At Malwarebytes, we're all for precision — especially when it comes to two commonly confused cybersecurity concepts that get used interchangeably all the time: antivirus and anti-malware. Sure, both refer to cybersecurity software, but what do these terms actually mean? What is the difference between antiviruses and anti-malware, and are they both still relevant in dealing with today's online digital threats?
Let's take a deep dive into the world of cybersecurity semantics and unpack these terms one at a time:
For the most part, antivirus software and anti-malware software are the same things. They both refer to computer security software designed to detect, protect against, and remove malicious software. Contrary to what the name might suggest, antivirus software protects against more than viruses — it just uses a slightly antiquated name to describe what it does.
Anti-malware software is also designed to protect against viruses; it just uses a more modern name that encompasses all kinds of malicious software, including viruses. That being said, anti-malware can stop an online viral infection from happening and remove infected files. However, anti-malware isn't necessarily equipped to restore files that have been changed or replaced by a virus. Both antivirus software and anti-malware fall under the broader term "cybersecurity.”
Cybersecurity, or computer security, is a catchall term for any strategy for protecting one's system from malicious attacks, including both antiviruses and anti-malware. These attacks often aim to do things like hold your computer hostage, steal system resources (as in a botnet), record your passwords and usernames, and a whole host of other bad things. Such attacks might occur via your hardware (like a backdoor) or through your software (like an exploit).
Cybersecurity threats and their countermeasures are varied and nuanced nowadays, but the marketplace naturally strives for simplicity when communicating to consumers. This is why many people still see “viruses” as the biggest threat to their computer security. In reality, computer viruses are just one type of cyberthreat that happened to be popular when computers were in their infancy. They're far from the most common threat today, but the name stuck. It's a bit like calling every disease a cold.
“For the most part, antivirus and anti-malware mean the same thing. They both refer to software designed to detect, protect against, and remove malicious software.”
A PC or computer virus is a piece of (usually) harmful software defined by two characteristics:
It needs to be initiated by an unsuspecting user. Triggering a virus can be as simple as opening a malicious email attachment (malspam), launching an infected program, or viewing an ad on a malicious site (adware). Once that happens, the virus tries to spread to other systems on the computer's network or in the user's list of contacts.
It must be self-replicating. If the software doesn't self-replicate, it's not a virus. This process of self-replication can happen by modifying or completely replacing other files on the user's system. Either way, the resulting file must show the same behavior as the original virus.
Computer viruses have been around for decades. In theory, the origin of “self-reproducing automata” (i.e., viruses) dates back to an article published by mathematician and polymath John von Neumann in the late 1940s.
Early viruses occurred on pre-personal computer platforms in the 1970s. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982.
Disseminated via infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system. It spread so quickly that most cybersecurity experts consider it the first large-scale computer virus outbreak in history.
Early viruses like Elk Cloner were mostly designed as pranks. Their creators were in it for notoriety and bragging rights. However, by the early 1990s, adolescent mischief had evolved into harmful intent. PC users experienced an onslaught of viruses designed to destroy data, slow down system resources, and log keystrokes (also known as a keylogger). The need for countermeasures led to the development of the first antivirus software programs.
Early online antiviruses were exclusively reactive. They could only detect infections after they took place. Moreover, the first antivirus programs identified viruses by the relatively primitive technique of looking for their signature characteristics.
For example, they might know there's a virus with a file name like “PCdestroy,” so if the antivirus software recognized that name, it would stop the threat. However, if the attacker changed the file name, the computer antivirus might not be as effective. While early antivirus software could also recognize specific digital fingerprints or patterns, such as code sequences in network traffic or known harmful instruction sequences, they were always playing catch up.
Early antiviruses using signature-based strategies could easily detect known viruses, but they were unable to detect new attacks. Instead, a new virus had to be isolated and analyzed to determine its signature, and subsequently added to the list of known viruses.
Those using antiviruses online had to regularly download an ever-growing database file consisting of hundreds of thousands of signatures. Even so, new viruses that got out ahead of database updates left a significant percentage of devices unprotected. The result was a constant race to keep up with the evolving landscape of threats as new viruses were created and released into the wild.
PC viruses today are more of a legacy threat than an ongoing risk to computer users. They've been around for decades and have not substantially changed.
So, if computer viruses aren't really a thing anymore, why do people still call their threat protection software an antivirus program, and why do you need an antivirus for computers in the first place?
It boils down to entrenched name recognition. Viruses made sensational headlines in the 90s, and security companies began using antivirus as shorthand for cyberthreats in general. Thus, the term antivirus was born.
Decades later, many security firms still use this term for marketing their products. It's become a vicious cycle. Consumers assume viruses are synonymous with cyberthreats, so companies call their cybersecurity products antivirus software, which leads consumers to think viruses are still the problem.
But here's the thing. While virus and antivirus are not exactly anachronisms, modern cyberthreats are often much worse than their viral predecessors. They hide deeper in our computer systems and are more adept at evading detection. The quaint viruses of yesterday have given rise to an entire rogue's gallery of advanced threats like spyware, rootkits, Trojans, exploits, and ransomware, to name a few.
As these new attack categories emerged and evolved beyond early viruses, companies making antivirus for computers continued their mission against these new threats. However, these companies were unsure of how to categorize themselves.
Should they continue to market their products as antivirus software at the risk of sounding reductive? Should they use another "anti-threat" term for marketing themselves like "anti-spyware," for example? Or was it better to take an all-inclusive approach and combine everything in a single product line that addressed all threats? The answers to these questions depend on the company.
At Malwarebytes, cybersecurity is our highest-level catchall category. It makes sense to combine our anti-threat effort into a single term that covers more than just viruses. Accordingly, the term we use to cover most of what we do is “anti-malware,” which is short for “anti-malicious software.”
“Consumers assume viruses are synonymous with cyberthreats, so companies call their cybersecurity products antivirus software, which leads consumers to think viruses are still the problem.”
Viruses are just one kind of malware. There are other forms of malware that are more common these days. Here are just a few:
Adware is unwanted software designed to throw advertisements up on your screen, often within a web browser, but sometimes within mobile apps as well. Typically, adware disguises itself as legitimate or piggybacks on another program to trick you into installing it on your PC, tablet, or mobile device.
Spyware is malware that secretly observes the computer user's activities, including browsing activity, downloads, payment information, and login credentials, and then reports this information to the software's author. Spyware isn't just for cybercriminals. Legitimate companies sometimes use spyware to track employees.
A keylogger, spyware's less sophisticated cousin, is malware that records all the user's keystrokes on the keyboard. This malware typically stores the gathered information and sends it to the attacker seeking sensitive information like usernames, passwords, or credit card details.
A computer virus is malware that attaches to another program and, when triggered, replicates itself by modifying other computer programs and infecting them with its own bits of code.
Worms are a type of malware similar to viruses in that they spread, but they don't require user interaction to be triggered.
A Trojan, or Trojan Horse, is more of a delivery method for infections than an infection. The Trojan presents itself as something useful to trick users into opening it. Trojan attacks can carry just about any form of malware, including viruses, spyware, and ransomware. Famously, the Emotet banking Trojan started as an information stealer, targeting banks and large corporations.
Later, Emotet operated purely as an infection vector for other forms of malware, usually ransomware.
The cybercriminals behind the GandCrab ransomware claimed to have brought in over $2 billion in ransom payments over the course of a year and a half.
A rootkit is malware that provides the attacker with administrator privileges on the infected system and actively hides from the normal computer user. Rootkits also hide from other software on the system—even from the operating system itself.
It allows someone else to use your computer's CPU or GPU to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your computer's horsepower, the cryptominers send the collected coins into their own account—not yours. So, essentially, a malicious cryptominer is stealing your device's resources to make money.
Malvertising is an attack that uses malicious ads on mostly legitimate websites to deliver malware. You needn't even click on the ad to be affected—the accompanying malware can install itself simply by loading and viewing the page in your browser. All you have to do is visit a good site on the wrong day.
Spoofing occurs when a threat pretends to be something it's not in order to deceive victims to take some sort of action like opening an infected email attachment or entering their username and password on a malicious site spoofed or faked to look like a legitimate site.
Phishing is a type of attack aimed at getting your login credentials, credit card numbers, and any other information the attackers find valuable. Phishing attacks often involve some form of spoofing, usually an email designed to look like it's coming from an individual or organization you trust. Many data breaches start with a phishing attack.
The old school method of signature-based threat detection is effective to a degree, but modern anti-malware also detects threats using newer methods that look for malicious behavior. To put it another way, signature-based detection is a bit like looking for a criminal's fingerprints. It's a great way to identify a threat, but only if you know what their fingerprints look like. Modern anti-malware takes detection a step further so it can identify threats it has never seen before. By analyzing a program's structure and behavior, it can detect suspicious activity. Keeping with the analogy, it's a bit like noticing that one person always hangs out in the same places as known criminals and has a lock pick in his pocket.
This newer, more effective cybersecurity technology is called heuristic analysis. “Heuristics” is a term researchers coined for a strategy that detects threats by analyzing the program's structure, its behavior, and other attributes.
Each time a heuristic anti-malware program scans an executable file, it scrutinizes the program's overall structure, programming logic, and data. All the while, it looks for things like unusual instructions or junk code. In this way, it assesses the likelihood that the program contains malware. What's more, a big plus for heuristics is its ability to detect malware in files and boot records before the malware has a chance to run and infect your computer. In other words, heuristics-enabled anti-malware is proactive, not reactive.
Some anti-malware products can also run the suspected malware in a sandbox, which is a controlled environment in which the security software can determine whether a program is safe to deploy or not. Running malware in a sandbox lets the anti-malware look at what the software does, the actions it performs, and whether it tries to hide itself or compromise your computer.
Another way heuristic analytics helps keep users safe is by analyzing web page characteristics in order to identify risky sites that might contain exploits. If it recognizes something fishy, it blocks the site.
In brief, signature-based anti-malware is like a bouncer at the nightclub door, carrying a thick book of mug shots and booting anyone that matches. Heuristic analysis is the bouncer who looks for suspicious behavior, pats people down, and sends home the ones carrying a weapon.
“Heuristics is a term researchers coined for a strategy that detects viruses by analyzing the program's structure, its behavior, and other attributes.”
Two relatively new forms of malware have helped drive the advancement of signature-less detection methods: exploits and ransomware. Though these threats are similar to others in many ways, they can be much harder to detect. Furthermore, once your computer is infected, these threats can be almost impossible to remove.
Exploits get their name because they literally exploit vulnerabilities in a system, software, or web browser in order to install malicious code in a variety of ways. Anti-exploit measures were developed as a shield against this method of attack, protecting against Flash exploits and browser weaknesses, including new exploits that have not been identified or vulnerabilities for which patches have not yet been created.
Ransomware emerged on the malware scene to spectacular effect in 2013. Ransomware made a name for itself by hijacking and encrypting computer data, and then extorting payments as it held the data hostage. and even threatened to erase it if a deadline passed without payment. Originally, both these threats resulted in the development of dedicated anti-exploit and anti-ransomware products.
In December 2016, Malwarebytes folded anti-exploit and malicious website antivirus protection into the premium version of Malwarebytes for Windows. We have since added anti-ransomware for even more advanced anti-malware protection.
Artificial intelligence (AI) and machine learning (ML) are the latest stars in the top antivirus and anti-malware technology.
AI allows machines to perform tasks for which they are not specifically pre-programmed. AI does not blindly execute a limited set of commands. Rather, AI uses “intelligence” to analyze a situation, and take action for a given goal such as identifying signs of ransomware activity. ML is programming that's capable of recognizing patterns in new data, then classifying the data in ways that teach the machine how to learn.
Put another way, AI focuses on building smart machines, while ML uses algorithms that allow the machines to learn from experience. Both these technologies are a perfect fit for cybersecurity, especially since the number and variety of threats coming in every day are too overwhelming for signature-based methods or other manual measures. Both AI and ML are still in developmental phases, but they hold immense promise.
In fact, at Malwarebytes, we already use a machine-learning component that detects malware that's never been seen before in the wild, also known as zero-days or zero-hours. Other components of our software perform behavior-based, heuristic detections—meaning they may not recognize a particular code as malicious, but they have determined that a file or website is acting in a way that it shouldn't. This tech is based on AI/ML and is available to our users both with top antivirus protection and an on-demand scanner.
In the case of business IT professionals with multiple endpoints to secure, the heuristic approach is especially important. We never know the next big malware threat, so heuristics play an important role in Malwarebytes Endpoint Protection, as does AI and ML. Together, they create multiple layers of antivirus protection that address all stages of the attack chain for both known and unknown threats.
From desktops and laptops to tablets and smartphones, all our devices are vulnerable to malware. Given a choice, who wouldn't want to prevent an infection instead of dealing with the aftermath?
The best antivirus software alone is not up to the task, as evidenced by the regular stream of newspaper headlines reporting yet another successful cyberattack.
So, what should you do to stay safe? What kind of cybersecurity software — antivirus software or anti-malware software — should one choose to address a threat landscape that consists of legacy viruses and emerging malware? What is the best antivirus program for you?
The fact is, traditional antiviruses alone are inadequate against emerging zero-day threats, allow ransomware to successfully hijack computers, and don’t completely remove malware. What's needed is an advanced cybersecurity program that is flexible and smart enough to anticipate today's increasingly sophisticated threats.
Malwarebytes for Windows fulfils this need for advanced antivirus security (along with Malwarebytes for Mac, Malwarebytes for Android, and Malwarebytes business solutions). Malwarebytes offers one of the best antivirus programs to protect computers against malware, hacks, viruses, ransomware, and other ever-evolving threats to help support a safe online antivirus experience. Our AI-enhanced, heuristics-based technology blocks threats that a traditional computer antivirus isn't smart enough to stop.
For an additional layer of antivirus protection, consider Malwarebytes Browser Guard. It's the browser extension that stops annoying ads and trackers. Plus, it's the world's first browser extension that blocks tech support scams.
Industry watchers have cited Malwarebytes for Windows for its role in a layered antivirus protection approach, providing one of the best antivirus programs without degrading system performance. It removes all traces of malware, blocks the latest threats, and is a fast virus scanner.
Regardless of the cybersecurity software you choose your first line of defense is education. Stay up to date on the latest online threats and antivirus protection by making the Malwarebytes Labs blog a regular read.
Select your language