An A-Z guide to the technical terms used in digital security

Data Miner

The Type designation 'Data Miner' was previously used by F-Secure to identify a program that collects information on the user's browsing behavior, usually without a user's knowledge or authorization.

With changes in the threat landscape today, programs previously identified as 'Data Miner' have been reclassified under the Spyware Category, with the Type designation 'Trackware'.

Denial of Service (DoS)

A type of attack that aims to deny legitimate users access to a service (for example, a website or a network) by overloading a relevant computer resource or network device.

The most common type of Denial of Service (DoS) attack takes the form of a massive amount of requests being sent from a host machine to the target, for example, a government website server.

When a target under attack reaches its maximum capacity of handling such requests, it is unable to complete answering all the requests it receives, and any new requests from legitimate users cannot be processed until all the pending requests are resolved - hence, denial of service.

DoS attacks can be carried out by malware, which force the infected machine to carry out the attack as part of the malware's payload. An 'upgraded' version of this is a DoS attack carried out by a botnet, in which multiple malware-infected computers are ordered to flood a target by the controlling attacker.

For more information, see the article Denial of Service (DoS).


A unique string or algorithm used by antivirus programs to identify a virus, worm or other malicious program. A detection may also be known as a signature or definition.

Detections are important because they are integral to how an antivirus program functions. To create a detection, an analyst must first examine a sample of a malware and identify its unique characteristics. The analyst can then use these characteristics to create an algorithm or signature to identify that specific malware and no other.The signature is then saved into a database that is sent out to all supported antivirus products.

Whenever a user runs an antivirus program and scans their computer system for malware, what the program is really doing is comparing all the files against those in its database; if any of the files match a signature in the database, the file is flagged as infected.

This type of scanning is known as signature-based analysis and depends on having the most up-to-date databases in order to provide protection against the latest threats. An alternative or complementary type of analysis is heuristic analysis.

For more information, see the article Detections.


Disinfection or removal is the process of removing malicious files or components from a computer system, including all relevant or harmful registry keys, mutexes, and other changes made by the malware.


The public notification of a previously unknown vulnerability in a software program. Such disclosures may come from the program vendors, computer security companies and not in frequently, independent security researchers.

Due to the potential threat posed by a new, unpatched vulnerability, especially is in a popular or business-critical program, disclosures can have a significant impact on computer security. If harmful information is disclosed to the general public without providing the program vendors sufficient time to create a security patch to close the vulnerability, the information provided may provide malicious attackers time and opportunity (also known as a 'zero-day' period) to exploit the program.

Many security researchers provide a limited disclosure to the affected vendors for a certain period, before taking their information public. On a related note, F-Secure provides a channel for security researchers to report a potential vulnerability in F-Secure products. For more information, see the Security Advisories.


The Type designation 'Dialer' was previously used by F-Secure to identify a program that connects the computer to the Internet via a telephone line and modem.

In the days before widespread broadband Internet connections, dialers were often the only way the average user could access the Internet. Malicious dialers secretly connect the computer to premium-rate lines, greatly increasing the usage charges payable by the user.

With changes in the threat landscape today, programs previously identified as 'Dialer' programs are now classified under the Riskware Category, with the Type designation 'Application'.

Distributed Denial of Service (DDoS)

A type of attack conducted over the Internet, using the combined resources of many computers to bombard, and frequently crash, a targeted computer system or resource (e.g., a program, website or network). There are various types of Distributed Denial of Service (DDoS) attacks, which vary based on how the attack is conducted.

DDoS attacks are sometimes included as part of a worm or trojan's payload - all infected computers are directed to attack the selected target. DDoS attacks are also often performed by botnets, as the combined resources of all the computers in the botnet can generate a terrific amount of data, enough to overwhelm most target's defenses within seconds.

DDoS attacks have become one of the more dangerous menaces of the modern Internet.

Domain Name System (DNS) server

A Domain Name System (DNS) server is responsible for 'translating' the human-friendly domain names (e.g., 'www.f-secure.com') into IP addresses, the machine-friendly 32-bit long numbers that identify computers and private networks on the Internet.

The DNS servers are the workhorses of the Internet's Domain Name System (DNS), a distributed, hierarchical naming system that essentially 'maps' all the computers and other resources on the Internet.

A single DNS server will usually store the IP addresses and related domain name information for a particular 'section' of the Internet; it will then function as the 'guideposts' that provide enquiring computers with correct directions for resources in 'their area'.


A domain name (eg, www.f-secure.com) is a human-friendly text string given to identify a specific resource on the Internet – in most cases, a website.

Each domain name maps to a specific IP address. Domain names are used because IP addresses, which are what the computers use to identify the same resources, aren't easy for humans to remember.

Domain names are a part of the hierarchical Domain Name System (DNS) used to organize all resources on the Internet.


The acronym formed from the words Disk Operating System refers to an early operating system (OS) created by Microsoft for IBM and IBM-compatible computers; the OS was also used for Windows3.1, 95, 95 and ME.

More current Windows versions, such as NT, 2000, XP,and Vista, also include a version of DOS known as 'DOS emulation', which allows users to run old DOS applications.

Drive-by Download

The automatic download of a program from a visited website onto a user's computer, almost always without their knowledge or authorization.

Drive-by downloads are often used in conjunction with Search Engine Optimization (SEO) attacks, in which search engine results are poisoned in order to redirect users to a malicious site where the drive-by attack can take place.

The term 'drive-by download' is most frequently used to describe the situation of a website forcibly and silently downloading malware on to a visitor's system, but clicking on pop-up ads or viewing an email message may also result in the user being subjected to this attack.

Scan for free

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Go Scanner

What is malware?

A term commonly used in digital security to refer to 'malicious software'

Read More