People often ask me what Anti-Malware vs. Anti-Virus is. One might remember anti-virus as software on your computer that stops viruses. The problem with that mentality is that this is only one small subset of the different malicious applications and files. Viruses have friends like trojans, spyware, adware, malware, etc. Anti-Malware was a broader-scope attempt to identify and remove malware. This idea came from the likely situation of, “well I am already infected; how do I identify it and get it out?” This leads us to where we are today with multi-faceted applications that do those things and a suite of other features that you may or may not need. It is a highly competitive category in the world of software. These are necessary components of any computer system to ensure that they are protected against known malicious files and malicious behavior. In essence, they are like a security guard on your computer. They watch for known criminals and attempt to catch unknown criminals in the act.
Assuming you own a computer, you have probably seen some sort of anti-virus application on the device as soon as you got it. Usually, it comes with a free trial period of protection from the likes of McAfee or Norton. There are a lot of other vendors out there that are protection software against malicious activity, and when your free trial is up, you will be looking for what you want to use moving forward. An internet search is very frequently the next step for individuals at this point. PROBLEM! There are many different people that review the products, and advertising leads you down the road of hard decision-making because of it. Based on their review process, they rank the applications as number one, two, or three. The tricky part here is knowing if their process aligns with what you need and want in an application to protect your computer.
Windows machines come with Windows Defender. This is not only a built-in, host-based firewall, it also is a built-in anti-virus. My view: Defender is quite good. Build a virtual environment and attempt to detonate a malware file and see how good a job it does. So, this leads to the next logical question: “Do I really need something more than that?” My answer: yes. Why? I always recommended layered defense for protection because the bad guys will never stop. I use a combination of Windows Defender and Malware Bytes to protect my personal computer. I paid for a multi-device license for Malware Bytes. It is inexpensive, effective, and easy to use as a secondary level of protection.
Some features to look for in the anti-malware application you choose:
- real-time ransomware protection
- anti-exploit technology
- artificial intelligence
- machine learning
- behavior-based detection
- signature-based detection
Additional things to keep in mind when choosing:
- good reliability
- speed of updates
Some well-known applications for protection -- in no particular order!
- Microsoft Defender
Corporate EDR Tools
From a corporate perspective, the protection requirements are pretty much the same other than there is usually a lot more cutting-edge malware being deployed in those environments. They usually have more security hardware for the network that is more robust and will protect at a different level than home-based computers. There are still protection applications for corporate devices. Endpoint Detection and Response (EDR) Tools are designed as the anti-virus/anti-malware solution for businesses. Crowdstrike, SentinelOne, Carbon Black, FireEye, Windows Defender 365, and Sophos are some of the most well-known applications. The business decides what they want to use, and the agent is installed on each corporate device. It communicates back to a management console with analysts monitoring it for investigation, documentation, and remediation. This is what we train people to do at CyberNow Labs, in fact! It’s fun, challenging, and beneficial. The nice thing about a corporate device is that you don’t have to make those decisions.
For your personal devices, whatever you choose, protect them early and often, and stay updated on the signature definitions. Do scans often and always be smart when visiting a website, opening emails, or downloading files. The user is the weakest link in most cases, which is why you frequently hear this advice: ‘Think Before You Click!’
Richard Chapman, Program Director CyberNow Labs
Head on over to our #TwoBaldNerds playlist to watch this episode with Mike Meyers and me.