Security terms

This section describes usage for specific security terms. For definitions of security terms, see the Microsoft Malware Protection Glossary.

Term	Usage
antimalware	Use only as an adjective to describe a category of software used to detect and respond to malicious software, such as viruses, worms, trojans, and sometimes spyware and adware.
antiphishing	Use only as an adjective to describe practices or a category of software used to detect and respond to phishing scams, which are attempts to trick individuals into revealing sensitive information, such as passwords or credit card numbers.
antispyware	Use only as an adjective to describe software that detects and sometimes removes spyware.
antivirus	Use only as an adjective to describe software that detects and responds to malware. Use antivirus instead of antimalware to differentiate between antispyware and other antimalware programs. Example Microsoft Security Essentials has both antivirus and antispyware capabilities.
black hat hacker	Consider alternatives where possible. Examples computer criminal unauthorized user malicious hacker
bullet-proof	Don’t use.
deceptive software	Don’t use. Use unwanted software instead.
hacker, hack	Use malicious hacker to refer to an unauthorized user who accesses a system with the intent to cause harm. If the unauthorized user’s intent isn’t known or isn’t malicious, use unauthorized user. Don't use hacker in content for a general audience. In general use, the term often has negative connotations. It’s OK to use hack and hacker in content for developers or in contexts where positive outcomes are involved, such as hackathons. Don’t use hacker to mean an amateur programmer. Don’t use hack to mean improvising a solution to a programming problem unless the positive context is well understood.
insecure	Don’t use to mean not secure.
lock	Don’t use to mean protect.
malicious code	Don’t use. Use malware or malicious software instead.
malicious user	Don’t use. Use malicious hacker instead.
malware, malicious software	Use malware instead of malicious software to describe unwanted software installed without adequate user consent. Viruses, worms, and trojans are malware. If your audience might not be familiar with the term malware, define it as malicious software on the first mention. Example The security filter helps prevent malware (malicious software) from damaging your computer.
spyware	Before using the term spyware to describe specific software, be certain the software has been identified as spyware.
trojan horse, trojan	In content for a technical audience, it’s OK to shorten to trojan.
unwanted software	Use as a general term for spyware, adware, and similar software.
vulnerability	Don’t use to describe intentional software behavior. For example, don’t describe trusting a domain administrator to control any other domain within a forest as a vulnerability. On the first mention, use a modifier to identify the type of vulnerability: Product vulnerability is a set of conditions that violates an implied or explicit security policy. A product vulnerability is usually addressed by a Microsoft security bulletin or service pack. Administrative vulnerability is the failure to observe administrative best practices. For example, using a weak password or logging on to an account that has more user rights than needed to perform a specific task. Physical vulnerability is the failure to provide physical security for a computer. For example, leaving an unlocked computer running and unattended in a public area. After the first mention, it’s OK to use the modifier only occasionally. For other security issues, use the most specific term that describes the issue. Define the term if the audience might be unfamiliar with it. If no specific term exists, use security issue.
white hat hacker	Consider alternatives where possible. Example computer security expert