glossary of internet security terms

Spim? Spam? Spit? Stop feeling overwhelmed by internet security jargon. Use this handy glossary to figure out what’s what!

Jump to…




Adware, or advertising-supported software, displays advertisements on your computer in the form of banners and pop-up windows. These ads are a way for software companies to generate revenue. Some adware runs on your machine without your knowledge and consent, while others are intentionally downloaded. While adware is more of a pesky nuisance than a harmful threat to your cyber security, some adware might collect information about your browsing behavior and sell it to third parties.

Learn more about how adware works.

Asymmetric encryption

Asymmetric encryption, or public-key cryptography, is an encryption method that requires two keys to access a server: a public key for encryption, and a matching private key for decryption.

Learn more about how asymmetric encryption works.

Antivirus software

Anti-virus software, otherwise known as anti-malware software,  scans your computer or mobile device to detect and restrict the spread of malware on your machine. Since malware is constantly evolving, anti-virus software cannot always detect it, so your machine is always at risk of infection. Anti-virus software is also deployed at an administrative level; many email servers use it to scan emails.

Learn more about how anti-virus software works.

Back to Menu



A backup is an extra copy of the files on your computer or mobile device. It is typically stored in a separate location from the original files, such as on another drive or in the cloud. If anything happens to your files — if they go missing or get destroyed — then you will be very thankful you have a backup!

Learn more about how backup works.


A backdoor opens a “backdoor” to your computer or mobile device through which hackers and other malicious individuals can connect to your machine and infect it with malware and spam.

Learn more about how backdoors work.

Blended threat

A blended threat is a combination of two or more “traditional” malware rolled into one truly pesky package. An example might be a combo of a Trojan horse, a keylogger, and a worm. Fighting off a blended threat requires a blend of security tools and protection layers.

Learn more about how a blended threat works.


A blog, short for “web log”, is a website where users publish content (known as posts) on a regular basis. Blog posts are typically displayed in reverse-chronological order, meaning that the newest content appears first. Check out the ExpressVPN blog here.

Learn more about how a blog works.

Bluetooth or IEEE 802.15.1

Bluetooth is a wireless technology standard for data exchange over short distances. Bluetooth enables short-range wireless communication between keyboards, mice, telephones, headsets, tablets, and other devices.

Learn more about how Bluetooth works.

Bot or web bot

A bot (from the word “robot”) is a software program that performs automated tasks on the internet. While bots have certain legitimate uses, like crawling and indexing the Web to make search engines more efficient, they can also be used for malicious purposes. Evil bots can take over computers, deploy malware attacks, and compromise user data.

Learn more about how bots work.

Botnet or zombie armies

A botnet (also known as zombie army) is a cluster of computers whose systems have been seized and compromised by an individual with malicious intent. The individual uses these  machines to carry out acts of cyber malice, like sending spam and launching denial-of-service attacks.

Learn more about how botnets work.

Browser hijacker

A browser hijacker changes your browser’s settings without your permission by replacing your homepage, search page, and error page with pages of their own. A browser hijacker redirects your internet activity in order to collect advertising revenue from you, as well as your personal and browsing data.

Learn more about how a browser hijacker works.

Back to Menu


Certificate authority

A certificate authority is a trusted third-party entity that issues digital certificates. A digital certificate verifies that a public key belongs to the individual whose digital signature is on that certificate.

Learn more about how a certificate authority works.

Chat room

A chat room is an area on the internet where individuals can communicate with one another in real time. Chat rooms are separated by topic. Many chat rooms are monitored by moderators, who ensure that users behave according to that chat room’s code of conduct. Since chat rooms allow users to participate anonymously, they can be frequented by predators, who disguise themselves to prey on vulnerable children and teenagers.

Learn more about how chat rooms work.


A cookie is a little piece of data stored in your web browser. When you visit a website, it sends a cookie to your computer to remember your surfing behavior, like what buttons you click and what items you add to your shopping cart, as well as your log-in information. Cookies are not software and cannot destroy your computer or mobile device, but they can track your browsing activity.

Learn more about how cookies work.

Back to Menu


Defragment or defragging

Defragging, or the defragment of your computer, is the process  whereby information and files stored on your hard drive are reorganized into a more logical order. The actual defragment process can slow your computer down, but once it’s complete, your hard drive should be considerably quicker.

Learn more about how defragging works.


DHCP stands for Dynamic Host Configuration Protocol. It is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers configured for a given network. DHCP assigns an IP address when a system with the DHCP client is started.

Learn more about how DHCP works.

Digital certificate

A digital certificate or identity key is normally issued by a web certificate authority and contains the sender’s public key verifying that the certificate is authentic and that the website in question is legitimate.

Learn more about how a digital certificate works.

Digital signature

A digital signature is normally used in public key cryptography and validates the legitimacy of encrypted data. A digital signature is required to authenticate both the sender of the digital certificate and the authenticity of the certificate.

Learn more about how a digital signature works.

Domain spoofing or Domain hijacking

When a domain is hijacked or spoofed, it redirects users to an external website which can infect their computer or device with malicious programs.

Learn more about how domain spoofing works.

Drive-by Download

A drive-by download is a download that a person either unwittingly downloads or downloads without understanding the consequences of downloading the file from a website, email, or pop-up window.

Learn more about how a drive-by download works.


DNS stands for Domain Name System. It syncs up web domain names (e.g. with IP addresses (e.g., enabling users to use domain names to access IP addresses without needing to remember the IP addresses.

Learn more about how DNS works.


DoS stands for Denial of Service. It’s a type of attack in which a website or network is overwhelmed with automated server requests, causing a shutdown of service to legitimate visitors.

Learn more about how DoS works.

Back to Menu



Encryption is the process by which data is converted into another form which is unreadable without a separate key to decrypt it. See also public key, private key.

Learn more about how encryption works.


An exploit refers to code that takes advantage of a known software vulnerability to gain unauthorized access to a system.

Learn more about how an exploit works.

Back to Menu


File compression or data compression

To compress a file means to make it smaller by converting its data into a different format. Usually, it is put into an archive format such as .zip, .tar, or .jar. See also image compression.

Learn more about how file compression works.


A firewall is a security system that regulates traffic into and out of a network. It can be used to block unauthorized entry from outsiders or to block insiders from accessing unauthorized content.

Learn more about how a firewall works.


FTP stands for File Transfer Protocol, a set of rules for transferring files on the internet. Some web browsers have a built-in FTP client, but there are also separate apps dedicated to FTP.

Learn more about how FTP works.

Back to Menu



GIF stands for Graphics Interchange Format, a bitmap image format. Limited to 256 colors, they are inconvenient for high-quality photos, but due to their support for animation GIFs have become a popular format for short, silent, looping videos on the internet.

Learn more about how a GIF works.

Back to Menu



The term hacker is commonly used pejoratively to describe a malicious person who gains unauthorized access to computer systems with criminal intent, but is also used positively by the coding community as a term of respect for any highly skilled programmer.

Learn more about hackers.


HTML stands for HyperText Markup Language, the standard language for web pages on the internet. HTML is not a programming language like C++ or Python, but a markup language, meaning it defines the way text and other media is read by a web browser, i.e. which text is bold, which text is a heading, which text or which image is a hyperlink, and much more.

Learn more about how HTML works.

HTML tags

Tags are the elements of code that mark up text in an HTML file to be interpreted by the web browser into a web page. Examples include <p> for paragraphs, <h1> for headings, and <img> for images.

Learn more about how HTML tags work.


HTTP stands for HyperText Transfer Protocol, the set of rules that determine how web browsers and servers communicate with each other on the internet.

Learn more about how HTTP works.


HTTPS is the secure version of HTTP. If a URL contains “https” instead of “http”, it means that website uses encryption and/or authentication methods to secure its connection.

Learn more about how HTTPs works.


A hyperlink (or just link) is a piece of text or image on a website that connects (or links) you to another page or file on the internet. Hyperlinks are conventionally distinguished from their context with an underline and/or a different color.

Learn more about how a hyperlink works.

Back to Menu



IM stands for Instant Message, a message sent over the internet via any number of real-time chat applications.

Learn more about how IMs work.

Image compression

Image compression is the process of converting a raw image file (usually a photo) to a smaller format. JPEG and GIF are two such formats. See also file compression.

Learn more about how image compression works.


The internet is the global, publicly available network of smaller networks and computers within it. Not to be confused with the World Wide Web, which refers to the information space of pages and other content transferred over that network.

Learn more about how the internet works.

IP address

An IP (or Internet Protocol) address is the numerical identifier for a computer on the internet. IP addresses are generally written as a string of digits punctuated by dots or colons as in (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6). IP addresses are often linked to geographic areas, allowing a website to identify the country and/or city from which a user is accessing the site.

Learn more about how an IP address works.

Back to Menu



JPEG, which stands for Joint Photographic Experts Group, is an image file format popular on the internet for its ability to retain photo quality under compression. JPEGs are indicated by the file extensions .jpeg or .jpg.

Learn more about how a JPEG works.

Back to Menu



A keylogger is a piece of software that records a user’s keystrokes on a keyboard. Sometimes this is used for technical support, but other times it is used maliciously, without the knowledge of the user, to collect passwords and other personal data.

Learn more about how a keylogger works.

Back to Menu



MP3, or Mpeg audio layer 3, is a popular compressed file format for audio recordings. MP3s are indicated by the file extension .mp3.

Learn more about how MP3s work.


Malware is malicious software, often installed and run without a user’s knowledge. Examples include keyloggers, viruses, exploits, adware, and spyware.

Learn more about how malware works.

Mutual authentication

Also called two-way authentication, mutual authentication is when both sides of a transaction authenticate each other simultaneously. Online, this is often used to prevent fraud by requiring both the user’s web browser and a web site’s server to prove their identities to each other.

Learn more about how mutual authentication works.

Back to Menu



In the context of computing, a network is a group of devices that communicate with each other, whether by physical cables or wirelessly. Networks range in scale from the connection between your computer and a wireless router, to the internet itself.

Learn more about how networks work.

Back to Menu



A patch is a software update targeted to fix one or more vulnerabilities. Good software developers are constantly testing their code and issuing new patches to users. See also vulnerability.

Learn more about how a patch works.


Phishing is the attempt to acquire personal information (such as a password or credit card number), generally for malicious purposes, by assuming the identity of a trusted authority. One common form of phishing is an email pretending to be from a user’s bank, asking the user to enter his/her online banking login information on another site.

Learn more about how phishing works.


Pharming is the (generally malicious) attempt to redirect a user to an imposter website, either by altering a file on the user’s computer or by attacking the DNS server which converts URLs into IP addresses.

Learn more about how pharming works.


A podcast is a regularly updated series of audio files from a content provider, the modern analogue of a radio program. The term was coined as a portmanteau of “iPod” and “broadcast”, though today podcasts are commonly downloaded or streamed onto any number of smartphones and other mobile devices.

Learn more about how podcasts work.

Private key

A private key is the tool used to decrypt messages in an asymmetric encryption scheme. As its name suggests, this key is not made public, unlike the public key used to encrypt the message. See also asymmetric encryption and public key.

Learn more about how private keys work.


VPN Protocols are the methods by which your device connects to a VPN server. Some common protocols are UDP, TCP, SSTP, L2TP, and PPTP. Find out about the different protocols here.

Learn more about how protocols work.


A proxy is an intermediary server that allows the user to make indirect network connections to other network services.

Learn more about how proxies work.

Public key

A public key is the key used to encrypt a message in asymmetric encryption. Unlike the private key, the public key can safely be shared with anyone without compromising the security of the message.

Learn more about how public keys work.

Back to Menu


Rogue security software

Rogue security software is malware that poses as anti-malware software, often in an attempt to install additional malware or solicit money for its false services.

Learn more about how rogue security software works.


Ransomware describes malware that prevents a user from accessing normal functions of a system unless a ransom is paid to its creator.

Learn more about how ransomware works.


Data recovery is the process of using backups, e.g., from a hard drive or online storage, to restore lost data.

Learn more about how data recovery works.


A router is a piece of hardware that directs traffic between networks, most commonly between a computer and the rest of the internet. Practically, the word “router” is often used as shorthand for “wireless router”, a type of router that also functions as a wireless access point.

Learn more about how routers work.


RSS stands for Really Simple Syndication, and is a popular method for publishing regularly updated content on the internet. Instead of repeatedly checking a website for new content, a user can subscribe to an RSS feed using a feed reader or aggregator to receive automatic updates from that and other sites.

Learn more about how RSS works.


A rootkit is a type of stealth malware designed to hide its own existence from detection. Because of this, rootkits are often extremely difficult to remove, and often necessitate completely wiping the hard drive and reinstalling the operating system.

Learn more about how a rootkit works.

Back to Menu


Symmetric encryption

As opposed to asymmetric encryption, symmetric encryption requires the same key to encrypt and decrypt a message. Therefore both keys must be private in order to keep the message secure, unlike asymmetric encryption in which the key for encryption can be public.

Learn more about how symmetric encryption works.


SMTP stands for Simple Mail Transfer Protocol, a standard set of rules for sending email through the internet. At the user level, it is generally used only as a sending protocol. For receiving, applications generally prefer other protocols like POP3 or IMAP.

Learn more about how SMTP works.

Social engineering

Social engineering is the umbrella term covering scams like phishing, pharming, spam, and scams. Unlike other forms of malicious hacking that exploit a user’s software, social engineering exploits our natural tendency to trust each other.

Learn more about how social engineering works.


Spam is unwanted email, also known as junk mail. Modern email clients like Gmail automatically detect messages likely to be spam and sort it into a separate folder.

Learn more about how spam works.


SPIM is spam in instant message (IM) form. See also spam.

Learn more about how SPIM works.


SPIT is spam over VoIP, e.g. Skype or Viber. See also spam.

Learn more about how SPIT works.

Split Tunneling

Split Tunneling is the process of allowing a VPN user to access a public network while also allowing the user to access resources on the VPN.

Learn more about how split tunneling works.


Spyware is malware that logs data from a user’s computer and secretly sends it to someone else. This data can be anything from a user’s browsing history to login names and passwords.

Learn more about how spyware works.

Spear Phishing

Spear phishing refers to phishing targeted at a specific user or organization. Because of this targeting, spear phishing more likely to appear authentic to its victims, and is generally more effective at deceiving them. See also phishing.

Learn more about how spear phishing works.


SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that all data passed between the web server and browser remains private and secure.

Learn more about how SSL works.

Back to Menu


Trojan horse

A Trojan horse, or simply Trojan, is malware masquerading as legitimate software, named after the famous Trojan horse in which ancient Greek soldiers smuggled themselves into Troy. Trojans often act as a backdoor to give an attacker remote access to a user’s computer. See also backdoor.

Learn more about how a trojan horse works.

Back to Menu



URL stands for Uniform Resource Locator. A URL is a web address, like When a user types a URL into a web browser, the URL is then translated into an IP address by a DNS server. See also DNS.

Learn more about how a URL works.

URL spoofing

URL spoofing is the attempt to mislead a user to a different (often malicious) website by imitating or “spoofing” a legitimate URL.

Learn more about how URL spoofing works.

Back to Menu



A computer virus is malware that replicates itself and infects computer data, files, programs, and systems, similar to its namesake that infects human bodies. See also malware.

Learn more about how a virus works.


VPN stands for Virtual Private Network. It is an encrypted tunnel between two devices which allows you to access every website and online service privately and securely.

Learn more about how a VPN works.


In the context of computing, a vulnerability refers to a known weakness in a piece of software that could potentially be exploited by an attacker. Software developers generally test for vulnerabilities and release patches to fix them. See also exploit and patch.

Learn more about how vulnerabilities work.


VoIP stands for Voice over IP (Internet Protocol). VoIP is the internet equivalent of a telephone service, most commonly implemented by Skype and Google Hangouts.

Learn more about how VoIP works.

VPN Client

ExpressVPN is a premier VPN client that offers best in class security with easy-to-use software.

Learn more about how VPN clients work.

Back to Menu


Web page

A web page is a file on a server that can be accessed by someone via the internet. Generally, this file is written in HTML and includes text, images or other media, and links to other web pages.

Learn more about how web pages work.

Web server

A web server is a computer that stores, processes, and delivers web pages to clients who request them. This is usually done through a web browser which then displays the page to the user.

Learn more about how web servers work.


WEP stands for Wired Equivalent Privacy, and is a security protocol for wireless networks. Due to known security flaws, WEP has since been superseded by WPA and WPA2. See also WPA.

Learn more about how WEP works.


Wi-Fi (a play on “Hi-Fi”) is a local area wireless technology that lets devices network with each other over radio frequencies.

Learn more about how Wi-Fi works.

Wi-Fi hotspot

A Wi-Fi hotspot is a physical location where you can connect your Wi-Fi-enabled device to the internet over a public wireless network. Be careful, though! While many Wi-Fi hotspots use WEP or WPA security protocols to encrypt your connection, others have no such security features, leaving you and your data vulnerable to malicious third parties.

Learn more about how Wi-Fi hotspots work.


Like a virus, a worm is self-replicating malware. Unlike a virus, a worm is a standalone program and does not need to be part of another program to function. See also virus.

Learn more about how worms work.


WPA stands for Wi-Fi Protected Access. WPA is a wireless security protocol designed to replace WEP with better encryption and authentication. In turn, WPA2 is a replacement for WPA. See also WEP.

Learn more about how WPA works.

Back to Menu



XML stands for Extensible Markup Language and like HTML, is used to format and present information on web pages. However, unlike HTML it does not have a fixed set of formatted tags but instead acts as a meta-language. This flexibility allows webmasters to be able to construct their own markups.

Learn more about how XML works.

Back to Menu

Read more online privacy guides from ExpressVPN here

Featured image: / Dollar Photo Club

2 thoughts on “The jargon-busting internet security technical glossary

  1. I receive what appear to be radio broadcasts on my PC. I never intentionally installed any software to convert my PC into a radio. The broadcasts are completely unpredictable when they will be received, however the content of the broadcasts seem to be a set of commercials. Do you know what the security fix for this situation is.

    Thank you for any suggestions

    1. Hi! What a curious problem indeed! It’s unlikely that your computer has a radio transmitter built in, and you would not be able to add one purely through software. Maybe your browser is playing some advertisements in websites that you are visiting? Installing an adblocker is not a bad idea, such as uBlock Origin. You can find the link for Chrome here, and for Firefox here.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>