An A-Z guide to the technical terms used in digital security


A general term mostly used by laypersons and the popular media to refer to an individual who gains, or attempts to gain, unauthorized access to a computer system or resource, usually for malicious or criminal purposes.


The Type designation 'Hacktool' was previously used by F-Secure to identify a utility program that can be used, or misused, to access remote computers.

With changes in the threat landscape today, programs previously identified as 'Hacktool' have been reclassified under the Riskware Category, with the Type designation 'Hack-Tool'."


A data area in a file that precedes its executable code and contains vital information about the file, such as its size, information contents and so on.

Malware may try to edit the header information, usually in order to hide changes done to the file by the malware.

Heuristic analysis

A type of analysis used by antivirus programs to examine the malicious properties of a suspicious file. Heuristic analysis is typically done when the file in question is too new or complex for traditional, signature-based analysis to work.

Heuristic analysis involves emulation, in which a suspicious file is run in a completely isolated 'sandbox' environment to check it for malicious behavior, without endangering the user's own system. If the suspect file does not do anything objectionable, it is allowed to run normally.

Malware analysts can also use heuristic detections, which identify certain types of suspicious behaviors or characteristics, to guide the heuristic analysis.


The Type designation 'Hoax' was previously used by F-Secure to identify an application that does not perform as claimed.

With changes in the threat landscape today, programs previously identified as 'Hoax' have since been reclassified under the Riskware Category, with the Type designation 'Application'.

The term 'hoax' may also be used in a non-technical manner to mean a chain letter that contains false information, with the aim of spreading alarm or disinformation.


A computer system or site set up to detect and deflect attempted intrusions into a computer or network.

A honeynet refers to multiple honeypots on a single network and is usually used in large, diverse networks which may not be sufficiently protected by a single honeypot.

Hosts file

A list of IP addresses frequently accessed by the user and stored on the system itself. The hosts file is used to match website domain names (which a user can remember easily) to its corresponding IP address, which is what the web browser uses to access the server hosting the website.

Each time a user clicks a link while browsing a website, or enters a website's address in the browser's address bar, the system will first check the hosts file to see if the requested address is already stored there. If so, the computer can communicate with the correct IP address without further ado. If the IP address is not saved in the hosts file, the system must perform an extra step and connect to the Domain Name Server (DNS) service of the Internet Service Provider (ISP) in order to locate the correct IP address.

Maintaining the hosts file therefore allows the system to reduce the amount of time and processing required to access a particular website. Some malware modify entries in the host file in order to hijack and redirect a web connection from the one desired, to a different and usually malicious site.

Hypertext Markup Language (HTML)

The most common programming language used to create webpages. Hypertext Markup Language (HTML) is often used by novice website designers to create simple websites that may feature text, images and basic animations.

Though other languages have become more popular for use in creating heavily interactive websites, HTML still remains the dominant language used by the majority of websites online today.

Hypertext Transfer Protocol (HTTP)

A protocol used to organize and easily retrieve resources on an information system. HTTP is used to access information resources known as 'hypertext documents', and it is a significant part of the underlying architecture for the modern World Wide Web.

Most users who surf the Internet first encounter HTTP through the Universal Resource Locator (URL). The URL functions as the 'address' of each specific hypertext document, which can be a webpage, image or file. These documents are saved on hosts (web servers).

Whenever a user enters a URL into their web browser's address bar, or clicks a link on one webpage to get to another, they are really using HTTP to retrieve a specific hypertext document from a specific host.

Despite the relative simplicity behind the concept of HTTP, this simple mechanism allows a user to browse through a colossal amount of information on a staggering number of hosts with ease.

Scan for free

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Go Scanner

What is malware?

A term commonly used in digital security to refer to 'malicious software'

Read More