Anti-virus: a confusing term nowadays
By Emsisoft Team
The terms “anti-virus” and “anti-malware” which are used in a lot of protection software are, unfortunately, quite confusing. Some users are led to believe that anti-virus solutions are more effetctive than those that protect against malware, whereas the latter actually is the generic term. The matter is even more complicated as, nowadays, all common anti-virus software also protects against other kinds of malware. What’s more: the term “anti-malware” is sometimes also used for software that offers no comprehensive protection against all kinds of threats, but merely specializes on one category or on persistent malware.
In order to correct the issue, these anti-virus applications would need renaming. The term goes back to the beginnings of PC security at the end of the 1980s. It was then that the first computer viruses appeared, and the first one to gain major media coverage was Michelangelo in 1992. These “first specimens of malware” were not independent programs, but rather smuggled malicious code into normal application software that then acted as a host and spread them.
This is also an explanation for the term “computer virus”. Just as a biological virus needs a certain host cell that it can insert its DNA into in order to spread further, a computer virus also needs certain application software in order to virtually reproduce. This explains why the first protection software was called “anti-virus”. Many never changed their name as customers and users know them under that name. The providers do not want to risk losing their brand identity even if many modern anti-virs tools are, as previously mentioned also complete anti-malware solutions.
One look at the description, and you will know what kind of virtual parasites the security software protects you against, no matter if it is anti-virus or anti-malware. What counts is the content, not the name or the packaging.
What kinds of malware are there?
Everyone knows about viruses, and almost everyone is familiar with trojans, spyware or adware. But what about rootkits, ransomware and rogues? In the following you will be given a short introduction to different kinds of malware.
A computer virus spreads on its own by smuggling its code into application software. The name is in analogy to its biological archetype. Not only does a computer virus spread many times and make the host software unusable, but also runs malicious routines.
- Trojan horse/Trojan
A Trojan horse is a type of malware disguised as useful software. The aim is that the user executes the Trojan, which gives it full control of your PC and the possibility to use it for its own purposes. Most of times, more malware will be installed in your system, such as backdoors or key loggers.
Worms are malicious software that aim at spreading as fast as possible once your PC has been infected. Unlike viruses, it is not other programs that are used to spread the worms, but storage devices such as USB sticks, communication media such as e-mail or vulnerabilities in your OS. Their propagation slows down performance of PCs and networks, or direct malicious routines will be implemented.
- Key loggers
Key loggers log any keyboard input without you even noticing, which enables pirates to get their hands on passwords or other important data such as online banking details.
Dialers are relics from a time when modems or ISDN were still used to go online. They dialed expensive premium-rates numbers and thus caused your telephone bill to reach astronomic amounts, which meant enormous financial damage to you, the poor victim, who did not even know they were there. Dialers have no effect on ADSL or cable connections, which is why they are mostly considered extinct nowadays.
- Backdoor / Bot
A backdoor is usually a piece of software implemented by the authors themselves that enables access to your PC or any kind of protected function of a computer program. Backdoors are often installed once Trojans have been executed, so whoever attacks your PC will gain direct access to your PC. The infected PC, also called “bot”, will become part of a bot net.
Exploits are used to systematically exploit vulnerabilities of a computer program. Whoever attackes your PC will gain control of your PC or at least of parts of it.
Spyware is software that spies on you, i.e. collects different user data from your PC without you even noticing.
Adware is derived from “advertisement”. Beside the actual function of the software, the user will see advertisements. Adware itself is not dangerous, but tons of displayed adverts are considered a nuisance and thus are detected by good anti-malware solutions.
A rootkit mostly consists of several parts that will grant unauthorized access to your PC. Plus, processes and program parts will be hidden. They can be installed, for instance, through an exploit or a Trojan.
- Rogues / Scareware
Also know as „Rogue Anti-Spyware“ or„Rogue Anti-Virus“, rogues pretend to be security software. Often, fake warnings are used to make you purchase the security software, which the pirates profit from.
“Ransom“ is just what you think it is. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.
Past and future of malware
If you are using one of our programs with a malware scanner, such as Emsisoft Anti-Malware or Emsisoft Emergency Kit, you will receive 20,000 to 30,000 new signatures per day for your security. Percentages of types of malware keep shifting on a regular basis; since there have been PCs, one species or another has been “in style”.
Viruses were at the peak of their popularity during the 90s before Trojans such as Sub7 and Netbus and worms such as SQL Slammer, Blaster or Sasser heralded the new millennium. Dialers are considered more or less extinct nowadays, but 10 to 15 years ago, they made the everyday life of the computer user quite a struggle. Last year’s fad was ransomware; you may remember the most popular examples, BKA and GEMA Trojan. Trojans were merely the means of infection, the pieces of malware themselves behaved like traditional ransomware.
There has been a distinctive trend over the last years, though: Single type Malware is used less and less, so it is rather difficult to say what kind of malware the GEMA Trojan really is. In reality, different kinds of malware are used at the same time. To attack your PC, either a Trojan, an exploit or a worm is used. The latter one will then install a backdoor for the author to gain access to your PC where a key logger, root kit, spyware or the likes will then be installed. This will give the hacker full access, meaning all passwords on the hijacked PC will be read, important private data will be copied and used for DoS attacks – of course against payment or in order to blackmail companies. This often enables the hacker to control hundreds or even tens of thousands of computers that are then called “bots” forming a network called “bot net”. Experts estimate that only in Germany about 500,000 computers are part of such bot nets – without their owners even knowing.
War on malware has not exactly become easier during the last 10 years for providers of security software. Malware authors are becoming more and more professional and sophisticated. The results are highly developed malicious software that works without the user even noticing or only when it is already too late. Therefore, words of wisdom that one commonly finds on websites and forums are already outdated. It is, for instance, not enough to avoid suspicious websites or not to use an administrator account in order to secure your PC, if malware is able to sneak onto your PC through an exploit. Even a weekly scan using a free anti-virus program is no use once an installed rootkit has anchored itself into your system’s core through hidden routines in an undiscoverable way.
No matter how much experience a user has, regularly updated security software should be an essential part of any PC. Emsisoft Anti-Malware protects your PC in three ways: surf protection stops you from visiting dangerous websites. The powerful dual scan engine detects malware if it still manages to enter your PC, and even so far unknown virtual parasites will be reliably warded off through its advanced behavior analysis. This will also keep you safe from tomorrow’s malware tendencies.