The cutoff between anti-virus and anti-malware?

What do you see as the cutoff point where a product goes from being anti-virus to anti-malware or vice-versa?

As per another thread, I'm considering whether to renew 600 or so Avira licenses or replace them with something else.

These days most of our detections come from drive-by's and "things" on websites (mostly cookies) and the occasional rogue executable that sneaks in via USB or similar.

I'm intending on taking a laptop and hooking it to our guest wifi so it doesn't touch the LAN, and visiting a bunch of sites on malwaredomainlist.com and trying it with Avira, and then MalwareBytes Pro installed (I'll re-image it in between of course).

I guess what I'm not clear on is quite what the cutoff is where a product ceases being anti-virus (and Avira is called Avira Antivirus) and become anti-malware - by my definition most of the issues we face these days are caused by web browsing so fall more into malware than virus, but I don't live and breathe this stuff hence the question.

 

the antivirus can protect againts exploids and phishing attacks and the antimalware dont protect againts exploids attacks as the antivirus does
maybe i am wrong but i believe this way maybe i am wrong and spam and

 

A virus is a subset of malware that can only spread via human interaction.

Malware is any file that has malicious intent.

An antivirus should literally be software that blocks only a specific type of malware, that's how they used to be.

Antimalware would block all types of malware including viruses, worms, rootkits.

Today however we have no distinction between an AntiMalware and AntiVirus. I know of no programs that advertise as an Antivirus but do not protect against other threats.

 

Phishing we're pretty much protected against by a combination of URL filtering on the firewall, spam filtering, and blocking of all executable files - though of course the odd one still gets through and someone clicks the link.

Not sure quite what you mean by exploits though? Presumably in the sense that Flash and Adobe Acrobat tend to be like swiss cheese and are always being patched for vulnerabilities?

 

In terms of protecting against exploits usually it's a matter of preventing something from executing via the exploit.

Some exploits will drop files onto the computer and execute the code. If your AV/AM picks up that file it can block execution.

Not all exploits require payloads and many work fine within the confines of the programs own libraries.

 

Thanks. What I'm ultimately driving at is whether you would see MalwareBytes (seems best of breed anti-malware) as a complement to, or a replacement for something like Avira (seems best of breed anti-virus)?

There clearly is a difference, I'm still not entirely clear what it is in the real world.

 

Yeah see the issue is that "Antimalware" and "Antivirus" SHOULD be different things but they aren't due to marketing.

Both Avira and Malwarebytes go after the same things, essentially - malware. Not viruses specifically, malware in general.

For clarity's sake let's just call both Avira and Malwarebytes AntiMalware solutions, ok? They're both AM's or AV's and they're effectively against the same things despite whatever separate methods they may use.


Now, what's special about Malwarebytes is not that it labels itself an AM but that it can work with other AM's as a secondary realtime scanner. So you could have Avira installed and it'll scan a file and them Malwarebytes will wait its turn and scan the file right afterwards.

But in the end they're both fighting the same thing, malware.

 

Not much distinction anymore, as there Definately used to be a few years ago.

For eg: AntiTrojans specifically targeted those, & some were Very good at catching what Most AV's missed at the time. AV's soon realised they were getting bad press & letting their customers down, so slowly got their act more together & started including other nasties too. Of course some AV's were better at it than others, & still are, but eventually more or less caught up.

Then came the RootKit avalanche from 2005 onwards which presented, & still does to a greater/lesser extent, traditional AV's etc a Big headache.

As always no one solution gets everything, but the 2 you've mentioned are 2 of the best

 

AM >> AV

 

Malwarebytes IS NOT a replacement for your regular Antivirus product. It's designed to catch stuff that most AV's fail to, and therefore should be used paired to an Antivirus.
SOURCE

So a combo of (your fav AV) + Malwarebytes should take care of most of the nasties.

 

Some guy on a forum says so, I'm not inclined to believe him. He doesn't look like he's a moderator or anything.

I'm not saying it's false but it's the first I've heard of MBAM only meant to work as a second-opinion scanner.

 

^MalwarebytesAntimalware has for a long time portrayed it's product as an addition to AV's and not as a replacement.
Currently such references can't be found anymore on their website but I'm very sure MBAM used to be recommended as an addition to 'traditional' AV's, also on their own website.

From a PCMAG interview between Marcus Chung (MBAM COO) and Neil Rubenking;
"Marcus pointed out that Malwarebytes is meant to work with other antivirus programs, not replace them.
To ensure compatibility they carefully test it with as many competing tools as possible.
Their specific target is the zero-day attack that gets past the rest."
The interview is from August 12, 2011. link (I'd say 'competing tools' would be programs like SAS for instance).

On the OP question about the difference between AV's and AM's, like already mentioned, AV's should all be named AM programs imo.
Viruses are just a subset of malware and all AV's also detect other malware besides viruses.
Companies just keep using the name 'Antivirus program' because >90% of consumers are familiar with it and renaming such programs to AM's would simply cost them money, either in lost sales or marketing/information campaigns.

 

There is no discernible line any longer. AV and AS have encroached into what once was each other's exclusive territory.
-Also-
The characteristics of malware constantly change, so to be effective, antispyware and antivirus applications must also evolve or they become close to useless.
The ability/effectiveness of antispyware apps varies. The same holds true for antivirus solutions.
No combination of any two will exactly equal any other combination. The trick is to combine AV and AS with optimal complimentary attributes, but even that is no longer good enough.

Factors which have changed the landscape for the better are the increasing availability of Host Intrusion Prevention software, applications such as Sandboxie, Bufferzone, and Returnil which allow the user to browse in a virtual environment or to extend the practice to an entire virtual machine with VirtualBox or VMware, and the newer web browsers which are generally more secure than previous versions (provided they are properly configured).
Also employable are "rollback" or "snapshot" type applications, and the fact that all of the above are readily available in free as well as paid versions assures that you now have a fighting chance to stay malware-free.

 

Thanks for the source Baserk.

Either way, the distinction is not that they attempt to fight viruses or trojans but in how MBAM implements this. As I said, there's no distinction between AV and AM anymore.

 

I'm not trying to be a ~ Snipped as per TOS ~, just want to make sure the OP gets the correct notion about MBAM's approach so he can take the best decision for those 600 pc's.

 

Well today I thought I'd try something a little different so I hooked up a laptop to the guest wifi and paid malwaredomainlist.com a little visit and tried to get myself infected.

I had no real methodology and we didn't spent too long at it for today, but what was a real eye opener was just how much Internet Explorer's SmartScreen Filter blocks - if you switch it on!

I ran a couple of executables despite all of SmartScreen's attempts to stop me, Avira didn't catch them (fair enough, it won't get everything) and next I knew my taskbar had disappeared and a windows was up with a bunch of Cyrillic text on it.

We rebooted the laptop and managed to do a "switch user" to login as another account, from where we ran MalwareBytes which seems to have found the Malware.

(I should stress we image PC's, I'm not dumb enough to try and return this one to use, it will be re-images).

 

Absolutely. I didn't see that in his signature.