Malware and viruses are a major threat to all computer users, especially on the Internet. The two terms are used interchangeably on a day-to-day basis, but are they the same thing? In this article, we will do a brief overview of the difference between malware and viruses, and then explain the difference between antivirus and anti-malware programs.

Antivirus vs. Antimalware

Put simply, malware is any software that performs unwanted tasks. A virus is a specific type of malware which replicates and infects other computer programs. The term “antivirus” comes from a time when most malware were viruses; today, malware comes in many forms, and the term “anti-malware” speaks to this broader focus. Below, we explore this distinction in greater detail.

Viruses

A virus is a type of malware that, when executed, replicates by reproducing its own source code and infecting other computer programs by modifying how they work[3]. This can include data files or default programs on your system. It can even affect the ‘boot’ sector of a hard drive. Due to its commonality with how viruses in nature replicate, when this replication has occurred, the affected computer is said to be infected by a virus.

The Melissa Virus

The Melissa Virus was a Microsoft Word file first found on a Usenet group masquerading as a list of logins for popular pornographic websites. When opened, the file would email itself to the top 50 email addresses in that computer user’s address book.The virus itself didn’t do much damage, but anyone infected quickly spread the infection to other users. The amount of money lost in productivity across the US was estimated to be somewhere around $80 million[4].

Malware

Malware – short for ‘malicious software’ – is any software installed on your machine that performs unwanted tasks, often for some third party’s benefit.

The Elk Cloner

The Elk Cloner[2] is one of the oldest known pieces of malware. On every 50th boot of a DOS environment, it would purge all data found in your RAM and post the following message:

"Elk Cloner:
The program with a personality

It will get on all your disks
It will infiltrate all of your chips
Yes, it's Cloner!

It will stick to you like glue
It will modify ram too
Send in the Cloner!"

This malware ranged anywhere from annoying to potentially threatening considering how it could modify the entire content of your RAM. There are many different types of malware ranging from worms, trojans, crypto lockers, and more, and each performs different tasks to annoy and terrorize end-users.

How do we guard against malware and viruses that could potentially make its way onto our systems or detect and remove ones that may possibly be on them already? Let’s look at the difference between antivirus and anti-malware programs.

Antivirus

Antivirus is often used interchangeably with anti-malware. However, antivirus software has historically only targeted a specific subset of malware, like older worms or trojans[8], in addition to viruses. Antivirus became a popular term to use for all anti-malware-type software in the 90’s because of the prevalence of viruses. In the early days of the Internet, common internet security policies were not well known to most new users. While general malware grew in type and quantity, viruses flourished at this time because of their nature to duplicate via host files and indiscriminately infect whatever they could get their hands on.

Since most people got viruses, it made more marketing sense to call anti-malware programs anti-virus instead. This also led to splits in software reliability, since concentration on anti-virus software meant losing focus on other types of potential malware. Eventually, other malware, such as ransomware and spyware, became commonplace as well. Antivirus and anti-malware developers then modified their software to include detecting these new threats, so any differentiation between the two terms diminished. However, it’s still commonplace to find antivirus software focusing on older known viruses instead of some more recent vulnerabilities.

Anti-malware

Anti-malware is a type of software installed directly on a computer and is used to actively detect and remove malware from that system[5]. Any time any data or file is added to the system, your anti-malware software will scan it and determine whether or not it matches the definitions of any ‘known’ malware. By remaining connected to the Internet, many of these anti-malware programs can keep its list of known malware actively up-to-date, increasing the chances of mitigating any malware infection. Additionally, anti-malware can be scheduled to periodically run scans to see if anything on the system was corrupted or infected, based on the most up-to-date definitions.
There are a few ways malware can be detected on a system[6]:

 

Database Relation: Most anti-malware applications perform periodic checks to a remote database of information about what types of malware currently exist. It then updates its internal database definitions. When any file is added to the system or a manual scan is performed by the anti-malware, the anti-malware program checks files on the system to see if they match any descriptions found in the database. If so, it will either mark it as malware or delete it outright.

 

Heuristics: Put simply, heuristics are a way to teach something through trial-and-error. If an anti-malware program does not immediately detect malware but instead finds behavior similar to malware, it can incorporate that information into how it searches for malware in the future. It’s a learning system!

 

Sandboxing: A way for anti-malware to test files it may not be sure about. If anti-malware can’t decide whether or not something is malicious, it will run it within a sandboxed environment. A sandboxed environment is an environment that is completely separated off from the host operating system. This is done so the program can’t cause any harm to the host system and the anti-malware can see the effects of the file for itself. Much of sandboxing is now automated, but this is also a way for malware analysts to determine the effects of a program or file.[7]

Most anti-malware applications will use a combination of methods to detect and deal with malware. In most cases, this is enough to keep your system clean of all known malware.

Which Anti-malware Program Should I Choose?

As has been shown antivirus and anti-malware, while different in their scope, are commonly mixed up since they have been used so interchangeably. Atlantic.Net highly suggests having a full-featured anti-malware program on your computer, like TrendMicro Deep Security. Considering how fast malware has been shown to proliferate across the web, any anti-malware solution is a must-have for any computer, especially ones that are required to be up 24/7. The best way to determine what kind of anti-malware/antivirus program you need is to review what each program protects against. Each program has its pros and cons.

Your security-focused hosting partner

At Atlantic.Net, we offer enterprise-grade protection through TrendMicro Deep Security. With features like anti-malware with web reputation, intrusion prevention, integrity monitoring, and log inspection, TrendMicro Deep Security is a full-featured and cost-effective option for any cloud hosting environment. For more information on TrendMicro Deep Security, click here. Contact our Sales team today for pricing and availability! [email protected] or 888-618-DATA (3282)


Sources:

[1] What are Malware, Viruses, and Spyware?
[2] What is Elk Cloner?
[3] What are Viruses?
[4] The Melissa Virus
[5] What is Anti-Malware?
[6] How does Anti-Malware Work?
[7] Heuristics vs. Sandboxing
[8] Anti-Virus vs Anti-Malware: What’s the difference?
[9] History of Viruses (p. 1-6)