The Difference Between Anti-Virus and MalWare

With all the cyber attacks reported in the news and with the increase in email SPAM with malware attachments, company CEO’s are asking me about their protection strategies. When I start discussing anti-virus and anti-malware software, I often get the same response, “Aren’t they the same thing”?  They are not and that prompted me to write this report on the differences as well as some actionable tips and strategies to consider.

First, let’s get some understanding as to the differences between malware, viruses and some of the other attack terms used in the industry. Some you are undoubtedly very familiar with, while others may be fairly new. What they all have in common however, is that they are designed to do maximum damage by disrupting computers and stealing vital information.

Here are some common definitions and descriptions according to Wikipedia.

• Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operations, gather information that leads to loss of privacy, gain unauthorized access to system resources, and other abusive behavior without the owner’s informed consent.
• Viruses have the ability to self-replication itself by executing code and write to memory in order to corrupt or modify files on a targeted computer. They typically infect other computers by means of network file systems, removable media (USB drives, disks, CD, etc.) Internet, email, instant message, corrupt web sites, and any other way computers communicate.
• A computer worm is a self-replicating computer program, by means of a computer network, to send copies of itself to other computers on the network. Unlike a computer virus, it does not need to attach itself to an existing program.
• A Trojan horse is a destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system. Trojan horses do not replicate themselves.
• A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
• Spyware collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user’s personal computer.
• Keystroke logging (often called keylogging) is the action of capturing the keys typed on a keyboard so that the person is unaware that their actions are being recorded or monitored. A file is usually created and then sent to the person responsible for infecting the computer to steal personal information like credit card numbers and passwords.
• Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer typically in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated malware or other privacy-invasive software. If for no other reason, they are annoying and need to be removed.

While most people know the importance of virus protection, malware protection is just as important. Anti-virus programs target specific attacks, mainly the virus’ duplication features. Anti-malware, on the other hand, is more general and includes the ability to block viruses, keyloggers, spyware, etc. from entering your system. So, given the nature of today’s cyber attacks, computers need both anti-virus and anti-malware programs.

As cyber attackers, crackers and hackers develop new ways to attack computer, network and now cloud vulnerabilities protection software is really an afterthought defense. They can only protect against know attacks. It’s the unknown ones that are destructive. Some software protection programs are better for catching a particular type of code than others. Other companies are faster with product updates. That is why no one single supplier can completely protect all known attacks.

You must keep an anti-malware program and one anti-virus program active at all times. Constantly check for updates to their data libraries. Run full scans at least one a month. And, keep all OS patches up to date. In the past there was the strategy to own multiple anti-virus programs and then periodically, say once a month, you turn off the active programs and run a manual system check using the other programs. This method would find about 98% of any problems. However, it seems with the newer OS’s this may not be advisable. These anti-virus/malware programs add code into the computer’s OS even when it’s not active which in turn slows down your system. So you want to pick a program from a company that frequently updates their data to protect against the latest threat.

Single function security programs are better that the large suite solutions. Single applications focus on a core competency, are easy to install and use less compute resources. The large security suite applications are troublesome to install and they deeply embed themselves into the computers operating system. This makes the computer run slower and the program is virtually impossible to completely uninstall. Finally, some of these additional applications are not as robust as those from other companies that specialize in those features. So you end up paying more for less.

Many of the programs have a yearly subscription fee. They are worth it when compared to the damage they can do. There are a few free antivirus packages but be very, very careful here. Now cyber hackers are posting free online software that is really a virus. AVG is still the best of the freebees, but some blogs posts complain that their removal ability has dropped off.

Conclusion

• Malware is more generic than viruses
• Anti-malware programs block programs from getting into a computer but do not fix corrupted register files.
• Anti-virus programs prevent viruses from replicating and fix corrupted register files.
• Purchase a leading anti-malware program
• Purchase a leading anti-virus program
• Using more than one software package to add additional protections can slow your computer down
• Don’t use suite programs unless you have specialized IT support

Dovell’s Suggested Products.

I like to keep my security simple and deal with leading specialists of particular security threats. So while all the recommended company products below do offer suites and complete Internet security, they may not be the best in everything.

To be upfront, I may have an affiliate relationship with all these recommended products. I am willing to do that because I have used their programs and have been impressed with the company. I NEVER recommend products that I don’t use and respect.

I also am listing more than one solution so you can best find the one that meets your needs

Anti-virus

• Norton Antivirus.  Norton is still one of the best antivirus programs and is backed by a well known, reputable company. If you are an individual user don’t get the suite products or complete Internet security products because they get so ingrained into your computer’s O/S and require an IT expert to remove them.

• ESET Nod32 Antivirus is easy to use and does a very good job in both speed and completeness in scanning. ESET develops antivirus and security software that delivers instant, comprehensive protection against evolving computer security threats: viruses, worms, trojans, rootkits, spam, spyware etc.  In fact PC World says ESET provides “…the best proactive protection by far.”

• Kaspersky Anti-virus 2012. They have improved many of their protection and performance capabilities. This program is also picking up very high marks from other anti-virus reviewers. Kaspersky Lab is one of the world’s top antivirus companies, and well known all over the world as one of the leaders in the development of advanced anti-virus technologies.

• AVG: Best known free anti-virus program but not necessarily the best. Consider paying for the upgrade. The company describes themselves as: AVG is a leading international developer of antivirus and Internet security solutions for consumers, SMBs and small enterprises. Trusted by over 98 million active users worldwide, AVG protects what’s important and personal inside computers – music, photos, documents and more, all while allowing users to bank, shop and safely knowing their identity is safe.

Anti-Malware

• Malwarebytes is fast and not a resource hog. Plus it offers frequent updates, live protection and scans all the drives. They don’t offer an Anti-virus solution so they can concentrate on what they do best.

• Spyware Doctor is made by one of the industry’s leading computer security companies, PC Tools. It is very easy to use and can remove most of the privacy threats. However, the anti-malware gets higher marks than their anti-virus.

• WebRoot’s Spy Sweeper is also a very powerful anti-malware. It uses patent-pending malware detection and removal techniques. But here again their anti-virus software does not do as good as a job as the top three mentioned above.

• Spybot – Search & Destroy is a fairly good free anti-malware program, particularly when used in conjunction with other programs.

Other security products to include:

1. Firewalls. Hardware ones are better than software.
2. Password managers: use one that requires multi-factor authentication like our Power LogOn products.
3. Hard drive data encryption
4. Email Spam blocker