Back to top >>

Infection—The action a virus carries out when it enters a computer system or storage device.

Injector—See Dropper


Back to top >>

JavaScript—JavaScript is a scripting language that can run wherever there is a suitable script interpreter such as web browsers, web servers, or the Windows Scripting Host. The scripting environment used to run JavaScript greatly affects the security of the host machine.

An Active Server Page (ASP) or a Windows Scripting Host (WSH) script containing JavaScript is potentially hazardous since these environments allow scripts unrestricted access to machine resources and application objects.


Back to top >>

Key—The Windows Registry uses keys to store computer configuration settings. When a user installs a new program or the configuration settings are otherwise altered, the values of these keys change. If viruses modify these keys, they can do damage.

Keylogger—Malicious programs that record the key strokes a user types on their PC, including instant message and email text, email addresses, web sites visited, passwords, credit card and account numbers, addresses, and other private data.


Back to top >>

Library file—Library files contain groups of often-used computer code that different programs can share. A virus that infects a library file automatically may appear to infect any program using the library file.


Back to top >>

Macro—A series of instructions designed to simplify repetitive tasks within a program such as Microsoft Word, Excel, or Access. Macros execute when a user opens the associated file. Macros are in mini-programs and can be infected by viruses.

Mail bomb—An excessively large email, or many thousands of messages sent to user’s email account. This is done to crash the system and prevent genuine messages from being received.

Malicious code—A piece of code designed to damage a system and the data it contains, or to prevent the system from being used in its normal manner.

Malware—A generic term used to describe malicious software such as viruses, Trojan horses, spyware, and malicious active content.

Memory-resident virus—A memory-resident virus stays in memory after it executes, and it infects other files when certain conditions are met.

MS-DOS—Microsoft Disk Operating System. Windows systems rely heavily on MS-DOS and can execute most MS-DOS commands.


Back to top >>

On-access scanner—An on-access scanner is a real-time virus scanner that scans disks and files automatically in the background as the computer accesses the files.

On-demand scanner—A virus scanner that users start manually. Most on-demand scanner allow the user to set various configurations and to scan specific files, folders, and disks.

Operating system (OS)—The underlying software that enables you to interact with the computer. The operating system controls computer storage, communications, and task management functions. Examples include, MS-DOS, MacOS, Linux, and Windows.

Overwriting virus—An overwriting virus copies its code over its host file’s data, thus destroying the original program. Disinfection is possible, although files cannot be recovered. It is usually necessary to delete the original file and replace it with a clean copy.


Back to top >>

Password attacks—An attempt to obtain or decrypt a legitimate user’s password. Hackers can use password dictionaries, cracking programs, and password sniffers in password attacks. Defense against password attacks is rather limited, but creating strong passwords can help.

Password sniffing—The use of a sniffer to capture passwords as they cross a network. The sniffer can be hardware or software, and most are passive and only log passwords.

Pharming—Exploitation of a vulnerability in DNS server software that allows a hacker to redirect a legitimate Web site’s traffic to a counterfeit Web site. The spoofed site is designed to steal personal information such as usernames, passwords, and account information.

Phishing—A form of criminal activity using social engineering techniques through email or instant messaging. Phishers attempt to fraudulently acquire other people’s personal information, such as passwords or credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication.

Piggyback—Gain unauthorized access to a system by exploiting an authorized users’ legitimate connection.

Program infector—A program infector virus infects other program files once an infected application is executed and the activated virus is loaded into memory.


Back to top >>

Ransonware—Malicious software that encrypts the hard drive of the PC that is infects. The hacker then extorts money from the PC’s owner in exchange for decryption software to make the PC’s data usable again.

Real-time scanner—An antivirus software application that operates as a background task, allowing the computer to continue working at a normal speed while it works.

Redirect—An action used by some viruses to point a command to a different location. Often this different location is the address of the virus and not the original file or application.

Rename—An action by which a user or program assigns a new name to a file. Viruses may rename program files and take the name of the file so that running the program inadvertently runs the virus.

Replication—The process by which a virus makes copies of itself in order to carry out subsequent infections. Replication is one of major criteria separating viruses from other computer programs.

Reset—Restart a computer without turning it off.

Rogue program—A term the media uses to denote any program intended to damage programs or data, or to breach a system’s security.


Back to top >>

Scanner—A virus detection program that searches for viruses.

Self-encrypting virus—Viruses that attempt to conceal themselves from antivirus programs. Most antivirus programs attempt to find viruses by looking for certain patterns of code that are unique to each virus.

Shared drive—A disk drive available to other computers on the network.

Shareware—Software distributed for evaluation without cost, but that requires payment to the author for full rights.

Sniffer—A software program that monitors network traffic. Hackers use sniffers to capture data transmitted over a network.

Spam—Unsolicited or undesired bulk electronic messages. There is email spam, instant messaging spam, Usenet newsgroup spam, web search-engine spam in blogs, and mobile phone messaging spam. Spam includes legitimate advertisements, misleading advertisements, and phishing messages designed to trick recipients into giving up personal and financial information.

Spam filter—A program used to detect unsolicited email to prevent spam from making it to a user’s inbox. Filters are places on email and ISP servers, in anti-spam software, and in anti-phishing browsers.

Spim—Spam for instant messaging. These messages can be simple unsolicited ads, or fraudulent phishing mail.

Spoofed web site—A site that mimics a real company’s site—mainly financial services sites—in order to steal private information such as passwords or account numbers, from people that are tricked into visiting. Phishing emails contain links to counterfeit sites, which looks exactly like the real company’s site, down to the logo, graphics, and detailed information.

Spyware—A wide range of unwanted programs that exploit infected computers for commercial gain. They can deliver unsolicited pop-up advertisements, steal personal information, monitor web-browsing activity for marketing purposes, or route HTTP requests to advertising sites.

Stealth virus—Stealth viruses attempt to conceal their presence from antivirus software. Many stealth viruses intercept disk-access requests, so when the antivirus application tries to read files or boot sectors to find the virus, the virus feeds the program a “clean” image for the requested item.


Back to top >>

Time stamp—The time of creation or last modification recorded on a file or another object. Users can usually find the timestamp in the Properties section of a file.

Triggered event—An action built into a virus that is set off by a specific condition. Examples include a message displayed on a specific date or reformatting a hard drive after the 10th execution of a program.

Trojan horse—A malicious program that pretends to be a benign application. It purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but they can be just as destructive.

Tunneling—A virus technique designed to prevent antivirus applications from working correctly. Antivirus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the antivirus software can detect the malicious code. New antivirus programs can recognize many viruses with tunneling behavior.


Back to top >>

Vaccination—A technique some antivirus programs use to store information about files in order to notify the user about file changes. Internal vaccines store the information within the file itself, while external vaccines use another file to verify the original for possible changes.

Variant—A modified version of a virus. It is usually produced on purpose by the virus author or another person amending the virus code. If changes to the original are small, most antivirus products will also detect variants. However, if the changes are large, the variant may go undetected by antivirus software.

Virus—A computer program file capable or attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer’s memory and infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, and others damage files and computer systems, but neither is essential in the definition of a virus.

Virus hoaxes—Virus hoaxes are not viruses, but are usually emails warning people about a virus or other malicious software program. Some hoaxes cause as much trouble as viruses by causing massive amounts of unnecessary email. Most hoaxes contain one or more of the following characteristics:

  • Warnings about alleged new viruses and their damaging consequences.
  • Demands that the reader forward the warning to as many people as possible.
  • Pseudo-technical “information” describing the virus.
  • Bogus comment from officials: FBI, software companies, news agencies, etc.


Back to top >>

Warm boot—Restarting a computer without first turning off the power. Using CTL+ALT+DEL or the rest button on many computers can warm boot a machine.

Worm—Parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network.


Back to top >>

ZIP file—A compressed file. A zip archive contains compressed collections of zipped files. ZIP files are popular on the Internet because users can deliver multiple files in a single container, and the compressed files save disk space and download time. A ZIP file can contain viruses if any of the files packaged in it contain viruses.

Zombie—A PC that has been infected with a virus or Trojan horse that puts it under the remote control of an online hijacker. The hijacker uses it to generate spam or launch Denial of Service attacks.