Friday, 19 October 2018

PCMAG: Viruses, Spyware, and Malware: What's the Difference?

If your antivirus software did nothing but protect against computer viruses, it would be pretty much useless. The term computer virus, coined by USC researcher Fred Cohen back in 1984, very specifically refers to a program that injects its code into other programs. When the infected program runs, the virus spreads.
The vast majority of malicious programs aren't viruses, however. Why? Because malware coders want to make money, and it's hard to monetize a virus. Fortunately, modern antivirus utilities offer full-spectrum malware protection, eliminating all types of malicious software. The best software protects against all kinds of threats, so you usually don't need to know which is which. Still, situations may arise when you do need to know, and the many stories in the news about security breaches, hacks, and attacks can be confusing if you don't know the terms. Don't worry: Our quick and dirty guide to the most common types of threats you're likely to read about (and hopefully not encounter) can help you get up to speed.

Threats Defined by Method of Replication

virus runs when the user launches an infected program or boots from an infected disk or USB drive. Viruses keep a low profile, so as to spread widely without being detected. Most of the time, the virus code simply infects new programs or disks. Eventually, often at a predefined date and time, the virus payload kicks in. Early virus payloads were often mindlessly destructive; these days they're more likely to steal information or implement a DDoS (Distributed Denial of Service) attack against a major web site.
Worms are similar to viruses, but they don't require the user to launch an infected program. Simply put, A worm copies itself to another computer and then launches that copy. In 1988 the Morris worm, intended as a simple proof of concept, caused serious damage to the budding Internet. While it wasn't meant to be malicious, its over-enthusiastic self-replication sucked up a huge amount of bandwidth.
Just as Greek forces fooled the people of Troy by concealing warriors inside the Trojan Horse, Trojan programs conceal malicious code within a seemingly useful application. The game, utility, or other application typically performs its stated task, but sooner or later it does something harmful. This type of threat spreads when users or Web sites inadvertently share it with others. Trojans can be real moneymakers. Banking Trojans inject fake transactions to drain your online banking accounts. Other Trojans steal your personal data so their creators can sell it on the Dark Web.

Threats Defined by Behavior

Viruses, worms, and Trojans are defined by the way they spread. Other malicious programs take their names from what they do. Spyware, not surprisingly, refers to software that spies on your computer and steals your passwords or other personal information. Many modern antivirus programs include components specifically designed for spyware protection.
Adware pops up unwanted advertisements, possibly targeted to your interests by using information stolen by a spyware component.
Rootkit technology hooks into the operating system to hide a malicious program's components. When a security program queries Windows to get a list of files, the rootkit removes its own files from the list. Rootkits can also hide entries in the Registry.
bot infestation doesn't actively harm your computer, but it makes your system complicit in harming others. It quietly hides itself until the owner, or "bot herder," broadcasts a command. Then, along with hundreds or thousands of others, it does whatever it's told. Bots are often used to send spam, so the spammer's own systems aren't implicated.
Some malicious programs exist specifically to aid in distribution of other malware. These dropper programs tend to be tiny and unobtrusive themselves, but they can funnel a steady stream of other malware onto your computer. A dropper may receive instructions from its remote owner, as a bot does, to determine which malware it will distribute. The owner gets paid by other malware writers for this distribution service.
As the name suggests, ransomware holds your computer or your data for ransom. In the most common form a ransomware threat will encrypt your documents and demand payment before it will decrypt them. In theory, your antivirus should handle ransomware just as it does any other kind of malware. However, since the consequences of missing a ransomware attack are so dire, you may also want to run a separate ransomware protection utility.

Scareware

Not all antivirus programs are what they seem. Some are actually fakes, rogue programs that don't protect your security and do harm your bank balance. At best these programs offer no real protection; at worst they include actively harmful elements. They work hard to scare you into paying for registration, so they're often called scareware. If you do register, you've both wasted your money and handed your credit card information to crooks. Avoiding scareware gets more and more difficult as the programs get more refined.

Multiple Vectors, Single Solutions

These categories aren't mutually exclusive. For example, a single threat might virus-style, steal your personal information like spyware, and use rootkit technology to hide itself from your antivirus. A scareware program is a kind of Trojan, and it might also steal private data.
The term malware encompasses all of these types of malicious software. Any program whose purpose is harmful is a malware program, pure and simple. Industry groups like the Anti-Malware Testing Standards Organization (AMTSO) use this term for clarity, but the general public still asks for antivirus, not anti-malware. We're stuck with the word antivirus. Just remember that your antivirus should protect you against any and all malware.

No comments:

Post a Comment