At Malwarebytes, we're all for precision — especially when it comes to two commonly confused cybersecurity concepts that get used interchangeably: antivirus and anti-malware. Sure, both refer to cybersecurity software, but what do these terms actually mean? What is the difference between antivirus and anti-malware, and are they both still relevant in dealing with today's online threats? Let's take a deep dive into the world of cybersecurity semantics and unpack these terms.
What is antivirus software?
Antivirus is software that is designed to detect, protect against, and remove malware on a computer or mobile device. Originally, it was created to protect against computer viruses, but now it's more of a general term to describe software that uses a combination of advanced technologies to protect against a variety of threats, including ransomware, spyware, and even never-before-seen zero day attacks. Early antivirus programs would compare software file signatures against a list of known viruses to see if they matched, and if so, block them. Today, cybersecurity companies like Malwarebytes employ several different methods to detect, block, or remove malware from a device.
What's the difference between antivirus and anti-malware?
Today, the terms antivirus and anti-malware are often used interchangeably to refer to cybersecurity software that blocks viruses and other types of malware from computers and mobile devices. The term antivirus refers to computer viruses that were early online threats, and anti-malware refers to the term "malware," which is an umbrella term for any kind of malicious software (including viruses). "Anti-malware" is intended to be a broader description than "antivirus," but antivirus has broadened in common usage to describe the same type of software. Both antivirus and anti-malware typically detect and block threats, and remove any threats that make it on to a device. Both of these terms fall under the broader term "cybersecurity."
What is cybersecurity?
Cybersecurity, or computer security, is a catchall term for any strategy for protecting one's system from malicious attacks. For home users, these strategies include both antivirus and anti-malware protection, plus other means to stay safe online like browser protection or a VPN for online privacy. For businesses and organizations, cybersecurity is a broad and important field as cybersecurity attacks continue to make headlines. Businesses often employ a number of different strategies to guard against threats, a foundational one of which is known as endpoint protection.
Cybersecurity attacks often aim to do things like hold your computer hostage, steal system resources (as in a botnet), record your passwords and usernames, and a whole host of other bad things. Such attacks might occur via your hardware (like a backdoor) or through your software (like an exploit). Attackers' goals are often financial, to ultimately steal money or information that can be valuable to others.
What is a computer virus?
A computer virus is a type of malicious software with particular characteristics:
A computer virus requires a host program, and it needs to be initiated by an unsuspecting user. Triggering a virus can be as simple as opening a malicious email attachment (malspam), launching an infected program, or viewing an ad on a malicious site (adware). Once that happens, the virus tries to spread to other systems on the computer's network or in the user's list of contacts.
Computer viruses self-replicate. This process of self-replication can happen by modifying or completely replacing other files on the user's system. Either way, the resulting file must show the same behavior as the original virus. Notably, computer worms also self-replicate, but the difference between a virus and a worm is that viruses rely on human action for activation and need a host system to replicate.
History of computer viruses
Computer viruses have been around for decades. In theory, the origin of “self-reproducing automata” (i.e., viruses) dates back to an article published by mathematician and polymath John von Neumann in the late 1940s.
Early viruses occurred on pre-personal computer platforms in the 1970s. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982.
Disseminated via infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system. It spread so quickly that most cybersecurity experts consider it the first large-scale computer virus outbreak in history. Another early problem was the Morris worm back in 1988, but that was a computer worm rather than a computer virus.
Early viruses like Elk Cloner were mostly designed as pranks. Their creators were in it for notoriety and bragging rights. However, by the early 1990s, adolescent mischief had evolved into harmful intent. PC users experienced an onslaught of viruses designed to destroy data, slow down system resources, and log keystrokes (also known as a keylogger). The need for countermeasures led to the development of the first antivirus software programs.
First antivirus software programs:
Early online antiviruses were reactive. They could only detect infections after they took place. Moreover, the first antivirus programs identified viruses by the relatively primitive technique of looking for their signature characteristics.
For example, they might know there's a virus with a file name like “PCdestroy,” so if the antivirus software recognized that name, it would stop the threat. However, if the attacker changed the file name, the computer antivirus might not be as effective. While early antivirus software could also recognize specific digital fingerprints or patterns, such as code sequences in network traffic or known harmful instruction sequences, they were often playing catch-up.
Identifying new viruses:
Early antiviruses using signature-based strategies could easily detect known viruses, but they were unable to detect new attacks. Instead, a new virus had to be isolated and analyzed to determine its signature, and subsequently added to the list of known viruses.
Those using antiviruses online had to regularly download an ever-growing database file consisting of hundreds of thousands of signatures. Even so, new viruses that got out ahead of database updates left a significant percentage of devices unprotected. The result was a constant race to keep up with the evolving landscape of threats as new viruses were created and released into the wild.
Why do I need antivirus for my computer?
Viruses are just one kind of malware. There are other forms of malware that are more common these days, and antivirus software is designed to defend against these. Here are just a few of today's online threats:
Adware is unwanted software designed to throw advertisements up on your screen, often within a web browser, but sometimes within mobile apps as well. Typically, adware disguises itself as legitimate or piggybacks on another program to trick you into installing it on your PC, tablet, or mobile device.
Spyware is malware that secretly observes the computer user's activities, including browsing activity, downloads, payment information, and login credentials, and then reports this information to the software's author. Spyware isn't just for cybercriminals. Legitimate companies sometimes use spyware to track employees.
A keylogger, spyware's less sophisticated cousin, is malware that records all the user's keystrokes on the keyboard. This malware typically stores the gathered information and sends it to the attacker seeking sensitive information like usernames, passwords, or credit card details.
A computer virus is malware that attaches to another program and, when triggered, replicates itself by modifying other computer programs and infecting them with its own bits of code.
Worms are a type of malware similar to viruses in that they spread, but they don't require user interaction to be triggered.
A Trojan, or Trojan Horse, is more of a delivery method for infections than an infection. The Trojan presents itself as something useful to trick users into opening it. Trojan attacks can carry just about any form of malware, including viruses, spyware, and ransomware. Famously, the Emotet banking Trojan started as an information stealer, targeting banks and large corporations.
Later, Emotet operated purely as an infection vector for other forms of malware, usually ransomware.
Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back. Ransomware has been called the cybercriminal's weapon of choice, because it demands a profitable quick payment in hard-to-trace cryptocurrency.
The cybercriminals behind the GandCrab ransomware claimed to have brought in over $2 billion in ransom payments over the course of a year and a half.
A rootkit is malware that provides the attacker with administrator privileges on the infected system and actively hides from the normal computer user. Rootkits also hide from other software on the system—even from the operating system itself.
Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly prevalent form of malware or browser-based attack that is delivered through multiple attack methods, including malspam, drive-by downloads, and rogue apps and extensions.
It allows someone else to use your computer's CPU or GPU to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your computer's horsepower, the cryptominers send the collected coins into their own account—not yours. So, essentially, a malicious cryptominer is stealing your device's resources to make money.
Malvertising is an attack that uses malicious ads on mostly legitimate websites to deliver malware. You needn't even click on the ad to be affected—the accompanying malware can install itself simply by loading and viewing the page in your browser. All you have to do is visit a good site on the wrong day.
Spoofing occurs when a threat pretends to be something it's not in order to deceive victims to take some sort of action like opening an infected email attachment or entering their username and password on a malicious site spoofed or faked to look like a legitimate site.
Phishing is a type of attack aimed at getting your login credentials, credit card numbers, and any other information the attackers find valuable. Phishing attacks often involve some form of spoofing, usually an email designed to look like it's coming from an individual or organization you trust. Many data breaches start with a phishing attack.
How does anti-malware work?
The original method of signature-based threat detection is effective to a degree, but modern antivirus and anti-malware technology uses additional methods that look for malicious behavior in different ways. This can include analzing a program's structure, behavior, origin, and other characteristics that help determine if it's safe or not. This newer, more effective cybersecurity technology is called heuristic analysis. “Heuristics” is a term researchers coined for a strategy that detects threats by analyzing the program's structure, its behavior, and other attributes.
Each time a heuristic anti-malware program scans an executable file, it scrutinizes the program's overall structure, programming logic, and data. All the while, it looks for things like unusual instructions or junk code. In this way, it assesses the likelihood that the program contains malware. What's more, a big plus for heuristics is its ability to detect malware in files and boot records before the malware has a chance to run and infect your computer. In other words, heuristics-enabled anti-malware is proactive, not reactive.
Some anti-malware products can also run the suspected malware in a sandbox, which is a controlled environment in which the security software can determine whether a program is safe to deploy or not. Running malware in a sandbox lets the anti-malware look at what the software does, the actions it performs, and whether it tries to hide itself or compromise your computer.
“Heuristics is a term researchers coined for a strategy that detects viruses by analyzing the program's structure, its behavior, and other attributes.”
Advancements in antivirus software & cybersecurity
Two relatively new forms of malware have helped drive the advancement of signature-less detection methods: exploits and ransomware. Though these threats are similar to others in many ways, they can be much harder to detect. Furthermore, once your computer is infected, these threats can be almost impossible to remove.
Exploits get their name because they literally exploit vulnerabilities in a system, software, or web browser in order to install malicious code in a variety of ways. Anti-exploit measures were developed as a shield against this method of attack, protecting against Flash exploits and browser weaknesses, including new exploits that have not been identified or vulnerabilities for which patches have not yet been created.
Ransomware emerged on the malware scene to spectacular effect in 2013. Ransomware made a name for itself by hijacking and encrypting computer data, and then extorting payments as it held the data hostage. and even threatened to erase it if a deadline passed without payment. Originally, both these threats resulted in the development of dedicated anti-exploit and anti-ransomware products.
In December 2016, Malwarebytes folded anti-exploit and malicious website antivirus protection into the premium version of Malwarebytes for Windows. We have since added anti-ransomware for even more advanced anti-malware protection.
The future of antiviruses and security programs
Artificial intelligence (AI) and machine learning (ML) are the latest stars in the top antivirus and anti-malware technology.
AI allows machines to perform tasks for which they are not specifically pre-programmed. AI does not blindly execute a limited set of commands. Rather, AI uses “intelligence” to analyze a situation, and take action for a given goal such as identifying signs of ransomware activity. ML is programming that's capable of recognizing patterns in new data, then classifying the data in ways that teach the machine how to learn.
Put another way, AI focuses on building smart machines, while ML uses algorithms that allow the machines to learn from experience. Both these technologies are a perfect fit for cybersecurity, especially since the number and variety of threats coming in every day are too overwhelming for signature-based methods or other manual measures.
At Malwarebytes, we already use a machine-learning component that detects malware that's never been seen before in the wild, also known as zero-days. Other components of our software perform behavior-based, heuristic detections—meaning they may not recognize a particular code as malicious, but they have determined that a file or website is acting in a way that it shouldn't. This tech is based on AI/ML and is available to our users both with top antivirus protection and an on-demand scanner.
In the case of business IT professionals with multiple endpoints to secure, the heuristic approach is especially important. New malware threats emerge regularly, so heuristics play an important role in Malwarebytes Endpoint Protection, as does AI and ML. Together, they create multiple layers of antivirus protection that address all stages of the attack chain for both known and unknown threats.
Selecting the best antivirus for your needs
From desktops and laptops to tablets and smartphones, all our devices are vulnerable to malware. Given a choice, who wouldn't want to prevent an infection instead of dealing with the aftermath? So, what is the best antivirus for you? First, think about how many Windows, Mac, and mobile devices you have to protect. Malwarebytes offers protection for Windows, Mac, Android, iOS, and Chromebook. Learn more about protecting each:
Antivirus for Windows
Windows is the most-used operating system worldwide, and with such a large share of users, it's a big target for various types of malware. Malwarebytes Premium protects PCs against malware using advanced antivirus and anti-malware technology as well as other defenses. Our Windows protection can defend against ransomware and against zero-day exploits, which are never-before-seen types of attacks that software companies haven't had a chance to patch yet.
Additionally, we have added protection against brute force attacks to defend against a threat actor's attempts to gain access to your PC by guessing many passwords in the hope of guessing one correctly. Attackers usually do this remotely. We have also added tamper protection against attempts to remove Malwarebytes protection from a PC (tamper protection is also known as uninstall protection).
If you don't currently use Malwarebytes Premium on your PC, you can take it for a free trial before subscribing.
Antivirus for Mac
Mac computers are not immune to malware. In 2021, Apple's head of software stated that “we have a level of malware on the Mac that we don’t find acceptable.” Antivirus is not just for Windows PCs; antivirus and anti-malware software can block malware from your Mac computer too. You can read more about why Macs need antivirus, and take a free trial of Malwarebytes Premium for Mac to test it out before subscribing, too.
Antivirus for mobile
Whether you use Android or iOS, mobile devices face online threats too. As mobile operating systems go, Android is more open in a number of ways than iOS, and so protection for each is different. Antivirus for Android, for instance, often includes some app scanning capability, as the Google Play Store tends to have much less stringent requirement for apps to make into the store than the iOS App Store. On iOS devices, scam websites can be a bigger concern than rogue apps, for instance. Malwarebytes offers protection for both Android and iOS:
On Android, our protection includes:
Detects ransomware before it can lock your device
Enables a safer browsing experience
Conducts privacy audit for all apps
Finds and removes adware and malware
On iPhones or iPads, our protection blocks disruptions like:
- Phishing scams, tech support scams, and other malicious sites
- Deceptive sites and other forms of suspicious content
- Calls from known and suspected scammers
- Ads and ad trackers which watch your behavior online
- Fraudulent text messages
How about Chromebooks? Similar to Android mobile devices, apps can be a concern, so our protection for Chromebook conducts a privacy audit for all apps. It also includes protection against various types of malware. Chromebooks have become popular in education, so if you have kids using them, you'll likely want protection on the device.
For an additional layer of protection specifically for threats from web browsers, consider Malwarebytes Browser Guard. It's the browser extension that stops annoying ads and trackers. Plus, it's the world's first browser extension that blocks tech support scams.
Industry watchers have cited Malwarebytes for Windows for its role in a layered antivirus protection approach, providing one of the best antivirus programs without degrading system performance. It removes all traces of malware, blocks the latest threats, and is a fast virus scanner.
For antivirus with online privacy protection too, check out our antivirus with VPN. Regardless of the cybersecurity software you choose, your first line of defense is education. Stay up to date on the latest online threats and antivirus protection by making the Malwarebytes Labs blog a regular read.