Are you looking for the right antivirus but have no idea what any of the terminology or hacker lingo means? How can you decide whether you need heuristic detection or real-time protection, or protection against phishing or malware if you don’t know the differences between them?
Let our cybersecurity experts define all the important terminology so that they make a bit more sense, whether you’re an amateur looking for a basic breakdown or a professional needing a quick reference list.
Any type of program that’s primary objective is to display unwanted ads in the form of pop-ups or banners. The developers earn money when a user clicks on them (pay per click).
The ads usually have a negative impact on the performance of your computer, slowing it down, redirecting you to another website or changing your default browser. Some adware can also contain more sinister threats like spyware.
Android is an operating system for mobile devices developed by Google. It’s based on a mobile-optimized version of the Linux kernel.
Tasks that a computer is running in the background but which may be invisible to the user. For mobile apps, cleanup tools often promise to forcibly stop these in order to improve battery life and reduce CPU temperature. By contrast, programs that are “open” and visible are said to be running in the foreground.
Basic Input/Output System (BIOS)
The Basic Input/Output System (BIOS) is the very first software to run on your computer that serves as an interface between the motherboard and your operating system. It instructs the computer on how to perform certain tasks such as booting and it allows you to configure your hardware, such as the hard disk, keyboard, mouse and printer.
Increasingly, viruses are targeting systems’ BIOS programs, so many vendors now include protection against them. BIOS is about to be replaced by a more modern form of boot firmware known as UEFI (Unified Extensible Firmware Interface).
This parental control tool allows users to create a list of URLs or IP addresses that a program will block. This is typically used when the website will not already be blocked by category-based filtering. Spam filters will usually use blacklists to reject specific email addresses and message content.
Brute Force Attack
A relatively unsophisticated cyber attack in which programs automatically generate and attempt to gain access to a site or server by any means possible. It will try every alphanumeric combination to guess a password or login until it gets in, much like an army attacking a fort’s defenses.
Temporary resources that websites store on your computer to make their sites load faster in the future are stored in your computer’s cache. Unlike cookies, these are usually not user-specific resources, but rather technical elements such as images that determine how websites appear.
Cookies are files or messages that internet browsers place on your computer to help identify you on your next visit. These improve your browsing experience by allowing you to see a frequently accessed web page without, for example, having to log in each time.
Distributed Denial of Services (DDoS)
DDoS attacks target individual network resources from multiple computers at the same time. They are often used to sabotage large enterprise servers in the same way that an actual traffic jam works: it clogs up the highway, preventing regular cars from arriving at their destination on time.
Because blocking a single IP address will not stop the attack, they are often difficult to defend against.
European Institute of Computer Antivirus Research (EICAR)
The European Institute of Computer Antivirus Research (EICAR) produces a standard antivirus test file that can be used to test the effectiveness of a desktop antivirus tool – without introducing the risk of a real virus to the system.
Encryption is the process of converting readable information into code so that it can only be read by passing the file or data through a decryption key. It’s used to secure all sorts of information ranging from files to internet connections to prevent unauthorized access.
This is any internet-capable device connected over a TCP/IP network. The term can be used to define desktops, smartphones, laptops, network printers, and point of sale (POS) terminals. The term is often encountered in the enterprise environment, where large numbers of “endpoints” may require centrally-managed antivirus protection.
This occurs when an antivirus software wrongly claims that a safe file or a legitimate program is a virus. It can happen because code samples from known viruses are often also present in harmless programs.
A firewall prevents computers outside of a Local Area Network (LAN) from gaining unauthorized access to machines “within” the network. Both Mac and Windows come with built-in firewalls and many antivirus tools include their own firewall component.
Heuristic-based scanning monitors program commands that could be a threat to system health. It is also referred to as “behavior-based” scanning.
Internet Protocol (IP) Address
An IP address is a unique numeric identifier assigned to an internet-connected device. Because geolocation systems can often map IP addresses to geographical locations, users often use Virtual Private Networks (VPNs) to reroute traffic through different servers to change users’ public IP addresses.
Apple’s operating system for mobile devices. It is the default operating system used on devices such as the iPhone, iPad, and iPod Touch.
Internet Protocol (IP)
An Internet Protocol (IP) is the main communications tool that delivers information between the source and destination. It’s essentially a set of rules that dictate the format of data that’s sent over the internet or any other network.
Internet Service Provider (ISP)
An Internet Service Provider (ISP) is a company that provides internet connectivity to customers. Examples of ISPs include ComCast, Brightcast or AT&T.
The core of an operating system that controls all the components connected to the computer. It also manages low-level system operations, including the allocation of system memory (RAM) and CPU resources.
Keyloggers record every keystroke that a user takes regardless of whether keys are being pressed on physical or virtual keyboards on a smartphone.
Because full keystroke histories typically contain usernames, passwords, and message communications, keyloggers can be used by criminals to steal personal information or, in more severe cases, for identity theft. Keylogger protection is an important component of any antivirus with phishing protection.
A family of operating systems built on the Linux kernel. The operating system is free and open-source and many variants (called “distributions”) exist; the most popular of which is Ubuntu. Although it is the dominant choice of operating system for servers, Linux has the smallest market share of the major desktop operating systems.
Local Area Network (LAN)
A LAN is a network of connected IP devices. It can include both machines, such as desktops and laptops, and non-human interfaces, such as printers.
Apple’s current default operating system for the Mac product family, including both desktops and MacBook laptops.
Malware refers to any software that’s created with an intent to cause harm. It can include traditional viruses as well as newer forms of malicious software such as adware, spyware, worms, and Trojans.
A hacking strategy in which an attacker secretly delivers information between two parties who falsely believe they have a direct line of contact. For instance, a phisher could create a replica of Facebook on a local network in order to deceive users into logging in before stealing their account details.
An antivirus scan that the user manually initiates. It can be compared to automatic, scheduled scanning or real-time protection which runs continuously.
Peer to Peer (P2P)
Peer to peer networks allow connected computers to share resources in order to speed up the transmission of large files. Because they are often used to share content such as pirated movies and software illegally, many ISPs block their traffic.
A hacking strategy in which attackers capture packets of information transmitted over a network, or whenever unencrypted communications (such as text messages) are successfully intercepted and inspected.
A scam where an attacker contacts the victim by an electronic medium (usually e-mail) and deceives the victim into giving over sensitive information, such as login credentials, by pretending to have a legitimate request.
A network port is a number identifying one side of a connection between two computers. Ports help computers determine which application or process is sending and receiving internet traffic. Limiting open ports to prevent unauthorized network entry is an important function of firewalls.
Port scanners automatically scan networks for open (active) or listening ports. They can be used for genuine, “white hat” purposes by network administrators or by attackers searching for vulnerable machines to target.
Potentially Unwanted Application or Program (PUA or PUP)
Programs that users may not wish to have on their systems and may have been deceived into downloading. Because PUPs are often spyware or adware, many malware solutions will scan for them and prompt users to remove them if they are found.
An intermediary server that forwards connection requests and information between computer users and the servers they are trying to access. Unlike VPNs, they do not transmit the traffic over a secure, encrypted tunnel. Like VPNs, they can be used to avoid geolocation restrictions.
Random Access Memory (RAM)
Random Access Memory (RAM) provides the fastest read/write speeds of any hardware medium. It is the main memory resource of a computer and, unlike hard disk drives (HDDs) or solid-state drives (SSDs), its contents are deleted when the computer is turned off.
A form of malware that takes over a user’s computer before demanding a payment to self-delete. Ransomware usually demands payment via a cryptocurrency such as Bitcoin, which allows the cybercriminal to operate anonymously.
Continuously checks files on an operating system as they are accessed. Unlike on-demand scanning, it instantly detects and quarantines viruses as they are encountered. In mobile antivirus products, these scan newly downloaded apps as soon as they begin the installation process.
Clandestine computer programs that provide continuous elevated access to the criminals operating them. Elevated privileges provide administrative control over the operating system, so hackers can hide the existence of other malware operating in tandem on the same system.
Provides wireless and wired (Ethernet/RJ45) connectivity to a local network. They typically allow all devices on the local network to connect to the internet and enforce some basic firewall rules to regulate external access.
A testing environment that is separated from the main operating system, often by means of virtualization. It allows antivirus programs to safely open, test, and quarantine potential viruses without risking any damage to the user’s computer.
Viruses that target operating systems’ boot sectors (the firmware used to load the operating system). Boot firmware is typically either BIOS or its successor, UEFI.
Detects viruses and malware based on known code excerpts, often called “definitions.” Signature-based scanning engines can be supplemented by heuristic tools, which rely on pattern-recognition to detect threats.
Attempts to exploit human behavior for cyber crime, such as leaving a virus-infected USB drive where a victim is likely to discover it and insert it into a target computer or sending an email with a harmful link that claims to contain photographs of the victims.
A type of malware that secretly records the user and transmits information to cyber criminals. Spyware can intercept microphones, webcams, and keyboards in order to capture potentially useful information. Many internet security tools offer protection against spyware.
A type of malware that disguises itself as legitimate software. This includes rogue antivirus software or programs that pose as detection tools but are actually malware.
Uniform Resource Locator (URL)
A Uniform Resource Locator (URL), typically referred to as a “web address,” is an alphanumeric domain name that makes it easy for users to access a specific website.
A type of malware that has the ability to replicate itself and spread to other computers. It relies on a desktop program to operate. The vast majority of viruses target Microsoft Windows.
Voice Over IP (VOIP)
Voice Over IP (VOIP) is used for transmitting voice communications through platforms like Skype.
Virtual Private Network (VPN)
A Virtual Private Network (VPN) allows users to tunnel and encrypt their internet traffic between their connection point and an intermediary server, often in another geographical location. VPNs use encryption to secure connections over untrusted connection points like public Wi-Fi spots and mask the user’s true location.
A parental control tool that allows users to manually specify URLs that the program will allow access to. This is typically used when the website would otherwise be blocked by category-based filtering.
A fresh attack that exploits a newly discovered flaw in software, hardware, or firmware that hasn’t been identified and patched yet.
Because definitions haven’t been created to recognize it, zero-day attacks cannot always be stopped by traditional signature-based scanning engines. Heuristic and behavior-based tools often advertise their ability to identify these exploits.
Choosing the Right Antivirus
Now that you have a better idea of what all of the important antivirus terms mean, we hope you’ll be better equipped to choose the best antivirus for your needs. Still unsure and looking for recommendations? We’ve tested out 47 of the antivirus programs available today. Check out our top 10.