(Credit: Jeffrey Hazelwood/PCMag; Getty Images)
An antivirus utility that only defends against viruses would be nearly useless. Computer viruses are just one type of threat, and not a common one at that. A proper antivirus program defends against all kinds of malicious software. When we encourage you to install antivirus protection, we’re talking about protection against all kinds of malware.
Why are viruses uncommon? Because coders—malware coders included—just want to make money. Like the revenge business, there’s not a lot of money in the virus business. Spyware steals personal data that the perps can sell, banking trojans steal directly from the source, and ransomware demands untraceable cash from its victims. There’s plenty of money to be had. Fortunately, modern antivirus utilities offer full-spectrum malware protection, eliminating all types of malicious software. The best software protects against all kinds of threats, so you usually don't need to know which is which.
Even so, situations may arise in which you do need to know one type of malware from another, and the many stories in the news about security breaches, hacks, and attacks can be confusing if you don't know the terms. Don't worry: Our quick and dirty guide to the most common types of threats you're likely to encounter (in the news, we hope, rather than in person) can help you get up to speed.
How Malware Spreads: Viruses, Worms, and Trojans Explained
A virus runs when the user launches an infected program or boots from an infected disk or USB drive. Viruses keep a low profile because they need to spread widely without being detected. Most of the time, the virus code simply infects new programs or disks. Eventually, often at a predefined date and time, the virus payload kicks in. Early virus payloads often involved mindless destruction or pointless showboating. These days, they're more likely to steal information or participate in a DDoS (Distributed Denial of Service) attack against a major website.
Worms are like viruses, but they can spread without any help from a user launching an infected program or mounting an infected disk. Simply put, a worm copies itself to another computer and then launches the copy. In 1988, the Morris worm, intended as a simple test to measure the budding internet, caused serious damage instead. While it wasn't meant to be malicious, its over-enthusiastic self-replication sucked up a huge amount of bandwidth.
Just as Greek forces fooled the people of Troy by concealing warriors inside the Trojan Horse, Trojan horse programs, or Trojans for short, conceal malicious code within a seemingly useful application. The game, utility, or other application typically performs its stated task, but sooner or later, it does something harmful. This type of threat spreads when users or websites inadvertently share it with others. Trojans can be real moneymakers. Banking trojans inject fake transactions to drain your online banking accounts. Other trojans steal your personal data so their creators can sell it on the dark web.
What Malware Does: Spyware, Adware, Rootkits, Bots, and More
Viruses, worms, and trojans are defined by the way they spread. Other malicious programs take their names from what they do. Spyware, as the name suggests, is software that spies on your computer and steals your passwords or other personal information. Spyware may also literally (and creepily) spy on you by peeking through your computer's webcam or listening in on conversations. Stalkerware, a type of spyware, takes over your phone and makes every aspect of your life available to whoever's stalking you. Many modern antivirus programs include components specifically designed for spyware protection.
Adware pops up unwanted advertisements, possibly targeted to your interests, by using information stolen by a spyware component. Sometimes the ads are so pervasive that they interfere with your normal computer use.
Rootkit technology hooks into the operating system to hide a malicious program's components. When a security program queries Windows for a list of files, the rootkit snags the list, removes its own name, and passes the compromised list to the requesting program. Rootkits can perform the same type of chicanery on Registry data requests.
A bot infestation doesn't actively harm your computer, but it makes your system complicit in harming others. It quietly waits until the owner or bot herder broadcasts a command. Then, along with hundreds or thousands of others, it does whatever it's told. Bots are often used to send spam, so the spammer's own systems aren't implicated.
Cryptojacking software hijacks your PC's CPU cycles to mine for bitcoin or other cryptocurrencies. It doesn't harm the PC, unless the added load causes overheating, but the affected computer is likely to be slow, slow, slow.
There’s a whole ecosystem of malware types. Some malicious programs exist specifically to aid in the distribution of other malware. These dropper programs tend to be tiny and unobtrusive themselves, but they can funnel a steady stream of other malware onto your computer. A dropper may receive instructions from its remote owner, as a bot does, to determine which malware it will distribute. The owner gets paid by other malware writers for this distribution service.
As the name suggests, ransomware holds your computer or your data for ransom. In the most common form, a ransomware threat will encrypt your documents and demand an untraceable ransom payment in exchange for the decryption key. In theory, your antivirus should handle ransomware just as it does any other kind of malware. However, since the consequences of missing a ransomware attack are so dire, you may also want to run a separate ransomware protection utility.
Fake Antivirus and Scareware: Security Threats That Pretend to Help
Not all antivirus programs are what they seem. Some are actually fakes, rogue programs that don't protect your security. At best, these programs offer no real protection; at worst, they include actively harmful elements. They work hard to scare you into paying for registration, so they're often called scareware. If you do register, you've both wasted your money and handed your credit card information to crooks.
Avoiding scareware is becoming increasingly difficult as the programs become more refined. Smart consumers check reviews before purchasing an antivirus or other security utility. Just stick to reputable sources—you’ll occasionally find review sites that are just as fake as the rogue programs they recommend.
Modern Protection Is Layered: Antivirus, Firewalls, and Beyond
The categories described above aren't mutually exclusive. For example, a single threat might propagate virus-style, steal your personal information like spyware, and use rootkit technology to hide from your antivirus software. A scareware program is a type of Trojan that might also steal private data.
Note that your security solution can also take multiple approaches. A full-scale security suite naturally includes an antivirus component, but it also includes other components that supplement that protection. The firewall prevents attacks from the internet and may also derail attempts to exploit system vulnerabilities. A spam filter shuts down attempts to sneak malware onto your computer in email. These days, many suites offer a VPN to protect your internet traffic, though access to all VPN features may require a separate payment.
The term malware encompasses all these types of malicious software. Any program with a harmful purpose is malware, pure and simple. Industry groups like the Anti-Malware Testing Standards Organization (AMTSO) use this term for clarity, but consumers know the term antivirus, not anti-malware. We're stuck with the word. Just remember that your antivirus should protect you against any and all malware.
Now you know how to distinguish the main classes of malicious software. We hope that you’ll never have direct experience with ransomware, spyware, or any other type of malware. If you’re still curious about these nasty programs and want to take a peek at their appearance, check out our feature on the many faces of malware.