Antivirus Glossary of Terms


A Microsoft technology that allows certain plug-ins to install when viewing some web pages (similar to a Java applet). The difference is, when installed, ActiveX can access the Windows Operating System directly.

This has caused a number of vulnerabilities that virus and spyware operators are able to exploit and thus download their malware directly to your operating system. When viewing a web page that asks you to install ActiveX Controls, and you don't absolutely need it, just say no.


A type of software that monitors a user's web-surfing habits then displays ads based on that data. Adware is usually bundled with another software (like a screensaver or toolbar) and downloaded along with that software.

The user typically has to agree to accept the adware, however, the agreement is usually buried in small print. While adware isn't typically dangerous in the sense that it doesn't steal any vital information, nor disable your system, it can be irritating--not to mention difficult to get rid of.

Signs of adware include pop-ups, a different, often unusual, experience when you visit websites, use search engines, or do other web activities. Among other things, you'll see things like pop-ups, your clicks being redirected through multiple websites, and slower than usual web browsing.

Adware, spyware, and malware are very similar and are typically lumped into one category "spyware" even though they're technically different.


Software that detects, destroys and prevents future spyware attacks. Antispyware software will scan your system when you install it. The software will then either quarantine or delete any infected files. Most antispyware software then offers some kind of real-time scanning to protect against future threats.


Software that detects, destroys, and prevents future viruses from infesting your computer system. Antivirus software will typically scan your system upon install in order to detect any virus infestations.

Today's best antivirus software will then quarantine or delete the infected files as you direct it to.

The antivirus software will then provide some kind of shield against future virus infections.


Backup versions of your files in case you need to restore your system after a malware attack. These files are usually compressed for easier storage as .zip or .rar.


A file (document or picture) that is "attached" to an email. Malicious sypware or viruses can be embedded in an attachment, then launched when you open them. Remember: don't open email attachments you aren't expecting--even if they're from someone you know.


A "doorway" into your PC system sometimes left there purposely by programers in case of emergency. Malware operators can often exploit these backdoors to install malicious software. Most antivirus and antispyware software can detect and protect backdoors.


A list of unwanted emails. The opposite would be a "whitelist" of trusted email senders. Anti-spam software use a blacklists to prevent spam.


A generic term for any problem or fault found in any software.


The process of cleaning up a computer system from viruses, spyware, or any other malware.


A software program that secretly downloads another, malicious software program. An example would be a harmless toolbar that you download to your PC which is loaded with third-party adware.

Executable files:

Files that enable a program to launch. Executable files can be good or bad depending on what they intend to do. Typically, executable files end in the extension: .exe

False Positive:

A false reading of a safe file. Sometimes, virus or spyware scanners will find a safe file and accidentally label it as malicious. Usually, this is remedied upon the next scan. However, this can become annoying and leaving you less confident in your scanner's ability to detect real malware.

File Virus:

A virus that lays dormant in a safe file until that file is executed. The virus then becomes active and often destroys that file in the process. The only solution typically is to delete the file and recover it from a backup copy.


A real-time scanning technology that attempts to protect against unknown malware before it attacks your computer.

Hoax: A fake warning started by malware programmers. The virus is often embedded in this fake warning. If you get a warning about a security threat, the hoax intends for you to pass it along to other, innocent people thus spreading the virus.


One of the most popular mechanisms for downloading email into a mail client like Microsoft Outlook, Microsoft Outlook Express, or Mozilla Thunderbird.

IMAP, the Internet Message Access Protocol, is designed to allow a user access to his or her email from multiple computers such that all emails sent, received, and deleted (and even your folders) are automatically "synced" to other computers with access to your account.

IMAP is often used by people who need access to email from multiple areas at once like the office, home, and a laptop. With IMAP emails sent from one computer automatically appear in your 'Sent' items on your other computers, too.

Because of this any viruses that get emailed to you on one computer are also on your other computers, too, which is yet another reason why installing antivirus software on every computer is so critical.


A type of spyware that captures every keyboard stroke. This technology can either be used by parents wanting to capture logins and passwords to monitor their children, or it can be used by spyware to steal logins and passwords to sensitive sites like online banks.


Any type of software that causes harm or discomfort to the user or system (short for Malicious Software). Included types of malware are: viruses, spyware, adware, keyloggers, rootkits, etc.

On-Demand Scanner:

A type of technology that can scan your computer for infestations on-demand. Antivirus, antispyware, antiadware, and firewalls typically have the ability to scan your PC whenever you choose.


A method of gathering information from a user: like credit card numbers, social security numbers, login info, passwords, etc. Phishers typically draw the user onto a fake site (like an online banking site for instance) and require the user to type in their personal account info. Phishing is commonly associated with identity theft.


(Post Office Protocol Version 3) This is a method that allows an email client to download emails from the mail server (ex: Outlook or Thunderbird). This is often a vulnerable port that malware operators can exploit.

Proxy Server:

These servers can be either hardware or software and are designed to store local copies on a network of web sites elsewhere on the Internet.

When used for good, proxy servers can significantly speed up how quickly a web page loads because your computer only needs to go as far as the proxy server to retrieve the web page instead of getting it from the real web site.

When used for evil, proxy servers can silently redirect you through nefarious links and web pages that are made to look and function identically to the real web pages you're expecting. Most commonly in this form they're used for click fraud, identity theft, or credit card fraud.

Real-time Scanner:

A type of technology that continuously scans your PC for incoming attacks. Sometimes, this can be a drain on stystem resources slowing your computer down. However, real-time scanning can prevent most malware attacks.


A bundle of software applications (a "kit") that can directly access the highest permissions levels on your computer (the "root"). Rootkits can embed and operate completely undetected by the user.

Malicious rootkits are designed to take control of a computer at its very deepest core levels by changing files and settings to suit its needs.

Rootkit detection can be very, very tricky, and it's a vital piece of newer anti-virus and anti-spyware applications.


(Simple Mail Transfer Protocol) The method of transmitting email over the internet. Email can then be download from the mail server by POP3 or IMAP.

Spam A wide range of unwanted advertisements. Spam can be delivered in email, web site pop-ups, or adware. Spam is typically not dangerous, but can also include viruses from time to time.


Any software that is installed secretly and is used to collect surfing information, login passwords, credit card numbers, etc. Spyware, viruses, adware are technically different, but overlap in many ways. The end result is that spyware is unwanted and malicious software.

Social Engineering:

This is a type of computer attack where the victim is tricked into doing something by a person or program, often so that malicious software can be installed onto the victim's computer. Social engineering could be considered the electronic version of a "con," where someone is duped into thinking something is safe and/or true when in fact it's actually dangerous and/or false.

The most common form of social engineering happens when a user is tricked by an application--often in the form of a pop-up window, email, or phony web page--into installing malicious software.

Commonly, these attacks come in the form of scare tactics like pop-up web pages or other windows (often that look identical to legitimate ones) that warn the unsuspecting user of some phony threat like viruses detected on the user's computer when in fact no such threat exists.

If the victim heeds the phony warning and takes the recommended action, they instantly install the malware, trojan, virus, or other malicious software.

Time bomb:

A virus that will lie dormant until a specific time or date before it becomes active.


Like the old Greek story, a Trojan (as in "Trojan Horse") is a piece of software that appears harmless, but is in fact malicious. Trojans dupe the user into thinking they are harmless until they're installed on the user's computer and it's too late.


A piece of malicious software that creates unwanted behavior in your PC. Viruses typically reproduce themselves allowing them to infect other computers as they are unknowingly passed along. Viruses can cause damage to files, disks, and hard drives, and can even destroy everything on a computer.

Virus signature files:

Lists of known viruses currently circulating. Antivirus software relies in part on these lists of known viruses so their software can block infection.


A list of "friendly" email addresses. The opposite would be a "blacklist" of unwanted email addresses like spammers or phishers. A whitelist only allows known email addresses to be delivered.


A self-replicating program designed to send copies of itself to other computers on a local network or out on the Internet at large. While worms may not necessarily viruses themselves, even if they aren't they can still create backdoors for viruses to exploit.

Worms can be extremely dangerous because often they can operate without any human intervention, leaping unchecked from one computer to another until they're reigned in by network administrators, security personnel, and end users.

As with viruses, good antivirus software can detect and eliminate worms.