antimalware (anti-malware)

Antimalware (anti-malware) is a type of software program designed to prevent, detect and remove malicious software (malware) on IT systems, as well as individual computing devices.

Antimalware software protects against infections caused by many types of malware, including all types of viruses, as well as rootkits, ransomware and spyware. Antimalware software can be installed on an individual computing device, gateway server or dedicated network appliance. It can also be purchased as a cloud service -- such as McAfee's CloudAV product -- or be embedded in a computing device's firmware.

How antimalware works

Antimalware software uses three strategies to protect systems from malicious software, including signature-based malware detection, behavior-based malware detection and sandboxing. These techniques protect against threats from malware in different ways.

Many antimalware tools depend on signature-based malware detection. Malicious software can be identified by comparing a hash of the suspicious code with a database of hashes of known malware. Signature-based detection uses a database of known malware definitions to scan for malware.

When the antimalware software detects a file that matches the malware signature, it flags it as potential malware. Malware detection based on signatures can only identify known malware.

Antimalware software that uses behavior-based malware detection is able to detect previously unknown threats by identifying malware based on characteristics and behaviors. This type of malware detection evaluates an object based on its intended actions before it can execute that behavior. An object is considered malicious if it attempts to perform an abnormal or unauthorized action.

Behavior-based detection in newer antimalware products is sometimes powered by machine learning algorithms.

Sandboxing offers another way for antimalware software to detect malware. A sandbox is an isolated computing environment developed to run unknown applications and prevent them from affecting the underlying system. Antimalware programs that use sandboxing run suspicious or previously unknown programs in a sandbox and monitor the results. If the malware demonstrates malicious behavior, the antimalware will terminate it.

Uses of antimalware

Enterprises and other organizations use antimalware for much more than simply scanning files for viruses.

Antimalware can help stop malware attacks by providing real-time protection against the installation of malware on a computer or system by scanning all incoming network data for malicious software and blocking any threats it finds; it may also be able to detect advanced forms of malware and offer specific protection from ransomware attacks.

Antimalware can also do the following:

  • prevent users from visiting websites that are known to distribute malicious code;
  • prevent the spread of malware if one device is infected;
  • generate and track metrics about the number of infections and the amount of time required to clean up those infections; and
  • offer insight into specific malicious software to help administrators understand how the malware has affected the compromised device or network.

Antimalware products may also be able to remove malware once found. However, if it determines the malware will cause further damage to a computer or system if it is removed, the antimalware program will quarantine any malicious files, enabling a user to remove it manually.

Why you need antimalware

Because malware development methods are constantly evolving, effective antimalware software uses multiple detection methods. In addition to signature-based scanning, behavior-based detection and sandboxing, antimalware programs may also rely on reputation-based systems with information about current malware in the wild.

As attackers continue to develop new distribution and exploit techniques, defenders need to use antimalware products that are updated regularly to combat the latest threats and safely remove them from computers, as well as mobile devices, like tablets and smartphones. Without current antimalware software, these devices would be at increased risk of damage from malicious programs, such as viruses, Trojan horses and adware.

Many Microsoft Windows users rely on third-party antimalware software along with the security tools built in to Windows to secure their devices against viruses and malware.

Difference between antimalware and antivirus

Although the terms antimalware and antivirus are often used interchangeably, there have been key differences between the two types of software.

In the past, antivirus typically dealt with older, more well-known threats, such as Trojan horses, viruses, keyloggers and worms. Antimalware, on the other hand, emerged to focus on newer, increasingly dangerous threats and infections spread via malvertising and zero-day exploits.

Today, however, antivirus and antimalware products are generally the same. Some security vendors continue to refer to their products as antivirus software even though their technology is more similar to antimalware and covers a wide variety of newer threats.

This was last updated in December 2017

Continue Reading About antimalware (anti-malware)

Dig Deeper on Malware, virus, Trojan and spyware protection and removal