An antivirus utility that stuck strictly to defending against computer viruses would be nearly useless. Computer viruses are just one sort of threat and not a common sort at that. A proper antivirus program defends against all kinds of malicious software. When we encourage you to install antivirus protection, we’re talking about protection against all kinds of malware.
Why are viruses uncommon? Because coders—malware coders included—just want to make money. Like the revenge business, there’s not a lot of money in the virus business. Spyware steals personal data that the perps can sell, banking Trojans steal directly from the source, and ransomware demands untraceable cash from its victims. There’s plenty of money to be had. Fortunately, modern antivirus utilities offer full-spectrum malware protection, eliminating all types of malicious software. The best software protects against all kinds of threats, so you usually don’t need to know which is which.
Even so, situations may arise in which you do need to know one type of malware from another, and the many stories in the news about security breaches, hacks, and attacks can be confusing if you don’t know the terms. Don’t worry: Our quick and dirty guide to the most common types of threats you’re likely to encounter (in the news, we hope, rather than in person) can help you get up to speed.
Know Security Threats by How They Spread
A virus runs when the user launches an infected program or boots from an infected disk or USB drive. Viruses keep a low profile because they need to spread widely without being detected. Most of the time, the virus code simply infects new programs or disks. Eventually, often at a predefined date and time, the virus payload kicks in. Early virus payloads often involved mindless destruction or pointless showboating. These days they’re more likely to steal information or participate in a DDoS (Distributed Denial of Service) attack against a major website.
Worms are like viruses, but they can spread without any help from a user launching an infected program or mounting an infected disk. Simply put, a worm copies itself to another computer and then launches the copy. In 1988 the Morris worm(Opens in a new window), intended as a simple test to measure the budding internet, caused serious damage instead. While it wasn’t meant to be malicious, its over-enthusiastic self-replication sucked up a huge amount of bandwidth.
Just as Greek forces fooled the people of Troy by concealing warriors inside the Trojan Horse, Trojan horse programs, or Trojans for short, conceal malicious code within a seemingly useful application. The game, utility, or other application typically performs its stated task, but sooner or later, it does something harmful. This type of threat spreads when users or websites inadvertently share it with others. Trojans can be real moneymakers. Banking Trojans inject fake transactions to drain your online banking accounts. Other Trojans steal your personal data so their creators can sell it on the Dark Web.
Know Security Threats by What They Do
Viruses, worms, and Trojans are defined by the way they spread. Other malicious programs take their names from what they do. Spyware, not surprisingly, refers to software that spies on your computer and steals your passwords or other personal information. Spyware may also literally (and creepily) spy on you by peeking through your computer’s webcam or listening in on conversations. Stalkerware, a spyware variation, takes over your phone and makes every aspect of your life available to whoever’s stalking you. Many modern antivirus programs include components specifically designed for spyware protection.
Adware pops up unwanted advertisements, possibly targeted to your interests by using information stolen by a spyware component. Sometimes the ads are so prolific that they interfere with your normal use of the computer.
Rootkit technology hooks into the operating system to hide a malicious program’s components. When a security program queries Windows to get a list of files, the rootkit snags the list, deletes its own name, and passes the compromised list to the requesting program. Rootkits can perform the same type of chicanery on requests for data from the Registry.
A bot infestation doesn’t actively harm your computer, but it makes your system complicit in harming others. It quietly hides until the owner, or bot herder broadcasts a command. Then, along with hundreds or thousands of others, it does whatever it’s told. Bots are often used to send spam, so the spammer’s own systems aren’t implicated.
There’s a whole ecosystem of malware types. Some malicious programs exist specifically to aid in the distribution of other malware. These dropper programs tend to be tiny and unobtrusive themselves, but they can funnel a steady stream of other malware onto your computer. A dropper may receive instructions from its remote owner, as a bot does, to determine which malware it will distribute. The owner gets paid by other malware writers for this distribution service.
As the name suggests, ransomware holds your computer or your data for ransom. In the most common form, a ransomware threat will encrypt your documents and demand an untraceable ransom payment in exchange for the decryption key. In theory, your antivirus should handle ransomware just as it does any other kind of malware. However, since the consequences of missing a ransomware attack are so dire, you may also want to run a separate ransomware protection utility.
Not All Security Software Is Legitimate
Not all antivirus programs are what they seem. Some are actually fakes, rogue programs that don’t protect your security and do harm your bank balance. At best, these programs offer no real protection; at worst they include actively harmful elements. They work hard to scare you into paying for registration, so they’re often called scareware. If you do register, you’ve both wasted your money and handed your credit card information to crooks.
Recommended by Our Editors
Avoiding scareware gets more and more difficult as the programs get more refined. Smart consumers check reviews before purchasing an antivirus or other security utility. Just stick to reputable sources—you’ll occasionally find review sites that are just as fake as the rogue programs they recommend.
Mix and Match Protection for Your PC
The categories described above aren’t mutually exclusive. For example, a single threat might propagate virus-style, steal your personal information like spyware, and use rootkit technology to hide from your antivirus. A scareware program is a kind of Trojan, and it might also steal private data.
Note that your security solution can also take multiple approaches. A full-scale security suite naturally includes an antivirus component, but other components supplement that protection. The firewall prevents attacks from the internet and may also derail attempts to exploit system vulnerabilities. A spam filter shuts down attempts to sneak malware onto your computer in email. These days many suites offer a VPN to protect your internet traffic, though access to all VPN features may require a separate payment.
The term malware encompasses all these types of malicious software. Any program with a harmful purpose is a malware program, pure and simple. Industry groups like the Anti-Malware Testing Standards Organization (AMTSO)(Opens in a new window) use this term for clarity, but consumers know the term antivirus, not anti-malware. We’re stuck with the word. Just remember that your antivirus should protect you against any and all malware.
Now you know how to distinguish the main classes of malicious software. We hope that you’ll never have direct experience with ransomware, spyware, or any other type of malware. If you’re still curious about these nasty programs and want to take a peek at their appearance, check out our feature on the faces of malware.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.