Malware and viruses are a major threat to all computer users. Although, the terms are often used interchangeably, they’re not the same thing. I’ll do a brief overview of the difference between malware and viruses, and then explain the difference between anti-virus and anti-malware programs.
Antivirus vs. Antimalware
Malware is any software that performs unwanted tasks. By contrast, a virus is a specific type of malware which replicates and infects other computer programs. The term “antivirus” comes from a time when most malware were viruses; today, malware comes in many forms, and the term “anti-malware” speaks to this broader focus. Let’s break it down even further…
Viruses
A virus is a type of malware that, when executed, replicates by reproducing its own source code and infecting other computer programs by modifying how they work. This includes data files or default programs on your system. It can even affect the ‘boot’ sector of a hard drive. Due to the commonality of how viruses replicate, most computers run the risk of being infected by a virus.
The Mother of All Viruses
The Melissa Virus was a Microsoft Word file first found on a Usenet group masquerading as a list of logins for popular “adult” websites. When opened, the file would email itself to the top 50 email addresses in the user’s address book. The virus itself didn’t do much damage, but anyone infected by the adult spam quickly spread the infection to others. This virus— considered small by comparison— was estimated to reduce productivity by around $80 million in a single year.
Malware
Malware – short for ‘malicious software’ – is any software installed on your machine that performs unwanted tasks, often for some third party’s benefit.
The Elk Cloner is one of the oldest known examples of malware. On every 50th boot of a DOS environment, it would purge all data found in your RAM and post a cryptic message.
This malware was, at minimum, irritating and on the other end of the spectrum, potentially threatening depending on how it modified the content of your RAM. There are many different types of malware ranging from worms, trojans, crypto lockers, and more, and each performs different tasks to attack users. I’ll provide a crib sheet in a separate post of nearly 30 different types of viruses and malware.
Prevention
Now, let’s look at the difference between anti-virus and anti-malware programs.
Antivirus
Antivirus is often used interchangeably with anti-malware. However, antivirus software has historically only targeted a specific subset of malware, like older worms or trojans, in addition to viruses. In the 90’s, common internet security policies were not well known to most new users. While general malware grew in type and quantity, a narrow group of viruses flourished because of their ability to duplicate via host files and indiscriminately infect systems.
Since most people were familiar with viruses, it made more marketing sense to promote anti-virus software, but this umbrella term also covered malware. But, it led to splits in software reliability, since concentration on anti-virus software meant losing focus on other types of potential malware.
Eventually, other malware, such as ransomware and spyware, became common terms as well. Antivirus and anti-malware developers then modified their software to include detecting these new threats, so any differentiation between the two terms diminished. However, it’s still commonplace to find antivirus software focusing on older known viruses instead of some more recent vulnerabilities.
Anti-malware
Anti-malware is a type of software that’s installed to actively detect and remove malware from your system. When data or files are added, your anti-malware will scan them to determine whether or not they match identified malware.
When connected to the Internet, many of these anti-malware programs are kept up-to-date, increasing the protection against infection. Additionally, anti-malware can be scheduled manually or periodically to run scans for corruptions or infections, based on upgrades.
Detection
Most anti-malware applications perform periodic checks using a remote database of information about current types of malware. It then updates its internal database definitions. When any file is added, the anti-malware program checks files on the system to see if they match any descriptions found in the database. If so, it will either mark it as malware or delete it, based on your preferences/settings.
Heuristics
If an anti-malware program does not immediately detect malware but instead finds behavior similar to malware, it can incorporate that information into how it searches for malware in the future. This Artificial Intelligence makes adjustments based on trial and error.
Sandboxing
If anti-malware can’t decide if something is malicious, it will run a scan in an environment that is completely separated off from the host operating system. This is done so the program can’t cause any harm to the host system and the anti-malware can see the effects of the file for itself. Much of sandboxing is now automated, but this is also a way for malware IT Specialists to determine the fate of a program or file.
Most anti-malware applications will use a combination of methods to detect and deal with malware. In most cases, this is enough to keep your system clean of all known malware.
Which Anti-Malware Program Should I Choose?
The best way to determine what kind of anti-malware/antivirus program you need is to review what each program protects against. Each program has its pros and cons. My personal favorite is Malwarebytes (MBAM). It’s an anti-malware software for Microsoft Windows, macOS and Android that finds and removes malware.
MBAM is primarily a scanner that removes malicious software, including rogue security software, adware, spyware, malware, ransomware, exploit, and malicious websites. MBAM scans in batch mode, rather than scanning all files opened, reducing interference if another on-demand anti-malware software is also running on the computer
The free version can be run manually by the user when desired, whereas the paid version can perform scheduled scans, automatically scan files when opened, block IP addresses of malicious web sites, and scan only those services, programs and device drivers that are currently in use.
I hope this helps you to have a better understanding of viral attacks and prevention. Next up, look for a list of virus and malware definitions and functions. With nearly 30 on the list, you’ll be surprised to see how vulnerable your system really is. Stay tuned!