Current Filter: Security>>>>>Masterclass>

   

According to a 2015 Ponemon Institute report, 80% of businesses surveyed said they frequently suffered web-borne malware attacks. These attacks are effective in part, because cybercriminals are outwitting traditional signature-based endpoint antivirus and perimeter defences with sophisticated zero-day malware. Understanding the differences between antivirus security and anti-malware security is key to reducing your attack surface.

STARTING WITH A DEFINITION
What are the differences between viruses and malware? If you're stumped for an answer, you're not alone. In a recent B2B focus group we conducted, the majority of CISOs, many from enterprise organisations, were unable to articulate the differences.

A virus is a piece of code that is capable of copying itself in order to do damage to your computer, including corrupting your system or destroying data. Malware, on the other hand, is an umbrella term that stands for a variety of malicious software, including Trojans, spyware, worms, adware, ransomware and, yes, viruses. All viruses are malware; however, not all malware are viruses.

But the taxonomy is a little more complicated than that. Viruses are considered to be legacy threats. They've been around for a while and haven't changed all that much. Today's cyber criminals don't employ them often - according to AV-Test.org, only 2% of malware threats in the wild are traditional file-infecting viruses. This is why many antivirus and endpoint security companies have evolved to fight more than 'just' viruses. This can include infectious malware like worms, web threats like keyloggers, or concealment malware, such as rootkits.

SO WHY DO ANTIVIRUS COMPANIES STILL CALL THEMSELVES ANTIVIRUS?
Since viruses made headlines in the 1990s, security companies focused their efforts on fighting them. Thus the term 'antivirus' was born. To a degree, it relates to marketing. Most IT administrators are familiar with computer viruses and what they do. On the other hand, newer threats, their mechanisms and behaviours, are a mystery.

But the key differences between antivirus and anti-malware software go beyond semantics. What differentiates antivirus and anti-malware companies are the types of malware they specialise in and how they deal with them.

Antivirus usually detects the older, more established, threats, such as Trojans, viruses and worms. Anti-malware, by contrast, typically focuses on newer threats, such as polymorphic malware and malware delivered by zero-day exploits. Antivirus protects users from lingering, predictable-yet-still-dangerous malware. Anti-malware protects users from advanced threats increasingly found in the wild. In addition, anti-malware typically updates its rules faster than antivirus, making it more responsive to new web-based malware threats. By contrast, antivirus is best at detecting malware contracted from a traditional vector, like a USB or an email attachment.

SO HOW CAN YOU ENSURE YOU'RE FULLY PROTECTED?
No one tool can catch everything, which is why security experts now recommend a layered approach. It's better to have more than one set of eyes looking at threats from different angles. "I'm sure you've heard the old saying 'jack of all trades, master of none','" says Samuel Lindsey, Malwarebytes user advocate. "That's how I see all-in-one endpoint security suites; they just can't detect everything on any given day."

To harden endpoint defences, deploy an antivirus programme to catch legacy threats and an anti-malware programme for the newer, more advanced, dangers. While system resources impact is a concern when running two real-time scanners, most anti-malware software is lightweight and engineered to work alongside antivirus software without conflict.

Attacks and data breaches are a numbers game. It's not a matter of if, but when, your company will face a new and unfamiliar threat. The outcome may be decided by your understanding of the fundamental differences between antivirus and anti-malware, and the corresponding solution you implement.