A client recently asked me, “What’s the difference between ‘malware’ and a ‘virus’? Is ‘spyware’ still a thing? Are these pop-ups a virus, or something else? Was I hacked?!?” As a computer user who could easily remember the earliest days of computer viruses, his confusion was understandable, especially when the media and sometimes even industry pros have a tendency to use those terms interchangeably when they really aren’t. The complexity of today’s malware landscape is complex enough to fill multiple textbooks, but I’ll try to boil it down to the things most professionals should know.
The term “hacking” is probably the most mis-appropriated term in use today. Originally, the true purpose of hacking something was to make alterations to how a device (or system) operated in order to achieve results different from the originally intended purpose of the hacked object. This could take just about any form: the brilliant, life-saving hacks used to return the Apollo 13 crew safely to earth in 1961, all the way to subverting computer security systems to paralyze a giant corporation in 2014. The important qualifier in determining if something was “hacked” is identifying actual, human-driven intent. In most cases, malware-compromised systems are the result of an “infection” versus a purposeful hacking.
The term “malware” is a portmanteau of the two words “malicious software” which, as you might imagine, is used to describe any sort of non-native programming or code loaded into a device that subverts the device’s original purpose, with the result that its activities cause some form of harm (hence the “mal” part). Malware covers a broad range of code including the annoying pop-ups and browser redirects that take control of your internet searches to show you advertising (aka “adware”), to the incredibly disruptive (and effective) malware that encrypts your data and holds it for ransom (aka “ransomware”). “Spyware” still exists – though it has taken a dark turn from it’s original advertising roots of harvesting your demographics to now harvesting your sensitive personal information for the purposes of identity theft.
Though a computer “virus” is still considered malware, most malware found today are not considered actual viruses. In keeping with the spirit of its biological predecessor, a true computer virus distinguishes itself by insinuating itself into or altering the host’s code with the express purpose of multiplying and spreading, something that is relatively rare at the moment in most malware, even the ones that spread via email. Though they exhibit virus-like infection patterns, their methods of spreading are more akin to poisoning or parasitic infection.
How it all comes together
It’s important to note that malware is often a primary tool in any computer hacking effort. It can be used to weaken or subvert security systems, usually by installing other programs that facilitate other activities that can range from gathering passwords, data and opening security backdoors to erasing hard drives and crippling critical network infrastructure. Though they find little comfort in it, I tell my clients that most malware infections are akin to getting the flu: it’s highly unlikely someone set out to get you sick. Typically you got it from someone who didn’t even know they were contagious.
However, similar to their biological counterparts, other digital pathogens may take advantage of your computer’s compromised immune system to cause further damage. At best, these malware infections take the form of a symbiotic parasite that may surface relatively innocuous symptoms (pop-ups, Google doesn’t work, etc.), but those redirects can lead you to further infection by more harmful malware. At the extreme, they can lead to the digital equivalent of metastatic cancer, usually with fatal results. Suffice it to say, any form of malware infection should not be tolerated, regardless of the host machine’s primary purpose, and should be taken care of immediately.