A to Z about Antivirus Software

 

A to Z about Antivirus Software

What is the difference between Antivirus and Anti-Malware?

For the most part, "Antivirus" and "anti-malware" refer to the same thing. Both refer to software designed to detect, protect, and remove malicious software. Despite what the name might suggest, antivirus software protects against more than just viruses; it just uses a slightly dated name to describe what it does. Anti-malware software, it is also designed to protect against viruses. Anti-malware simply uses a more modern name that encompasses all types of malicious software, including viruses. That said, anti-malware can prevent a viral infection from occurring and remove infected files. However, anti-malware is not necessarily equipped to restore files that a virus has changed or replaced. Both Antivirus and anti-malware fall under the broader term "computer security", also called cybersecurity.

What is computer security?

Computer security is a broad term for any strategy aimed at protecting a system against malicious attacks aimed at theft of money, personal information, system resources ( crypto jacking , botnets ) and a whole host of other undesirable actions. The attack could happen on your hardware or software, or through social engineering.

Today's cybersecurity threats and their countermeasures are varied and nuanced, but the market naturally seeks simplicity when communicating with users. This is the reason why many people continue to see "viruses" as the greatest threat to their computer. In reality, viruses are just one type of cyber threat that was common in the early days of computing. They are far from the most widespread threat today, but the name has endured. It is like calling all illnesses a cold.

What is a computer virus?

A computer virus is (generally) malicious software defined by two characteristics:

• Has to be started by an unsuspecting user. Activating a virus can be as simple as opening a malicious email attachment (malspam) or launching an infected program. Once that happens, the virus tries to spread to other systems on the network where the computer is located or through the user's contact list.

• It should replicate itself. If the software does not replicate itself, it is not a virus. This self-replication process can occur by completely modifying or replacing other files on the user's system. In either case, the resulting file should show the same behavior as the original virus.

Computer viruses have been around for decades. In theory, the origin of “automata that reproduce themselves” (that is, viruses) can be traced back to an article published by the multi-talented mathematician John von Neumann in the late 1940s. The first viruses affected platforms predating personal computers in the 1970s. However, the history of modern viruses begins with a program called “Elk Cloner“, which began infecting Apple II systems in 1982. The virus, which was spread via floppy disks, was actually harmless, but it spread to all disks attached to a system. It spread so quickly that most computer security experts consider it the first large-scale computer virus outbreak in history.

Early viruses like Elk Cloner were primarily designed as a joke. Its creators did it for notoriety and simply to show off. However, by the early 1990s, those adolescent antics had evolved to become very damaging. PC users suffered a wave of virus attacks designed to destroy data, slow down system resources, and record keystrokes (also known as Keyloggers). The need for countermeasures led to the development of the first antivirus software programs.

The first antivirus programs were exclusively reactive.  Furthermore, those early antivirus programs identified viruses using the relatively primitive technique of searching for the identification signature created by the virus author. For example, they might know that there is a virus with the file name "PC destroys", so if the Antivirus Software recognized that name, it would stop the threat. However, if the attacker changed the file name, the antivirus would not be as effective. Although early anti-virus programs could also recognize specific digital identifiers or patterns, such as certain code sequences in network traffic or known sequences of harmful instructions, they needed to be continually updated.

The first antivirus that used signature-based strategies could easily detect known viruses, but could not detect new attacks. Therefore, each new virus had to be isolated and analyzed to determine its signature, and then added to the list of known viruses. The antivirus user had to periodically download a growing database file containing hundreds of thousands of signatures. However, new viruses that preempted database updates left a significant percentage of devices unprotected. The result was a constant race to keep up with the ever-evolving threat landscape as new viruses were created and released.

Current status of computer viruses and Antivirus Software

Computer viruses today are more of a threat inherited from the past than a current risk for users. They have been around for decades and have not changed substantially. In fact, the last truly "new" virus that replicated itself through user interaction emerged in 2011 or 2012.

So if computer viruses are no longer what they were, why do people keep calling their threat protection software an antivirus program?

It all comes down to recognizing an ingrained name. Viruses made alarming headlines in the media in the 1990s, and security companies began using the term for cyber threats in general. Thus was born the term "antivirus". Decades later, many security firms continue to use the term "antivirus" to market their products. It has become a vicious cycle. Users assume that virus is synonymous with cyber threat, which is why companies call their computer security products "antivirus" software, leading users to believe that viruses are still the problem.

And here's the bottom line: While "viruses" and "antivirus" are not strictly anachronistic concepts, modern cyber threats are often far worse than their viral predecessors. They hide deeper in our computer systems and are very adept at evading detection. The traditional viruses of yesterday have spawned a gallery of advanced threats such as spyware, rootkits, Trojans, exploits, and ransomware, to name a few.

As these new categories of attacks emerged and evolved outpacing the early viruses, antivirus companies continued their mission against these new threats. However, antivirus companies weren't sure how to classify themselves. Should they continue to market their products as an "antivirus" at the risk of appearing limited? Should they use another term "anti-threat" to market themselves, such as "anti-spyware"? Or, would it be better to take a global approach and combine everything into a single product line that addresses all threats? The answers to these questions depend on the antivirus company.

At Malwarebytes, computer security is our highest-level generic category. And that's why it makes sense to wrap our efforts to combat threats into a single term that goes far beyond viruses. Therefore, the term we use that covers most of what we do is "anti-malware," which is short for "anti-malicious software."