50 antivirus and PC security terms everyone should know

Internet security is a complex topic even for experts in the field, and for average people the terminology can be downright confusing. While you may not need to know every technical term out there, having a working vocabulary of basic terms can help you stay informed enough to protect yourself against major threats.

If you know what a phishing email is, for example, you can be on the lookout and avoid this common danger. This lexicon of the most important security terms will help you make sense of security alerts and help equip you to take appropriate steps to protect your home network and computers.

Further reading: PCWorld picks the best antivirus software of 2024

Key security terms

Computer systems and networks employ a variety of techniques to protect you and your data from unauthorized access. Here are the most common terms that describe ways of protecting your data.

2FA: Short for “Two-Factor Authentication,” it’s a method to secure online accounts by adding an additional “factor” beyond a password. It could be a text-message confirmation or a code generated by a trusted app for this purpose. If 2FA is available for your accounts, start using this feature.

Authentication: Confirms authorized access to a platform or account, typically by password, biometrics, or code confirmation.

Biometrics: The use of physical characteristics such as facial geometry or fingerprints as a means of secure authentication. Fingerprint sensors on laptops and Windows Hello cameras are common biometric security features that make logging in easier and more secure than a password.

Certificate Authentication: Using a record digitally signed by a trusted authority to validate the authenticity of a website, file, or system.

Encryption: A method to obscure or hide sensitive information by scrambling it in a predetermined way. Encrypting hard drives and other storage devices can help protect your data if your device falls into the wrong hands, while encryption on network connections protects against data from being intercepted by a third party as it travels over the network.

Risk and exploit terms

These important terms describe common dangers and tactics used by hackers and criminals. When shopping for security software, look for options that protect against all threat types and alert you when your information appears on the dark web.

Backdoor: A security exploit in which an attacker creates a covert way of accessing a system—that is, they exploit a “back door” that’s been left open on your PC.

Boot Record Infector: Also known as an MBR (Master Boot Record) infector, it’s a form of virus that targets a portion of the hard drive that is loaded as the computer system boots. It can be exploited to potentially bypass the operating system’s security features.

Botnet: Short for “robot network,” it’s the use of large numbers of infected computers by criminals, usually to overwhelm the security or infrastructure of a target system. 

Brute Force: The use of large numbers of combinations of letters and numbers in an attempt to eventually hit upon a username and password combination.

Crimeware: Malware used by cybercriminals to perform criminal acts, such as trojan horse viruses that add infected computers to botnets.

Dark Web: A type of shadow network for the internet that uses specific software to anonymize traffic. The dark web is often used for the transmission of illegal or stolen data, including stolen passwords. Security services that monitor the dark web search these networks and alert users if their information is discovered.

Data Mining: The use of large data sets to find correlations about a specific target. By discovering data elements about an individual across multiple websites or databases, attackers can gather enough information to carry out an attack or commit identity theft.

Denial of Service: An attack in which the target system is deliberately overwhelmed by traffic in order to prevent its normal operation. Often carried out by botnets.

Dictionary Attack: A form of automated brute force attack in which a large set of common terms is used to arrive at a user’s password.

Fault Attack: A method used by hackers to gain access to a system by introducing errors into some part of it, such as by sending intentionally malformed data packets to a server or web browser in order to bypass its normal functioning.

Hijack: To gain control of a compromised computer or network connection, with the ability to use it for nefarious purposes.

IP Spoofing: A method of altering a signal to appear to come from an IP address other than its own, usually in order to conceal its actual origin or to impersonate another system. Can be used to bypass international content access restrictions, such as for media streaming.

Kernel Attack: A security exploit that modifies the operating system’s core code (known as the kernel) to create channels for stealing information or gaining control access to the system.

Malware: Software that performs malicious acts on a computer system. Examples: a virus, trojan horse, or a key-logger that records what you type to capture passwords and other information.

Man-in-the-Middle Attack: An attack in which traffic between two systems is intercepted and potentially modified by the attacker. It can be used to steal intercepted data or to insert corrupted information for other purposes.

Masquerade Attack: A method of gaining access to a system by impersonating, or using the credentials of, a legitimate user or system.

Password Cracking: The practice of accessing a system by discovering a working password, such as by a dictionary attack. 

Password Sniffing: A method of discovering user credentials by monitoring network traffic for unencrypted passwords.

Pharming: A method of stealing users’ data by redirecting traffic to a spoofed website where users might enter their login credentials or other identifying information, believing they are on the valid site. Often used in conjunction with phishing attacks.

Phishing: A form of social engineering attack intended to lure victims into revealing sensitive data such as usernames and passwords, usually by email or text message. Phishing messages typically include content and images designed to look as though they come from trusted brands, such as a bank or online retailer.

Port Scan: A method used by attackers to discover entry points for a computer system. By scanning for ports on a network or computer, hackers can discover which ports are available, what types of services are running on the computers within the network, and other details that can enable access into systems.

Ransomware: A type of malware intended to lock the user out of their system or steal sensitive or embarrassing data, with the intention of extorting users into paying to regain access or prevent the release of information.

Session Hijacking: A means of gaining access to a user’s online account by taking control of an established connection, such as by duplicating active cookie data from the user’s session. Website connections are secured within sessions, which expire after a predetermined period of time. By presenting a copy of an unexpired session’s cookie to a website, attackers can impersonate the user and gain access. 

Sniffing: Any method of detecting and collecting data over a network transmission. Often used to discover passwords over wireless networks.

Social Engineering: A variety of methods that may be used to exploit human social vulnerabilities to gather sensitive information or gain access to systems. Can include phishing, phone scams, impersonation of trusted people, and other techniques.

Spoof: Any deceptive method of modifying a system or account to appear to be something that it is not, such as by modifying a computer’s IP address to gain access to restricted content or making a phishing email or fake website appear to belong to a trusted brand in order to fool visitors.

Trojan Horse: A type of malware hidden within an apparently safe application in order to place malicious code onto the computer.

Virus: A type of malware that spreads by producing copies of itself and inserting them into other files and systems.

Warchalking/-dialing/-driving: A practice in which hackers discover and identify potential targets, either by driving through neighborhoods and scanning for wireless networks (wardriving), walking around to do the same and marking targets in a visible way (warchalking), or auto-dialing phone numbers to discover computers that may be accessible by modem (wardialing). If you’ve ever picked up the phone and heard the screeching sounds of a modem in your ear, that may have been a war-dialing call.

Networking security terms

Even the simplest home network usually has the following devices or features to help keep intruders out and protect your data. 

Access Control: A feature in routers to allow or block specific devices from joining a network.

Firewall: A device or software program that restricts access to a computer or network. Your firewall allows you to set up permissions on what gets in and out.

Router: A device that manages access and traffic flow on a network, assigns addresses to computers within the network, and directs the flow of connections between systems within the network. A home router typically connects to the modem from the internet service provider and serves as a central hub for devices within the home network to reach each other and the internet. Most routers include firewall and access control features to help protect networks from intrusion. To fully secure your home network, it’s good to get to know your router’s capabilities.

Internet security terms

To help protect users and prevent data from being intercepted online, websites and apps use these common technologies and techniques.

Cookie: A data file used by systems such as websites to identify and track users, often containing configuration information specific to that user. Cookies can contain personally identifying information and session data that can be used in accessing users’ accounts. When you leave a website login active, your session cookie data can be used to regain access to your account. Consciously logging out of websites when you’re done with them can help prevent this.

HTTPS: Secure hypertext transfer protocol, the “S” indicates a connection protected by a signed certificate from a trusted issuer—as opposed to plain HTTP, which is not secure. Basically, if you care about online security, any website that traffics in your personal data should have an address that starts with HTTPS.

Internet Protocol (IP): This is the standard method of connecting computers over the internet, in which each system has a unique numerical or alphanumeric address, known as an IP address. (Examples: 192.168.1.72 for IP version 4, or 2001:0db8:85a3:0000:0000:8a2e:0370:7334 for IP version 6. Both versions of IP addresses are currently in widespread use.) Some cyber-attacks involve tampering with IP addresses to appear to come from trusted sources.

Secure Sockets Layer (SSL): A security standard that identifies trusted systems on the internet through the use of digitally signed security. This is the standard used by HTTPS to verify the identity of a website.

Business security terms

At work, your IT department probably employs these practices to keep company data and systems safe.

Least Privilege: A security principle in which any given system or user receives only as much access as required to perform their essential functions, such as by withholding administrator access to the computer to prevent unintentional configuration changes that could compromise security. In business IT, users are generally given only basic access to their company-issued PCs for this reason. Home users might apply this principle in setting up children’s computers.

VPN (Virtual Private Network): A virtual private network is a means of securely connecting multiple computers across the internet in a way that functions like an internal network. Many companies require workers to access sensitive systems over a VPN rather than through the open internet. Home users can also use a VPN to add a layer of privacy as they surf the web.

Other Important Computer and Security Terms

Daemon: A program that runs as an automated background process on a computer system. Most daemons are benign, but many malware programs add daemons to monitor user activity and await instructions from hackers over the internet.

Decryption: The restoration of encrypted data or text to a readable state, usually by means of secure authentication.

Honey pot: A deliberately exposed system, usually loaded with apparently valuable data, intended to attract and trap attackers. Network administrators and law enforcement officers sometimes use honey pots to catch cybercriminals. A few home security firewalls now include honeypot features that can detect attempts to access them and alert you to intrudors.

Plaintext: Unencrypted text content. As opposed to ciphertext, which is encrypted. Sensitive information such as passwords should never be stored as plaintext on any system.

Root: The core admin or superuser account on a Unix-like operating system such as MacOS and Linux. Most modern Unix-like systems disable the root account by default to prevent unauthorized access to the superuser functions. A goal of many cyber attacks is to gain root access and take full control of a system.

Spam: Unwanted messages, usually via email, but increasingly common in text messaging and social media. Not necessarily dangerous, but can include phishing attacks and scams.

Zero Day: The first day in which a new vulnerability is discovered, considered the most vulnerable period for any given risk as attackers gain awareness of the vulnerability and may move to exploit it before users are able to patch their systems with a defense.