What is the difference between a Virus and Spyware?


Is the distinction largely semantic? (I.e., Spyware collects information and incidentally slow your computer down, Viruses are designed to malicious?

Clay Nichols

Posted 2011-06-07T18:34:30.237

Reputation: 4 494



The difference is in how the code affects you.

The generic term for malicious software is malware. As viruses came about first, many people will use the word "virus" as the generic term. Thus you have to take a look at how the malware operates, hides, and spreads to put a more accurate term to it. Additionally, it's not always clear which category a piece of malware falls into. This is more than most people care to think about, and it's not very practical as anti-virus software cleans them off without making a large deal about the differences. The most practical use of the distinction is to know what your anti-virus and/or anti-spyware software protects you against.

Some specific types of malware:

  1. Virus - attaches to files; multiplies on your computer and eats up resources
  2. Rootkit - hides on your computer and may require special anti-rootkit software
  3. Spyware - logs computer events
  4. Trojan - masquerades as something else to get you to install it, may allow someone else to control your computer
  5. Worms - spreads over networks, may damage your computer by doing things like deleting files
  6. Adware - more annoying than malicious, it serves ads

Chris Ting

Posted 2011-06-07T18:34:30.237

Reputation: 1 529


Both fall under the more general term malware, meaning bad. There is also a third term, adware, which is often thrown in with spyware.

Spyware is designed to do just that: Record what you do on your computer, but also to track your Internet browsing habits, since that can be valuable. This is why it is often lumped in with adware.

Adware is just that: Serves up ads, usually by multiple browser pop-ups, and re-direction.

Viruses generally do more damage, and have some specific goal in mind, like turning your computer into a spam-bot, or make it part of a bot-net. It often tries to replicate itself through various means to other computers. To expound on what someone else said, rootkits, trojans, and worms are specific types of viruses. Rootkits are named for where they hide, trojans for how they are delivered (think trojan horse), and worms also how they are delivered (they worm their way, often automatically, in through vulnerabilities in your system, so keep it patched.


Posted 2011-06-07T18:34:30.237

Reputation: 24 985

1What makes a true virus a virus is that it infects (attaches itself to) existing executables. How much damage it does or what goals it has has nothing to do with it. What you described in your last paragraph was just mixed-threat malware, not true viruses. – Spiff – 2011-06-08T08:17:25.760

Spiff, I don't know where you got that definition, but I disagree, and could not find anything that backs up your position. I know that many people dismiss Wikipedia, but from that: "A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer." It does not have to attach itself. http://en.wikipedia.org/wiki/Computer_virus

– KCotreau – 2011-06-08T12:50:33.150


Some laymen use the term "virus" as a generic term for any form of malware.

Malware experts generally reserve the term "virus" for one of the earliest known forms of malware, which was malicious software that would attach itself to existing executable files, and thus would get executed (and have a chance to find and infect more executables) when the user attempted to execute the "infected" binaries. This is an analogy to how a physical virus infects a cell and causes the cell to start producing more viruses.

Back before it was common to connect PCs to LANs, WANs, and the Internet, the main way for malicious code to spread from computer to computer was to act as a virus, infecting and thus piggybacking on other software that was being exchanged/traded/pirated on floppy disks or via dial-up bulletin board systems (BBSes).

Now, with the Internet, it's a lot easier for malware to spread by being a worm instead of a virus. A worm is a piece of malware that spreads by attacking hosts across the network. A pure worm exists as its own executable file or executing process. In that way, worms infect systems without infecting individual executables, just like physical parasitical worms infect animals without infecting individual cells.

Nowadays, most malware is what researchers call "mixed threat". They uses multiple mechanisms to spread, including virus-, worm-, and trojan-like strategies.


Posted 2011-06-07T18:34:30.237

Reputation: 84 656


There is a whole collection of terms for malware. Virus, trojans, worms, spyware, rootkits, etc. Each have specific meaning, but much of today's malware uses a combination of methods to infect, replicate and hide. Given that it is hard to answer you question specifically.

Spyware was originally meant mean software that tracked your movement and popped up ads specific to a site while viruses were s/w meant replicate themselves and maybe damage a host machine - but not always the latter.


Posted 2011-06-07T18:34:30.237

Reputation: 8 755


A virus (typically) causes harm and usually doesn't "hide" very well. Spyware monitors your activity and reports back to some server it avoids being detected. Not that a virus doesn't avoid detection, but by its nature (delete all *.jpg files for example) makes itself known.


Posted 2011-06-07T18:34:30.237

Reputation: 729