How F-Secure classifies threats

F-Secure separates threats into four Categories based on the potential level of harm a program may pose to the user's device or data.

Threats in each Category are then identified by Type based on the kind of actions the suspect programs perform.


Programs categorized as Malware pose a significant security risk to the user's system and/or information.

Types of programs in the Malware category include viruses, worms and trojans, among other threats. These threats can perform harmful actions such as stealing personal or program data, secretly manipulating the device or installed programs, or completely blocking the user from using the device.

Malware is usually automatically disinfected by F-Secure Antivirus products.

Types of Malware

Virus Integrates its own code into program or data files and spreads by integrating itself into more files each time an affected file is run.

Uses computer or network resources to make complete copies of itself and distribute them to other victims. May include code or other malware to damage both the system and the network.

Worms can also be typed more specifically based on the kind of network they use to spread:

  • Net-Worm: over a local network or the Internet
  • Email-Worm: via emails, either contained in the email itself or as file attachments
  • P2P-Worm: in files sent over peer-to-peer (P2P0 networks
  • IM-Worm: over instant messaging (IM) networks
  • IRC-Worm: over Internet Relay Chat (IRC) channels
  • Bluetooth-Worm: via Bluetooth broadcasting
Rootkit Hides itself or other files from the device's security programs; can be used by remote users to manipulate the device.
Backdoor Allows remote users to manipulate a program, computer or network.

Uses misdirection, misinformation, omission or outright fraud to trick the user into installing or running it, so that it can perform potentially unwanted/harmful actions. It does not replicate.

Trojans can be typed more specifically based on the kind of actions they secretly perform:

  • Trojan-Spy: installs spying programs such as keyloggers
  • Trojan-PWS: steals passwords and other sensitive information
  • Trojan-Downloader: downloads programs from a remote server, then installs and launches them
  • Trojan-Dropper: carries at least one program, which it installs and launches
  • Trojan-Proxy: allows remote users to turn the infected system into a proxy server to anonymously
  • Trojan-Dialer: connects to the Internet via over premium-rate telephone lines. May also lead to unsolicited or inappropriate sites.
Rogue Uses high-pressure, or misleading messaging or outright fraud to pressure users into purchasing antivirus software that may not perform as claimed.
Exploit Takes advantage of a vulnerability in a program or operating system to gain access or perform actions beyond what is normally permitted.
Packed Compressed to a smaller size using a packer program known to be used by other malware.
Constructor A utility program used to construct malware.


Programs categorized as Spyware introduce a security risk that may affect the user's personal data.


Types of programs in the Spyware category include trackware and adware. These programs may offer a useful service in exchange for being allowed to gather information from or about the user.

The kind of information gathered by these programs varies, and may include items such as details of the system or installed programs; web browsing behavior and history; and most importantly, personal details. Legal implications may also arise based on where and how the program is used, and how the information is collected, transmitted and stored.

If a user is aware of and accepts the potential risk associated with a program classed as Spyware, they can configure the F-Secure security product to exclude it from being scanned.

Types of Spyware

Spyware Collects information about the user's web browsing behavior or preferred applications the data collected may be stored locally or sent out.
Trackware Allows a third party to identify the user or their device, usually with a unique identifier. The most common trackware is tracking cookies.
Adware Delivers advertising content, either in the web browser, on a PC's Desktop or within an application.


Programs categorized as Riskware are considered safe when used by an authorized person in an appropriate situation. If misused, or used by an attacker, the program may be a security risk.

Riskware programs are applications that may pose a security risk when used inappropriately, or by an attacker. For example, keyloggers are utilities that may be used by system administrators in the course of their authorized work, but may also be maliciously used to secretly monitor users.

If user is aware of and accepts the potential risk associated with a program classed as Riskware, they can configure the F-Secure security product to exclude it from being scanned.

Types of Riskware

Monitoring-Tool Monitors and records selected or all actions of a user on a device
Hack-Tool Bypasses access restrictions or security mechanisms to give users access or the ability to perform actions beyond what is normally permitted
Application Introduces a security risk if misused or maliciously used

Potentially Unwanted Application(PUA)

A Potentially Unwanted Application (PUA) is a program that has behaviors or aspects which are considered undesirable, unwanted or risky, but does not meet the stricter definition of malware.

If the user is aware of and accepts the potential risk associated with a program classed as PUA, they may elect to keep and use the application, or allow the F-Secure security product to remove it.

For more information about PUAs, see Classifying Potentially Unwanted Applications.