Anti Malware – A New Type of Protection
In today’s world, everyone has heard of antivirus software. This is the same software that has been around for a decade or more that protects computers from infection from viruses and other types of malicious software.
However, over the last few years the threat landscape has evolved to the point where having anti-virus software on your computer is not enough. Now, due to the very real threat of ransomware and other new forms of malicious software to computer users, both on a personal level and at the corporate level, users and firms alike are being forced to take additional precautions to protect themselves and their data.
First, What is Malware?
According to Tech Target:
“Malware, or malicious software, is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of different functions such as stealing, encrypting or deleting sensitive data and news, altering or hijacking core computing functions and monitoring users' computer activity without their permission.”
How Do You Become Infected with Malware?
Malware can be introduced into a computer system in a variety of fashions. There are the usual suspects, plugging in an infected USB thumb drive into your system, opening an infected file sent to you via email, to more nefarious means such as what is known as a “drive by download”. This is where you visit a site that is serving up malware that is waiting for someone to visit who has the right vulnerability that the website application can exploit and then infect.
What are Signs that I’m Infected with Malware?
There are a number of ways to tell that your system has been infected with malware. If the malware is ransomware, you’ll more than likely get a notice on your screen that your computer has been infected and that your files have been encrypted. Once this happens, you’ll typically also get news that you can pay a certain amount in Bitcoin to get the password or decryption key to unencrypt your files.
If the malware is a trojan horse you may see that your computer starts acting strangely (the mouse moves on its own, programs and windows open or close without any action on your part, etc.). This typically indicates that an attacker has invaded your computer (or even worse, computers) and is capturing files, screen shots and doing other nefarious things to your computer.
If the malware is a worm, you may not notice anything at all, however it is using your computer as a starting point to propagate to other computers on the network that may have the same vulnerability that your devices has.
If the malware is a virus, you may notice that your files are no longer able to access or give you errors when you attempt to view them. Your computer may also begin acting strangely and may even shut down without any prompting to do so on your part.
So How is Antimalware Software Different from Antivirus Software?
While some may try to lump antimal-ware with antivirus into the same category, they are in fact quite different.
While antivirus software tends to focus in on viruses and their close relatives, antimalware looks at a broader spectrum of threats such as ransomware, trojans, and other more esoteric threats. In fact, antimal ware software is meant to be used in conjunction with antivirus software to provide a broader scope of coverage for the user and ensure that they are less susceptible to threats than if they were using antivirus software alone.
This is called defense-in-depth. Rather than relying on one type of software to totally protect you, you utilize layers of products that provide you better resiliency against attacks when they present themselves.
How Does Antimalware Work?
According to Comodo, antimalware works in the follow ways:
Behavior Monitoring
Behavior Monitoring is a technique anti malware uses to identify malware based on its character and behavior. An anti-malware program doesn’t compare the file to any known threats anymore. If a file exhibits suspicious behaviors, anti malware will view it as a threat.
Behavior monitoring technique is used to constantly monitor suspicious files that can be harmful to the computer. This feature makes malware detection more easily because an anti malware program doesn’t have to scan or view a file anymore. By its behavior on the computer malware will be identified.
Sandboxing
Sandboxing is another efficient technique an anti malware program uses to isolate suspicious files. An anti malware holds the file in the sandbox to further analyze it. Threats will be instantly removed, while legitimate files will be allowed but it will be constantly monitored.
Sandboxing is a great way to prevent malware infection. An anti malware immediately separates malicious software from legitimate applications to prevent damage on the computer.
Malware Removal
Finally, once malware is identified, an anti malware removes it to prevent it from executing and infecting the computer. If the same type of file accesses the computer, it will automatically be eliminated. An anti malware will prevent it from installing.
Malware removal may sound like a lot of work but it’s done within seconds. That’s how fast an anti malware program works. In an instant malware is out of your computer and you’re assured that your computer and personal information are safe.”
Are There Different Antimalware Vendors?
Yes, there are! Just like there are numerous antivirus software companies, there are numerous software firms that provide standalone antimalware software or antivirus companies that have taken certain attributes of antimalware programs and embedded them into their antivirus product so that the consumer gets the best of both worlds without having to run two different programs on their computers.
Additionally, many unified threat management (UTM) firewall appliances service an antimalware component that scans incoming and outgoing traffic in search of anomalous patterns that could be attributed to a malware existing on one or more computers that exist on the network.
Do I Need Antimalware Software?
In a word, yes.
As mentioned earlier in the article, antimalware software is part of a defense-in-depth strategy that all organizations need to adhere to. Always remember that there is no silver bullet and no one technology can protect you from all the threats that you or your business will face in a given day.
Antimalware complements not only your antivirus software but your UTM appliances and other threat protection technologies as well and should be part of your whole threat protection strategy.
Schedule a Demo and see how Frontline VM can keep your company secure.
Sources:
https://searchsecurity.techtarget.com/definition/malware
https://enterprise.comodo.com/what-is-anti-malware.php
About the Author
Mieng Lim, Vice President, Product Management has served as a security expert for Digital Defense, Inc. since 2001. Mieng takes a consultative approach to security having held prior roles in Operations, Quality Assurance and Sales Engineering. Mieng seamlessly blends technical expertise with real world scenarios to provide an entertaining and educational cyber security perspective. Mieng serves a mentor and STEM advocate encouraging young women to pursue careers in security and technology and volunteers with BSides San Antonio as a staff member. Mieng holds a Bachelor’s Degree in Computer Science with Minor in Sociology from Trinity University.
Featured Resources
Want to Know More About Malware and Ransomware?
Get the guide Dissecting Ransomware: Understanding Types, Stages, and Prevention