July 21st, 2015
Antivirus is a confusing matter: it’s called antivirus, but there are tons of other types of malware out there. So…do those programs also scan for spyware, adware, and other threats? Here’s how to make heads or tails of it all, and which tools you can trust to keep your PC clean.
We may be beyond the days where viruses made the evening news, but that doesn’t mean that viruses and other malware are gone forever. They’re there, more than happy to infect your computer and add it to a botnet or spam everyone in your contact list. On the bright side though, with some common sense, a good understanding of what you’re up against, and the right tools, you can keep your PC safe pretty easily.
De-Mystifying Viruses, Malware, and Other Threats
Let’s start with the differences between “viruses” and “malware.” Viruses are a specific type of malware (designed to replicate and spread), while malware is a broad term used to describe all sorts of unwanted or malicious code. Malware can include viruses, spyware, adware, nagware, trojans, worms, and more. However, because viruses (and to a lesser extent, trojans and worms) made headlines a few years ago, most security companies focused their marketing on them, which is why they’re called “antivirus.”
Other tools call themselves “anti-malware,” but malware is a broad term that includes viruses—so it isn’t clear which threats they cover either. So, we set out to find out which tools cover which threats, and how to keep yourself 100% covered.
How to Tell Which Tools Scan for Which Threats
Many people think their anti-malware tool also protects them from viruses, even when when it doesn’t, and vice-versa. We talked to some of the big players in both fields to figure out what their apps will and won’t protect you from. Here’s what they said:
Avast! Free Antivirus
When we asked the folks at Avast (our favorite antivirus tool) whether their tool scanned for malware besides viruses, they responded with an emphatic yes. When we probed a bit deeper and asked about the different types of malware that Avast protects its users from, Director of Viruslab Operations Jiri Sejtko explained it this way:
Avast scans for and protects customers from all varieties of malware. Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common, but today viruses are the minority when it comes to malware. There are, however, a few at-large viruses currently evolving and spreading, these include “Sality” and “Virut”. More common than viruses is malware like Trojans, Worms, Backdoors, Exploits, Adware, and PUP (Potentially Unwanted Programs), which can include communication clients, remote desktops and password revealers, just to name a few.
The focus of online criminals has shifted and therefore malware has changed. Criminals see today’s online society as an opportunity to steal personal data including credit card and banking details, pins and passwords, and information such as home addresses, phone numbers and even the names of family members. Criminals can, for example, write malicious code and distribute it in the form of a trojan. The trojan can collect personal data which can be sold to crime organizations who can then steal money directly from the victims bank account.
Avast’s immense user base consists of more than 184 million people worldwide, each of whom is connected to the Avast cloud, this allows each file execution to be analyzed online. As soon as malware is detected within the user base a close to real time update is sent to all users, providing almost immediate protection against all the newest malware.
Bottom line? Avast protects you from the “classic” threats like viruses, worms, and trojans, but also offers protection against adware, bots, and other exploits.
Avast’s response was particularly interesting because they went out of their way to point out that Avast also protects you from a lot of the new security threats that have appeared in recent years, like hacks that hijack social network accounts or steal passwords. Additionally, it gives us some insight into how Avast updates its clients in real time whenever new threats are detected, without forcing users to download massive virus definition packages or database uplifts (one of the things we like about it so much).
McAfee’s response was significantly more terse than the other companies we spoke to, but it’s also the most clear. When we asked them if they protected their users from more than just viruses, they said yes. When we asked what exactly, they said “viruses and malware including Trojans, worms, spyware, rootkits, and keyloggers.”
The level of protection that McAfee offers however, depends largely on the specific McAfee product you’re running. All of McAfee’s paid software packages include antivirus and antimalware protection, from the $35 McAfee AntiVirus Plus to the $63 McAfee Total Protection. As you move to more expensive products, you get other features like protection for your Facebook or Twitter accounts, identity theft protection, cloud-based backup services, and more.
However, it wasn’t clear whether McAfee will protect you from some of the more nuanced threats like zero day exploits, toolbars you’ve installed, or browser vulnerabilities. If you’re thinking about a premium product (which we’ll talk about later), your best bet is to read the description of the software suite you want very carefully before buying. Most antivirus companies depend on you being confused and just buying the most expensive package because you think it offers the most protection, when it may just include a bunch of features you don’t need.
Symantec, who makes Norton, was a bit more forthcoming. They explained first that all Norton security tools all scan all forms of malware (including viruses), and that they encourage their users to (correctly) think about malware in broader terms. When we asked them what they specifically protect their users against, they broke it into four categories: Infectious malware, web threats, concealment malware, and mobile malware.
Infectious malware consists of viruses and worms; the types of malware you’re probably already familiar with, and the types that almost every security tool will scan for and help you remove. Web threats, on the other hand, are some of the more advanced forms of malware we see on a regular basis today. They include keyloggers, spyware, adware, bots, and even ransomware. Concealment malware includes trojans, backdoors, rootkits, and even fake antivirus software. Mobile malware affects smartphones and tablets.
The Symantec representative we spoke to explained that there are Norton products that protect against all of these threats, and then others that mix and match features based on the level of protection you need. Like we said with McAfee, it’s up to you, the consumer, to make sure you’re buying a product that offers the level of protection you need without paying for something you don’t. On the bright side though, all of the Norton products offer this basic level of protection, from the $40 Norton Antivirus all the way up to the $60 Norton 360. Every product page has a comparison chart on it so you can make sure you’re buying the right version for you.
Since some anti-malware utilities are trying to expand into the on-access malware scanning game, we figured we would ask what Malwarebytes, one of our favorite anti-malware tools, will and won’t protect its users against. Malware Industry Analyst Adam Kujawa explained that Malwarebytes aims to detect as much malware as possible. However, their focus isn’t on those classic threats like viruses and worms:
Malwarebytes Anti-Malware hunts down most often zero-day or zero-hour malware, a term our community uses to explain malware that has been newly created and released on the web. Zero-hour malware can be any type of malware out there that traditional antivirus products have a hard time detecting, so it’s an additional security measure to protect the user from the kind of malware they are most likely to encounter while surfing the web. Most zero-hour malware is distributed in drive-by exploits or even via hacked accounts such as Facebook, Twitter or Skype. Some of the most commonly detected malware by our products include the Zeus banker Trojan, as well as other Trojan malware with the same purpose, such as Reveton ransomware and other types of ransomware that attempt to extort users into paying ridiculous fee, and an array of fake antivirus software (we call them rogue antivirus) that usually allow additional malware to be installed.
More recently, we have begun detecting what we call “Potentially Unwanted Programs” (PUPs). PUPs usually refer to adware or other types of software that really doesn’t do anything but slow down your system and bombard you with advertisements. We decided that if we are protecting our users from the scum of the net that tries to steal their money via extortion or theft, we should also protect them from the scum of the net that tries to do it legitimately, by fooling the users into thinking their products are useful, when in reality they harm the system and cause more problems for the user. However, the default settings on our scanner only flag the software as potentially unwanted but leave it unchecked for removal. While we advise our users to avoid using this kind of software, since it isn’t classified as malware, we don’t automatically remove it and leave it up to the user to decide whether or not it’s valuable for them. We understand that some users are used to having fifteen search bars in their browser window and prefer to keep it that way.
Malware that we don’t target is usually older types that might not have been seen for a few years—we leave that protection up to the antivirus software vendors, since their specialty is protecting the user from known and dangerous malware. In doing so, we are allowed to target specifically the new malware that constantly changes and poses the biggest threat to the average user, who faces possible attacks directly from the web rather than from other sources. At the same time, we always have, and always will, advise our users to use our product in addition to an antivirus, to be doubly protected from the old and the new.
Put simply, Malwarebytes aims to protect you against all manner of malware, but common viruses and older threats aren’t included. Their goal is to stay on the forefront and protect users from new exploits, trojans, backdoors, adware, and spyware. For everything else, you’ll want a traditional on-access security tool.
Our Recommendation: Use One On-Access Antivirus Tool and One On-Demand Anti-Malware Tool
So here’s the bottom line: Most of the popular tools out there will scan for all types of malware. However, you should always make sure your tool does as well. Coupled with good browsing and downloading hygiene, a good security tool should keep you pretty well protected.
However, no one tool can catch everything. So, we suggest you install one security tool (preferably Avast, our favorite) that scans for as much as possible, and that has an on-access scanning engine that protects you from threats while you surf the web, install applications, and open files. Then, install another anti-malware tool (like Malwarebytes Anti-Malware) that you can occasionally use on demand to make sure nothing got through or has been overlooked. With this combination, you’ll protect yourself from as much as possible, and it won’t cost you a thing.
Note that it’s not a good idea to use two security tools that both run all the time in the background on your computer. They’ll likely interfere with each other, and possibly even slow down your computer. Use one that runs in the background, and one that runs on-demand, and disable the background one when you run your on-demand one.
When It’s Worth Paying For a Premium Security Tool
Premium security products, like Norton and McAfee, are difficult to recommend, even though they offer complete protection in a single (albeit expensive) package. Remember, you’re probably looking at $20-$50/yr (in some cases more) in addition to their purchase prices. Even with today’s threats, there’s surprisingly little that a subscription-based product can offer that free tools don’t already provide. The only instance we can think of is if your work (or play) takes you to the seedier parts of the internet, like the dark web, or you share a PC with someone who’s browsing and downloading habits are less restrained than yours. If that’s the case, you might consider paying for a premium service that scans for everything, all the time, in one app.
Still, you should make the call. If you can get one of those suites and its updates for free from your work or school, then by all means, grab it. (My alma mater used to give out free copies of McAfee, along with free updates for life, and my old job used to give out free antivirus to anyone who worked from home so they could install it on their home computers before connecting via VPN).
In the end, good browsing habits and common sense should be your first line of defense against malware, spyware, and viruses. However, we recommend running a good security suite in the background and an on-demand malware tool to cover everything else. That way you’re always protected, and you can scan your system for malware whenever you want to.
Some security experts are saying that 2013 may be the malware’s biggest year ever, so just because the evening news doesn’t talk about these threats anymore doesn’t mean they’re not still a problem. Whatever you choose to do, don’t assume that your antivirus is protecting you from malware, or vice versa. Read the features of the apps you choose carefully, and make sure you have your bases covered.
Register for an account it’s free to participate in the discussion or share your thoughts in the Facebook.The Difference Between Antivirus and Anti-Malware (and Which to Use),