Small Business Security Glossary


A type of application that defends businesses from the threats spam poses, including viruses, phishing, and other attacks, and reduces unwanted network traffic that consumes bandwidth, storage, and email server processing capacity.

antivirus software

An application that scans a computer’s memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code.


An attempted system security breach that may be active (altering or destroying data) or passive (intercepting or reading data without changing it). Successful attacks range in severity from viewing of sensitive data to disabling computer systems.


The list of email addresses from which you do not want to receive messages because you believe they will be spam or unsolicited email.

cloud-based security

A security solution that is delivered and administered remotely to end users as a service over the Internet, without requiring the installation of additional software or the purchase of new hardware.


Cookies are small text files placed on a computer’s hard disk that many websites use to store information about pages visited and other settings, either temporary or persistent. For example, cookies might contain login or registration information, shopping cart information, or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the website for the user.

desktop firewall

This firewall acts as a filter between a computer and the network or Internet. It can scan all incoming and outgoing traffic sent from a computer at the packet level, and determines whether to block or allow the traffic based on both default and custom rules.

email spooling

A layer of email security that ensures email can be continually sent and received, even if a server is down.


A change made to data, code, or a file so it must be processed, or decrypted, before a system can read or access it. Viruses may use encryption to hide their viral code in an attempt to escape detection. Viruses may also encrypt or change code or data on a system as part of their payload. One of the most common forms of encryption is password protection on ZIP (.zip) files.


A computer or mobile device that is the source or recipient of information exchanged with a network. Laptops, desktops, smartphones, and tablets are examples of endpoints.


Legitimate bulk email that was once solicited by the user, but now no longer wanted (i.e., industry newsletters and notifications).

malicious code

A piece of code designed to damage a system and the data it contains, or to prevent the system from being used in its normal manner.


A malicious software program, including viruses, spyware, and Trojans.

operating system (OS)

The most important program that runs on a computer. Every general-purpose computer must have an operating system to run other programs. Operating systems perform such basic tasks as recognizing keyboard input, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices, such as disk drives and printers. Examples of operating systems include DOS, Windows, Sun/OS, UNIX, Linux, FreeBSD, and MacOS.


A method of fraudulently obtaining personal information, such as passwords, Social Security numbers, and credit card details by sending spoofed emails that look like they are sent from trusted sources, such as banks or legitimate companies. Typically, phishing emails request that recipients click on the link in the email to verify or update contact details or credit card information. Like spam, phishing emails are sent to a large number of email addresses, with the expectation that someone will act on the information in the email and disclose their personal information.

quarantine folder

Includes the location on a computer system that stores email messages or files, containing viruses or other suspicious code. The system administrator reviews the messages or files to determine how to respond.

SaaS or Security-as-a-Service

Security solutions delivered and administered remotely over an Internet connection to the end user, without requiring any additional hardware or software installation. McAfee offers a range of Security-as-a-Service (SaaS) solutions that are hosted in the cloud, enabling small businesses to easily implement and manage security, even if they do not have in-house IT staff.


An unwanted electronic message, most commonly unsolicited bulk email. Typically, spam is sent to multiple recipients who did not ask to receive it. Types include email spam, instant messaging spam, Usenet newsgroup spam, web search-engine spam, spam in blogs, and SMS spam. Spam includes legitimate advertisements, misleading advertisements, and phishing messages designed to trick recipients into giving up personal and financial information. Email messages are not considered spam if a user has signed up to receive them. See graymail

spear phishing

The act of sending an email that appears to come from a legitimate source, such as a bank, a company’s internal IT department, an internal employee, or a business partner. While phishing uses mass email, spear phishing targets a very small number of recipients. The email sender information may be spoofed so the email appears to originate from a trusted source. Messages typically request username and password details, provide a link to a website where visitors can enter personal information, or have an attachment containing a virus, Trojan, or spyware.


A type of software that transmits personal information to a third party without the user’s knowledge or consent. Spyware seeks to exploit infected computers for commercial gain. It can deliver unsolicited pop-up advertisements, steal personal information (including financial information such as credit card numbers), monitor web-browsing activity for marketing purposes, and route HTTP requests to advertising sites.

Trojan, Trojan horse

A malicious program that pretends to be a benign application. It does not replicate but causes damage or compromises the security of your computer. Typically, an individual emails a Trojan horse to you; it does not email itself. You can also download a Trojan from a website or via peer-to-peer networking. Trojans are not considered viruses because they do not replicate.


A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files, so when the infected file executes, the virus also executes. Other viruses sit in a computer’s memory and infect files as the computer opens, modifies, or creates files. Some viruses display symptoms, others damage files and computer systems, but neither is essential in the definition of a virus; a non-damaging virus is still a virus.

web filter

A type of product that examines inbound and outbound web traffic for spyware, malware, viruses, data loss, and Internet misuse. Filters can also block web access or content — usually based on origin, reputation, intent, or policy — to prevent data loss, malware, and inappropriate use. Category-based filtering lets users block groups of sites based on standardized categories, such as pornographic content, games, or shopping.

zero-day threats, zero-day vulnerabilities

Also known as zero-hour threats and vulnerabilities, they include threats that immediately exploit a newly discovered vulnerability.