The Antivirus Glossary: Explaining the Technical Terms

Katarina Glamoslija
Katarina Glamoslija Lead Cybersecurity Editor
Updated on: June 7, 2024
Fact Checked by Hazel Shaw
Katarina Glamoslija Katarina Glamoslija
Updated on: June 7, 2024 Lead Cybersecurity Editor

Navigating the world of antivirus software requires knowledge of technical terms and cybersecurity jargon. Whether you’re trying to decide between “heuristic detection” and “signature-based scanning” or distinguish between various forms of malware, a solid grasp of the terminology can significantly impact your choice of antivirus software.

Our Antivirus Glossary was written to clarify these concepts. Curated by our cybersecurity experts, it covers all the essential terms you need to know to make informed decisions about your digital security.



Any type of program that’s primary objective is to display unwanted ads in the form of pop-ups or banners. The developers earn money when a user clicks on them (pay per click).

The ads usually have a negative impact on the performance of your computer, slowing it down, redirecting you to another website, or changing your default browser. Some adware can also contain more sinister threats like spyware.

You can take a look at the best adware removal tools in 2024 here.


Android is an operating system for mobile devices developed by Google. It’s based on a mobile-optimized version of the Linux kernel. View our list of the top Android security apps here.


A program that scans your computer’s disk drives and/or programs for viruses. These programs usually quarantine and delete any threats they find. See the top 10 antivirus programs on the market.


Background Processes

Tasks that a computer is running in the background but which may be invisible to the user. For mobile apps, cleanup tools often promise to forcibly stop these in order to improve battery life and reduce CPU temperature. By contrast, programs that are “open” and visible are said to be running in the foreground.

Basic Input/Output System (BIOS)

The Basic Input/Output System (BIOS) is the very first software to run on your computer that serves as an interface between the motherboard and your operating system. It instructs the computer on how to perform certain tasks such as booting and it allows you to configure your hardware, such as the hard disk, keyboard, mouse, and printer.

Increasingly, viruses are targeting systems’ BIOS programs, so many vendors now include protection against them. On many new devices, BIOS is supplemented or replaced by a more modern form of boot firmware known as UEFI (Unified Extensible Firmware Interface).


This parental control tool allows users to create a list of URLs or IP addresses that a program will block. This is typically used when the website will not already be blocked by category-based filtering. Spam filters will usually use blacklists to reject specific email addresses and message content.

Brute Force Attack

A relatively unsophisticated cyber attack in which programs automatically generate passwords and attempt to gain access to a site or server by any means possible. It will try every alphanumeric combination to guess a password or login until it gets in, much like an army attacking a fort’s defenses.


Temporary resources that websites store on your computer to make their sites load faster in the future are stored in your computer’s cache. Unlike cookies, these are usually not user-specific resources, but rather technical elements such as images that determine how websites appear.


Cookies are files or messages that internet browsers place on your computer to help identify you on your next visit. These improve your browsing experience by allowing you to see a frequently accessed web page without, for example, having to log in each time.

The downside is that cookies can track your browsing habits across different sites, collecting a wealth of information about your online behavior. This data can be used to build detailed profiles without your explicit consent, leading to concerns about privacy invasion​.

Distributed Denial of Services (DDoS)

DDoS attacks target individual network resources from multiple computers at the same time. They are often used to sabotage large enterprise servers in the same way that an actual traffic jam works: it clogs up the highway, preventing regular cars from arriving at their destination on time.

Because blocking a single IP address will not stop the attack, they are often difficult to defend against.

European Institute of Computer Antivirus Research (EICAR)

The European Institute of Computer Antivirus Research (EICAR) produces a standard antivirus test file that can be used to test the effectiveness of a desktop antivirus tool – without introducing the risk of a real virus to the system.


Encryption is the process of converting readable information into code so that it can only be read by passing the file or data through a decryption key. It’s used to secure all sorts of information, ranging from files to internet connections to prevent unauthorized access.


This is any internet-capable device connected over a TCP/IP network. The term can be used to define desktops, smartphones, laptops, network printers, and point of sale (POS) terminals. The term is often encountered in the enterprise environment, where large numbers of “endpoints” may require centrally managed antivirus protection.

False Positive

This occurs when antivirus software wrongly claims that a safe file or a legitimate program is a virus. It can happen because code samples from known viruses are often also present in harmless programs. Read more about false positives here.


A firewall prevents computers outside of a Local Area Network (LAN) from gaining unauthorized access to machines “within” the network. Both Mac and Windows come with built-in firewalls and many antivirus tools include their own firewall component.

Heuristic-Based Scanning

Heuristic-based scanning is a method used by antivirus programs to detect new, unknown, or modified malware. Unlike traditional signature-based detection, which relies on known malware signatures, heuristic scanning analyzes the behavior and characteristics of files and programs to identify suspicious activity.

This proactive approach allows the antivirus software to catch emerging threats by evaluating code patterns and execution methods that are typically associated with malicious behavior. By doing so, it enhances the ability to detect zero-day exploits and polymorphic malware that might otherwise evade traditional detection methods.

Internet Protocol (IP) Address

An IP address is a unique numeric identifier assigned to an internet-connected device. Because geolocation systems can often map IP addresses to geographical locations, users often use Virtual Private Networks (VPNs) to reroute traffic through different servers to change users’ public IP addresses. Check out 2024‘s top VPNs here.


Apple’s operating system for mobile devices. It is the default operating system used on devices such as the iPhone, iPad, and iPod Touch. Take a look at the best iOS security apps here.

Internet Protocol (IP)

An Internet Protocol (IP) is the main communications tool that delivers information between the source and destination. It’s essentially a set of rules that dictate the format of data that’s sent over the internet or any other network.

Internet Service Provider (ISP)

An Internet Service Provider (ISP) is a company that provides internet connectivity to customers. Examples of ISPs include ComCast, Brightcast, or AT&T.


The core of an operating system that controls all the components connected to the computer. It also manages low-level system operations, including the allocation of system memory (RAM) and CPU resources.



Keyloggers record every keystroke that a user takes regardless of whether keys are being pressed on physical or virtual keyboards on a smartphone.

Because full keystroke histories typically contain usernames, passwords, and message communications, keyloggers can be used by criminals to steal personal information or, in more severe cases, for identity theft. Keylogger protection is an important component of any antivirus with phishing protection.


A family of operating systems built on the Linux kernel. The operating system is free and open-source and many variants (called “distributions”) exist; the most popular of which is Ubuntu. Although it is the dominant choice of operating system for servers, Linux has the smallest market share of the major desktop operating systems. View the best antiviruses for Linux in 2024.

Local Area Network (LAN)

A LAN is a network of connected IP devices. It can include both machines, such as desktops and laptops, and non-human interfaces, such as printers.


Apple’s current default operating system for the Mac product family, including both desktops and MacBook laptops. Check out the top macOS antiviruses here.


Malware refers to any software that’s created with the intent to cause harm. It can include traditional viruses as well as newer forms of malicious software such as adware, spyware, worms, and trojans.

Man-in-the-Middle Attack

A hacking strategy in which an attacker secretly delivers information between two parties who falsely believe they have a direct line of contact. For instance, a phisher could create a replica of Facebook on a local network in order to deceive users into logging in before stealing their account details. Read more about man-in-the-middle attacks in our blog post here.

On-Demand Scanning

An antivirus scan that the user manually initiates, as opposed to to automatic, scheduled scanning or real-time protection which runs continuously.

Peer-to-Peer (P2P)

Peer to peer networks allow connected computers to share resources in order to speed up the transmission of large files. Because they are often used to share content such as pirated movies and software illegally, many ISPs block their traffic.

Packet Sniffing

A hacking strategy in which attackers capture packets of information transmitted over a network, or whenever unencrypted communications (such as text messages) are successfully intercepted and inspected.

Packet Sniffing


A scam where an attacker contacts the victim by an electronic medium (usually e-mail) and deceives the victim into giving over sensitive information, such as login credentials, by pretending to have a legitimate request. The best antiviruses of 2024 all include anti-phishing protection.


A network port is a number identifying one side of a connection between two computers. Ports help computers determine which application or process is sending and receiving internet traffic. Limiting open ports to prevent unauthorized network entry is an important function of firewalls.

Port Scanners

Port scanners automatically scan networks for open (active) or listening ports. They can be used for genuine, “white hat” purposes by network administrators or by attackers searching for vulnerable machines to target.

Potentially Unwanted Application or Program (PUA or PUP)

Programs that users may not wish to have on their systems and may have been deceived into downloading. Because PUPs are often spyware or adware, many malware solutions will scan for them and prompt users to remove them if they are found.


An intermediary server that forwards connection requests and information between computer users and the servers they are trying to access. Unlike VPNs, they do not transmit the traffic over a secure, encrypted tunnel. Like VPNs, they can be used to avoid geolocation restrictions.

Random Access Memory (RAM)

Random Access Memory (RAM) provides the fastest read/write speeds of any hardware medium. It is the main memory resource of a computer and, unlike hard disk drives (HDDs) or solid-state drives (SSDs), its contents are deleted when the computer is turned off.


A form of malware that takes over a user’s computer before demanding a payment to self-delete. Ransomware usually demands payment via a cryptocurrency such as Bitcoin, which allows the cybercriminal to operate anonymously.

Real-Time Scanning

Continuously checks files on an operating system as they are accessed. Unlike on-demand scanning, it instantly detects and quarantines viruses as they are encountered. In mobile antivirus products, real-time protection scans newly downloaded apps as soon as they begin the installation process.


Clandestine computer programs that provide continuous elevated access to the criminals operating them. Elevated privileges provide administrative control over the operating system, so hackers can hide the existence of other malware operating in tandem on the same system. Read more about rootkits here.


Provides wireless and wired (Ethernet/RJ45) connectivity to a local network. They typically allow all devices on the local network to connect to the internet and enforce some basic firewall rules to regulate external access.


A testing environment that is separated from the main operating system, often by means of virtualization. It allows antivirus programs to safely open, test, and quarantine potential viruses without risking any damage to the user’s computer.

Sector Viruses

Viruses that target operating systems’ boot sectors (the firmware used to load the operating system). Boot firmware is typically either BIOS or its successor, UEFI.

Signature-Based Scanning

Detects viruses and malware based on known code excerpts, often called “definitions.” Signature-based scanning engines can be supplemented by heuristic tools, which rely on pattern-recognition to detect threats.

Social Engineering

Attempts to exploit human behavior for cyber crime, such as leaving a virus-infected USB drive where a victim is likely to discover it and insert it into a target computer or sending an email with a harmful link that claims to contain photographs of the victims.

Social Engineering


A type of malware that secretly records the user and transmits information to cyber criminals. Spyware can intercept microphones, webcams, and keyboards in order to capture potentially useful information. Many internet security tools offer protection against spyware.


A type of malware that disguises itself as legitimate software. This includes rogue antivirus software or programs that pose as detection tools but are actually malware.

Uniform Resource Locator (URL)

A Uniform Resource Locator (URL), typically referred to as a “web address,” is an alphanumeric domain name that makes it easy for users to access a specific website.


A type of malware that has the ability to replicate itself and spread to other computers. It relies on a desktop program to operate. The vast majority of viruses target Microsoft Windows.

Voice Over IP (VOIP)

Voice Over IP (VOIP) is used for transmitting voice communications through platforms like Skype.

Virtual Private Network (VPN)

A Virtual Private Network (VPN) functions as a secure tunnel for your internet traffic. It encrypts the data between your device and an intermediary server, which may be located elsewhere, securing your connection even in public Wi-Fi zones and hiding your real location.


A parental control tool that allows users to manually specify URLs that the program will allow access to. This is typically used when the website would otherwise be blocked by category-based filtering.


A self-replicating malware that spreads between computers. Unlike computer viruses, network worms do not need a host program and can spread over any form of network connection between IP endpoints.

Zero-Day Attacks

A fresh attack that exploits a newly discovered flaw in software, hardware, or firmware that hasn’t been identified and patched yet.

Because definitions haven’t been created to recognize it, zero-day attacks cannot always be stopped by traditional signature-based scanning engines. Heuristic and behavior-based tools often advertise their ability to identify these exploits. Read more about zero-day attacks here.

Choosing the Right Antivirus

Now that you have a better idea of what all of the important antivirus terms mean, we hope you’ll be better equipped to choose the best antivirus for your needs. Still unsure and looking for recommendations? Check out our top 10.

About the Author
Katarina Glamoslija
Katarina Glamoslija
Lead Cybersecurity Editor
Updated on: June 7, 2024

About the Author

Katarina Glamoslija is Lead Cybersecurity Editor at SafetyDetectives. She has more than a decade of experience researching, testing, and reviewing cybersecurity products and investigating best practices for online safety and data protection. Before joining SafetyDetectives, she led several tech websites, including one about antiviruses and another about VPNs. She also worked as a freelance writer and editor for tech, medical, and business publications. When she’s not a “Safety Detective”, she can be found traveling (and writing about it on her small travel blog), playing with her cats, and binge-watching crime dramas.

Leave a Comment