Do you know your worms from your trojans? Malware vs Viruses: What’s the difference?

A commonly asked question in various forums is whether anti-malware software, such as Emsisoft Anti-Malware also protects against viruses. The short answer is: yes. The term “malware” is short for “malicious software”. As computer viruses are undoubtedly malicious, they fall into the category of malware, just as trojans, rootkits or spyware do.

In the end, it can be likened to dachshunds and dogs: every virus is malware just as every dachshund is also a dog. But just as every dog is not a dachshund, not every piece of malware is a virus, but rather belongs to a subcategory. In fact, there very few new viruses these days, as the majority of current malware is made up of other virtual parasites.

Anti-virus: a confusing term in today’s world

It is unfortunate that many software providers use the terms “virus” and “anti-malware” ambiguously. Some users are led to believe that anti-virus solutions are more effective than those that protect against malware, whereas the latter is actually the generic term. The matter is complicated further by the fact that today, all common anti-virus programs do also protect against other types of malware. What’s more: the term “anti-malware” is sometimes used by software that doesn’t offer comprehensive protection against all threats, but rather specializes only in certain categories or on particularly stubborn malware.

In order to correct the issue, these anti-virus programs would need renaming. The term dates back to the origins of computer security in the late 1980s. It was then that the first computer viruses appeared, with the first one to gain major media coverage being Michelangelo in 1992. These “early specimens of malware” were not independent programs, but rather smuggled malicious code into normal applications that then acted as a host to spread them.

Hence the term “computer virus” was born. Just as a biological virus needs a certain host cell that it can insert its DNA into in order to spread further, a computer virus also needs a certain program in order to reproduce. This explains why the first protection was named “anti-virus”. Many software vendors never changed their name, as it had become so well known by their customers. They didn’t want to risk losing their brand identity even though many modern anti-virus tools are, as previously mentioned, also complete anti-malware solutions. One look at the description, and you can see what type of virtual parasites a security program protects you against, regardless of whether its labelled anti-virus or anti-malware. What counts is the content, not the name or the packaging.

What types of malware are there?

Everyone knows about viruses, and almost everyone is familiar with trojans, spyware or adware. But what about rootkits, ransomware and rogues? Here is a brief introduction to the different types of malware.

• Virus: A computer virus spreads itself by smuggling its code into another program. The name is an analogy to its biological counterpart. Not only does a computer virus spread many times and make the host software unusable, but also exhibits malicious behavior.
• Trojan horse/Trojan: A Trojan horse is a type of malware that is disguised as a useful program. The goal is for the user to execute the Trojan, allowing it to take full control of your PC and use it for its own agenda. This typically results in the installation of additional malware (such as backdoors or keyloggers) to your system.
• Worm: Worms are malicious software that aim at spreading as fast as possible once your PC has been infected. Unlike viruses, they don’t require a host program, but instead spread themselves via storage devices such as USB sticks, communication media such as e-mail or vulnerabilities in your OS. Their propagation causes a reduction in the performance of PCs and networks, and they may also implement direct malicious behavior.
• Keyloggers: Keyloggers secretly record everything you type on your keyboard, which allows attackers to get their hands on your passwords or other important data such as online banking details.
• Dialers: Dialers are relics from the days when modems or ISDN were the standard way of connecting to the internet. They dialed expensive premium-rates numbers, racking up astronomical telephone bills and causing enormous financial damage to their victims. Dialers are ineffective with ADSL or cable connections, which is why they are mostly considered extinct these days.
• Backdoor/Bot: A backdoor is a portion of code that is usually implemented into a program by the software’s author, to enable access to your PC or an otherwise protected software function. Backdoors are often installed by Trojans once they have been executed, so that the attacker can gain direct access to your PC. The infected PC, also known as a “bot”, becomes part of a botnet.
• Exploit: Exploits are used to systematically exploit vulnerabilities in a computer program. Using them, an attacker can gain either partial or full control of your PC.
• Spyware: Spyware is software that spies on you, i.e. by collecting various types of user data from your PC without your knowledge.
• Adware: Adware is derived from the word “advertisement”. In addition to the actual function of the program, the user will be presented with advertisements. Adware itself is not dangerous, but the display of countless adverts is generally considered undesirable and is thus detected by good anti-malware solutions.
• Rootkit: A rootkit usually consists of several components that grant the author unauthorized access to the target system. In addition, these programs hide their processes and actions using other software. They can be installed, for instance, through an exploit or a Trojan.
• Rogues/Scareware: Also known as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. They frequently use fake warnings to trick users into purchasing the software, which the attackers then profit from illegally.
• Ransomware: Ransomware” is exactly what it sounds like. Ransomware encrypts the user’s personal data (encryption ransomware) or may even lock the entire PC (lockscreen ransomware). You are asked to pay a “ransom” via an anonymous service in order to unlock your computer or your files.

The past and future of malware

If you are using one of our programs equipped with a malware scanner, such as Emsisoft Anti-Malware or Emsisoft Emergency Kit, you will receive 20,000 to 30,000 new signatures per day. The percentage distribution of malware types keeps shifting on a regular basis; since the invention of computers, one type or another has had its heyday.

Viruses were at the peak of their popularity during the 90s, before Trojans such as Sub7 and Netbus and worms such as SQL Slammer, Blaster or Sasser ushered in the new millennium. Dialers are considered more or less extinct today, but 10 to 15 years ago, they were a constant nuisance in the everyday lives of computer users. Over the last year, ransomware has been in vogue; you may remember the most popular examples: BKA and GEMA Trojan. The reference in their names to Trojans refers merely to the means of infection, the actual malware behaved like traditional ransomware.

There has been a distinctive trend developing in recent years, with single types of Malware being used in attacks less and less often. Instead, several types of malware are being used in combination, making the classification of malware such as the GEMA Trojan mentioned above, difficult. To attack your PC, either a Trojan, an exploit or a worm is used. This then installs a backdoor that allows the attacker to gain access to your PC where consequently a keylogger, rootkit, spyware or the like will be installed. Once the attacker has complete control over your PC, they are able to capture your passwords and important private data, and use your PC to perform DoS attacks in exchange for payment or to blackmail companies. In this way, a hacker is able to control hundreds or even tens of thousands of computers known as “bots” which form a network known as a “botnet”. Experts estimate that in Germany alone, about 500,000 computers are part of such botnets – without their owners even realizing it.

The war on malware hasn’t become any easier during the last 10 years for the providers of security software, with malware authors refining their code and becoming increasingly professional. The result is highly sophisticated malware whose presence is invisible to the user or only noticed when it’s already too late. Therefore, the standard security advice that one commonly finds on websites and forums is dangerously outdated. It is, for instance, simply not enough to avoid suspicious websites or not use an administrator account in order to secure your PC, when malware is also capable of entering your PC through an exploit. Even a weekly scan using a free anti-virus program is of little use once an installed rootkit has anchored itself into your system’s core, hiding its traces.

No matter how computer savvy a user is, regularly updated security software with real-time protection should be an essential part of any PC. Emsisoft Anti-Malware protects your PC in three ways. Surf protection prevents you from visiting dangerous websites. The powerful dual-engine scanner detects any malware if it manages to enter your PC, and even currently unknown parasites will be reliably detected by its advanced behavioral analysis. Thus you are also already protected from the malware trends of tomorrow.

Have a nice (malware-free) day!

Your Emsisoft Team