Spyware, Malware, and Viruses Oh My! – Understanding the Differences

Malicious Software is an issue that as an IT Company we have to deal with on an almost daily basis. The amount of Malware out on the internet is immense and growing every day. Recent research shows that there are over 15 million different pieces of malware out there. I know this may seem like an astronomical number but rest assured that nearly all of these samples have been detected and can be cleaned.  I wanted to take a moment and define some of the terms that we use so you (clients and interested readers) have a better understanding of what we are talking about.

Malware or malicious software is a piece of computer software designed to compromise or damage a computer system without the consent of its user.  Since this is an extremely broad term that covers viruses, worms, trojan horses, rootkits, spyware and adware, we thought it would be helpful to separate and define each category.

A virus is a program that is capable of reproducing its executable code to infest a target from a host machine without the consent of the targeted user.  A virus can not spread on its own, it requires installation by the user. This can be over an office network, via email or even through a floppy, CD, DVD,  or USB drive. In order to run, viruses often attach themselves to legitimate pieces of software.

Worms are much like viruses except that they exploit security vulnerabilities to spread themselves to other computers without the any involvement from the user. Like viruses, a worm may carry instructions to perform other malicious actions other than just propagating itself across the network.

Trojan Horses are named as such because of the way that the piece of malware works. Trojan horses or ‘Trojans’ are any program that convince a user to run it, while concealing a malicious payload. The effect of running this Trojan can be as severe as deleting user files or the creation of a staging ground for the installation and execution of more malicious or unwanted software.

Rootkits are not really malware by definition but they are associated with malware. A rootkit was originally a set of tools that a human attacker would install on a system in order to stay concealed. We now use the term ‘Rootkit’ to describe code or full programs whose sole purpose is to conceal the activities of other malicious code.

Spyware and adware are typically known to fit into the ‘malware for profit’ category and are generally not too dangerous. These flavors of malware tend to alter the users browser behavior to benefit the creator of the program. Pop-Ups and Browser redirection are very telling signs that you have yourself a spyware or adware infection.

We may not be able to completely eliminate malware, but through careful computing practices and regular malware scans we can minimize its impact. In subsequent posts, we will show you how to develop good computing habits to avoid this type of malicious software and to insure that your computer remains healthy.