There are many terms used by those in the antivirus software industry that are complicated and difficult to understand. Many of these terms are interlinked with other (equally confusing) terms making it hard to understand one without understanding them all. We have done our best to provide you with a comprehensive glossary that includes the most recent terminology, particularly that used on our site.

ActiveX - ActiveX controls are really an update of the OLE, or .OCX files. OLE (Object Linking and Embedding) files are used to do a variety of functions, such as installing, or ‘embedding,’ a calculator function into a word processor. However, ActiveX controls are used in conjunction with the Windows operating system, and because of this, developers must make version specific controls. Because Active X interacts with the operating system, it can cause security problems within the system., making it necessary to have a good antivirus program, such as NOD 32, installed.

Algorithms – A process that uses the step-by-step method to solve a problem. NOD32 software uses algorithms to identify the presence of a virus.

Anti-virus (also known as ‘Scanners’) - Anti-virus is the term used for the technology and software that acts to detect malicious codes, prevent these codes or files from infecting and damaging your system, and to also remove any malicious codes that have gotten through. Anti-virus vendors, share information and keep in constant contact to make sure any malicious code outbreaks are quickly reported and dealt with. Anti-virus vendors also usually participate in independent tests to check and certify their products for speed and thoroughness when detecting and disinfecting viruses. The original versions of anti-virus software look through files for malicious code as they enter the system, or as the user requests it (manually). More recent versions of antivirus programs, such as NOD 32, often depends on integrity checking, and sometimes behavior blocking to prevent files from unauthorized modifications, or to stop various sequences of code from changing anything internally.

Attachment - Attachments are files that are attached to an email, usually to save space within the body of the email. They often consist of large documents, or anything that takes up a lot of space and time to get through. Attachments are a very good method of spreading virus infections, and many recent virus outbreaks have effectively been spread to many systems by using email. The most infamous is an Internet worm known as the LoveLetter, which spanned across continents in a matter of hours through email. It is important to have an up-to-date antivirus program, such as NOD32, installed to detect any virus attacks. It is best to be aware as well; one of the best ways to identify viruses is by checking to see if any attachments carry a double extension; these are usually viruses. Another way to avoid contact with a virus is to be wary of any attachments, even from known addresses. Viruses often spread themselves by sending themselves to the addresses on an infected user’s email address list. Save all unexpected address files to a disk or a local drive, and then scan before opening.

Behaviour Blocking - Behavior blocking monitors prevent any possibly damaging modifications from being made to an operating system or related files. For example, behavior blockers can monitor the system registry and notify users if any files being executed are trying to modify it. Of course, some modifications are necessary, and benign, as when using a set up program within the registry. However, others are not benign and will attempt to modify the registry simply to cause trouble for you and your system. Behavior blocking can seem intrusive, but it is an important defence against viruses and all types of malware.

Boot Sector Virus - Boot sector viruses are spread through the use of infected floppy disks. This can happen when a user leaves a floppy disk in drive A:\.When the system is started up again, the computer attempts to boot the computer from the floppy disk. If the disk has a boot sector virus, the virus will attack the local drive. If the floppy disk isn’t a boot disk, the user will be told to remove it and reboot, however, the damage may have already been done. Some of these viruses are benign, but other can contain a malicious "payload." To prevent boot sector viruses, change your CMOS settings to boot from the local C:\ drive first, rather than from floppy.

Buffer – A storage medium used to compensate for different flow rates, with data or time sequences, when transferring data. They connect digital circuits operating at different rates, hold data for use at a later time, allow timing corrections to be made on a data stream, collect binary data bits into groups that can then be operated on as a unit, and delay the transit time of a signal in order to allow other operations to occur.

Buffer Overrun - A buffer overrun attack occurs when a malicious user exploits an unchecked or vulnerable buffer within a program, and overwrites that program’s code with their own data. This means the program will now do whatever the over-writer has told it to do. Buffer overrun attacks are possible because of the various security vulnerabilities that occur in many products.

Digital Signatures – A Digital signature is a code that can be attached to any electronically transmitted message. As with a written signature, it is used to verify the identity of the sender. Digital signatures are an important element of electronic commerce and are essential for authentication. Of course, to work the signature must be distinct and impossible to copy, and there are various encryption techniques to deal with this effectively.

Disinfection - Disinfection is used to clean or remove any infections within a computer system. Deletion, or removal, is used in some cases, as when the document or file is unnecessary, as with a Trojan. However, a document that is infected with a macro virus would only be cleaned, not deleted. With this process, only the infecting macros are removed, all others are left in place Though disinfection often leaves the file intact, it is possible that the file could be damaged from the attack. It is a good idea to restore files from a clean back up if possible, though some users do prefer disinfection as it is easier and simpler (and often safer, if you don’t know what you’re doing).

False Positive - False positives happen when a segment, or string of code, has qualities similar to a virus. Sometimes this is simply an accident, due to a faulty scanner, or it can happen if an incomplete disinfection is done by the anti-virus scanner. The main problem with false positives is more than mere annoyance. They can cause users to ignore legitimate warnings, if too many unnecessary warnings have occurred. It is important to discover the reason for the false positive, and this can be done by sending the file to the anti-virus vendors laboratory for analysis. Anti-virus software that includes behaviour blocking, or uses heuristics, has been known to cause false positives, so it is important that users only choose this type of product if they think it right and necessary for them. Vendors are working on ways to deal with these problems, and it is worthwhile to keep up to date on innovations being made.

Heuristics - Heuristics detect ‘in the wild,’ or unknown viruses, which have not yet been detected and dealt with by vendors. Heuristic scanning methods differ from vendor to vendor, however, their effectiveness is often impeded by the consumer’s desire for unobtrusive software. The main problem with heuristics is finding the balance between using less invasive techniques to detect viruses, and effectively and successfully detecting unknown viruses. To avoid a large amount of false positives detected in a system, some vendors offer users configurable options to change the level of heuristics being used, from less to more, depending on their personal needs. However, because of this it is harder to detect unknown viruses. The more concern for viruses and the damage they cause grows, the more heuristics will be used.

Hoaxes - Virus hoaxes developed right alongside of real viruses, causing confusion about which are authentic warnings and which should be ignored. The goal of every hoaxer is the same as that of the virus creator, to have the hoax spread as wide and as far as possible. This can result in mail servers being shut down if the hoax is believed, or legitimate virus warnings being doubted if it is disbelieved. These hoaxes may be harmless to your system, but they do result in less vigilance and/or increased paranoia, both of which can have serious consequences.

In the wild (also known as ‘ITW’) - In-The-Wild refers to viruses that are reported to the Wildlist.org by two separate sources. The Wildlist, which is published monthly, is the primary source of information regarding which viruses are currently infecting users. The Wildlist was put together by experts in the industry to keep a vigilant eye out for new viruses. It is used to identify new viruses by some anti-virus certification agencies. There is some controversy as to it’s usefulness, as critics of the Wildlist believe the reporting is not scientific enough to maintain accurate findings, while others see it as an important reporting resource.

Integrity Checker - Integrity checkers maintain those databases which contain information essential to the make up of computer files, particularly those which are critical system files. If a program tries to make any changes to these files, the integrity checker warns the user and asks for verification of the changes. Though the integrity checkers are a great way to maintain the critical elements of a system, you have to know what you’re doing to use them effectively.

Internet Worm - Unlike a virus, a worm does not infect computer files. To wreak havoc on your system it creates copies of itself. This is to take up as much space as possible on your PC, and create program problems. Internet worms are most prevalent today in the form of email attachments. Worms are responsible for as much damage as viruses, and are often used in conjunction with them. The LoveLetter virus is an example of this. It utilized a mass-mailing Internet worm, as well as a virus which overwrote files, and a Trojan, which stole passwords to access files.

Macro Viruses - Macro viruses are written in languages supported by some products, such as Word, Excel, or Microsoft Office. They are small programs embedded into a document, and have almost as much control of the system as the user does. Macro viruses are one of the most common methods used to attack a system, though Internet Worms are becoming more and more prevalent as well. This type of virus can cause any amount of trouble, such as overwriting programs. Despite innovations in systems defence, macro viruses continue to be a big problem. They spread by first infecting the global template, and then infect other documents that are accessed. Macro viruses vary in effectiveness, and at times they can only infect open documents.

Malware - Malicious code, in the form of viruses, worms, and Trojans, is also referred to as malware.

Payload - A payload refers to an action caused by a virus, whether it be as simple as leaving a tag ("have a good day") or causing more serious problems, as with ‘malicious payloads.’ These viruses get more media attention than those that merely spread quickly, because they often cause enormous damage to a system. The usual form a malicious payload will take involves overwriting certain essential files and programs. However, whether the virus results in any kind of payload at all, it puts a drain on the systems resources. A payload is not the only way to damage your system, especially with combination malware becoming more prevalent.

Polymorphic Virus - Polymorphic viruses will alter their codes to avoid being detected by anti-virus programs. These viruses encrypt themselves differently every time they infect, making it harder to track and prevent them. To prevent attacks by polymorphic viruses, specific signature codes are being developed to search for the different varieties within one type of virus.

Stealth - Stealth viruses hide within a system to avoid being detected by anti-virus programs. Stealth viruses will sometimes redirect calls (or information) to an infected file.

Trojan Horses - A Trojan horse is a program that performs unauthorized actions within a system, which are usually malicious. They can erase files, reformat a disk, or display certain messages. It is a program looks as if it’s legitimate but is actually malicious. Trojans are most effective at gaining backdoor access into a system. It will not infect other files, so cleaning of the system is not necessary. To get rid of a Trojan, you just need to delete the Trojan program. Trojans do not replicate or make copies of themselves, however they are often combined with viruses and worms which do.

Virus -Though it is unclear even within the anti-virus industry what actually constitutes a virus, one known element is that it is a program designed to replicate. Spread is achieved by infecting other files within a system. Viruses can also incorporate a payload, which is often malicious. The first PC virus was discovered in-the-wild in 1986, and today, there are over 54,000 viruses that are currently known. About 200 of the viruses that exist at any time are in-the-wild threats. Viruses have been made even more effective by being combined with worms and Trojans, to do more damage to a system while spreading faster.