Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What’s the Difference Between a “Trojan Horse”, a “Worm”, and a “Virus”?

There’s no shortage of confusing terminology in the computer biz. With the advent of malicious software, more terminology has been created that only make things less clear.

The good news is that it’s not really that difficult; in fact, you needn’t understand most of the details (besides, not everyone agrees on the exact meaning of each definition).

Let’s run down a few terms.

Become a Patron of Ask Leo! and go ad-free!


The most important term to know is malware, which is short for malicious software.

The name says it all: malware is any software that has malicious intent — destroy data, send spam, hold your data for ransom, steal your information — it doesn’t matter. It’s all malicious, it’s all software; thus, it’s all malware.

You’ll find malware used as a catch-all term for all flavors and varieties of software that intend some kind of harm.


In the human body, a virus is an organism that replicates, or makes copies of, itself and overwhelms the body’s defenses, making it sick.

When applied to computers, the term “virus” is very similar.

  • A computer virus replicates itself in some way so as to spread within the computer, usually injecting itself into other programs within the computer.
  • A computer virus makes the infected computer “sick”. In the computer sense, “sick” can mean poor performance, crashes, lost files and data, or more.

Very technically, the term virus does not necessarily imply that a piece of malicious software will replicate itself to other systems. In general use, it’s assumed.


Spyware is a type of malicious software intended not to do damage, but to collect information, or “spy”, on you. Spyware might monitor and report back on your browsing habits and the programs you run, or access and send other information stored on your machine. One canonical form of spyware is the keystroke logger, which, as its name implies, records your keystrokes (and often more) and uploads this information to a third party.


A worm is a program that replicates itself to other computers. It does so by infecting media, such as USB drives, that make contact with multiple systems, transmitting itself over a network somehow, or otherwise copying itself from one computer to another.

Very technically, again, the term worm does not necessarily imply malicious intent or behavior, other than the replication. In practice, malicious intent is generally assumed.

Trojan Horse

A Trojan horse — often just a “trojan” — is a program that claims to be one thing but is, in fact, another. It uses that deception to gain access to a system that would not be given, were the true intent known.

A trojan horse is not a virus per se, but it may carry them. For example, there are trojans that claim to be patches for various problems, but instead (or in addition) install malware. Software obtained from many download sites is often a type of trojan, using the promise of the software that is desired to install additional malicious software that is not.


I think of phishing as a kind of email-based trojan horse. It’s email that looks like it comes from some official site, such as your bank, PayPal, or eBay, but actually comes from someone pretending to be them. They typically use some technique to fool you into thinking they are an official site of some sort, so you hand over sensitive information, like your username and password. Once you do so, they steal your other information, often leading to hacked accounts, identity theft, or worse.

Regardless of the terms used, protect yourself

The terms are important, but they’re less important than being aware that malicious software — malware — exists, and taking the steps you need to take to keep yourself safe.

We shouldn’t have to, of course. Hackers shouldn’t exist, and operating systems and other software should be designed to perfectly protect us. The pragmatic reality, however, is that it remains our responsibility to keep our guard up.

What does that mean? As outlined in what I consider my most important article — Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet — it all boils down to using common sense, keeping your software as up-to-date as possible, and running up-to-date anti-malware tools regularly.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


13 comments on “What’s the Difference Between a “Trojan Horse”, a “Worm”, and a “Virus”?”

  1. Maybe it is possible to be a little clearer on the definitions.

    1. Virus: the key feature of the computer coded virus is that, like the organically-coded virus, it can replicate itself from within an infected system, and spread itself to another recipient. The mechanism of spread, be it Internet via a webpage or email, or via a floppy disc or CD, is immaterial. A virus may carry a “payload” of code which it deposits on the infected host – the payload os often a worm or trojan.

    2. Trojan: with its name originating from the similarity to the Trojan Horse of Greek mythology, the Trojan is computer code which you inadvertantly allow to enter your computer, past your usual defences. Like the original Trojan Horse, once entry has been granted, any kind of harm may be done to the host, but perhaps the most common purpose of many trojans is to listen for and respond to messages sent from remote hosts, opening access to your PC from the Internet at large, causing a major potential hazard to the integrity ans security of your system.

    3. Worm: a computer worm is code that navigates (snakes ?) within an infected network and often damages the system by changing configurations, or by altering or removing files. Worms do not usually self-replicate, but need to be carried to a new network in order to infect it.

    4. Phishing: this is the only verb in the list of terms. It is a technique used to dupe computer users into revealing critical financial of security information about themselves, commonly by imitating a legitimate finalcial or other service provider.

    Kenneth Spencer

  2. Hi I’ve been reading about anti-Trojan programs and would like to know:
    – are trojan horse programs sufficiently different from viruses and worms that they need a specialised anti-trojan program (for example TDS-3)to detect and remove them – or will an anti-virus program do a thorough job of detection and removal?
    – if there is a material differenc, what aspect of Trojans makes them so difficult to detect?


  3. The good news is that anti-virus programs, or anti-virus programs coupled with anti-spyware programs, try to cover all of these threats. The bad news is that they can all be difficult to detect.

  4. hey i found ur article very usefull. But what i m actually looking for is what is the difference between the cell phone viruses n computer viruses. I m doing a seminar on cell-phone viruses so would be very thankfull to you if u would provide me with some usefull information.

    Thanks You,

  5. In concept they’re the same thing, just written for different propagation techniques, and different operating systems, making use of different vulnerabilities.

  6. I keep getting the low in Recovery (D) disc space. When I click on it, I get a box with a picture of Recovery D disc, plus a Recycle Bin. The message is that just clearing the Bin does not help unless I permanently clear. I have done that so many times, but nothing changes. Help!

  7. It seems like the term malware is what people should use instead of viruses when describing, uh well, malware. It seems most people still call everything a virus, or even worse, a bug.

    It’s kind of like when you go to the doctor, you don’t usually know if you have a bacterial or virus infection or even worms. You just tell them the symptoms. Similarly, the technicalities, in this case, are more for the antimalware programs to handle. If fact most technicians wouldn’t be able to tell the difference simply by looking at the malware’s behavior, and it’s not that important. Just run a few AV scans with an AV program and Malwarebytes 2 free scanners: Antimalware and AdwCleaner.

    The AV program makers propagate this misnomer by still calling themselves antivirus programs.

  8. I receive “phishing” messages most days and in every instance the e-mail asks me to click on a link to rectify the “problem”.
    My strategy is to hover the cursor over the link and look at the URL behind it. Almost without exception it gives the game away and clearly points to some spurious website where the originator hopes I will input valuable personal information. If the message is genuine and originates for example, from my bank, the URL under the link will begin with the name of my bank. Anything else tells me it’s a scam.

  9. Malware has been hyped up so much that novice users are of the mistaken belief that having anti malware/virus software will protect them as so don’t do backups only inevitably lose ther important information.

    Malware may occur, data loss WIll eventually happen.

  10. I do computer repair as a sideline and my expertise is not as good as a well practiced professional. I have customers that, through various means (malware, hard drive crashes, etc.) have lost everything. Some have backups for pictures and/or documents but not programs. What do you recommend as the easiest, least expensive way for my customers to backup programs without it being too technical for them?


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.