Of all the software that’s installed on your PC, those applications that are intended to protect you from attack are perhaps the most important. Choose the wrong word processing application and you may not get your documents completed on time. Choose the wrong security software, and you can find yourself on the wrong end of a ransomware attack — pay up, or your files remain encrypted by a hostile player and lost forever.
There are many security applications out there, including the security features built into Windows 10 such as Windows Defender, Microsoft’s antivirus program. But there are various kinds of attacks, and not all applications protect against every threat you might face. In this article, we’ll cover some of the concepts you’ll need to understand before you choose the right solution for you or your organization.
What are the threats?
Generally speaking, all threats can be combined under the term “malware,” which refers to any software that’s written specifically to attack a computer and cause damage. There are a host of different kinds of malware, including:
- Viruses: A virus is software that is associated somehow with a legitimate file or program and that executes when that file is opened and runs a macro or when an infected program is executed. For example, a Microsoft Word document can have a virus embedded as macro and, if macros are set to run, then the virus is executed when the Word document is opened. That’s what makes opening documents from within email so dangerous — even if the document comes from a known sender, it can be infected. In fact, another aspect of a virus is that it tries to copy itself to other computers, both on a local network and through the internet — just like an organic virus that seeks to replicate itself across hosts. A virus might grab all the contacts from your email application, for example, and send copies of itself as an embedded Word document.
- Worms: Worms are like viruses, although they don’t attach themselves to legitimate files but are standalone programs that reside alongside the operating system. Like viruses, worms attempt to spread to other computers, and they do similar types of damage — deleting files, duplicating themselves until file space runs out, stealing private information, and much more. Worms are also spread in similar ways to viruses, such as via attachments to email messages.
- Trojan: This is software that masquerades as a legitimate program and that, once executed, again performs many of the same attacks as viruses and worms. Trojans are particularly difficult to identify because they appear to the operating system — and out-of-date antivirus and antimalware software — as legitimate system files.
- Spyware: Some malware, called spyware, exists solely to reside on a computer and grab confidential information. That information, which could include credit card numbers, bank account information, personal information such as social security numbers, and even proprietary business information, is sent to some nefarious party and is often then sold on the black market to allow access to a person’s or business’s financial and other resources.
- Ransomware: Imagine turning on your PC and seeing a pop-up window with a message that all your files are encrypted and you need to pay some amount of money — often in Bitcoin to make the transition untraceable — to receive the encryption key. That’s ransomware, and it’s a kind of malware that’s been used against individuals as well as some of the largest organizations. Ransomware is particularly damaging because, unless you have a good backup or are able and willing to pay the ransom, you can lose access to every file on your PC. If ransomware attacks a network, then that can cause untold damages to an entire organization.
- Rootkits: Considered by many people to be the worst kind of malware, a rootkit provides backdoor entry into your system and gives access to your PC at the most basic level. It’s often impossible to remove a rootkit because it’s embedded in your operating system — reinstalling your system is often the only remedy.
- Adware: Adware is software that implants itself on your PC and — as the name implies — serves up unwanted ads. This form of malware is the least damaging, but it’s inconvenient and bothersome.
There are other types of malware, but that covers the basics. Now, let’s talk about solutions.
Antivirus vs antimalware software
As we’ve already indicated, a virus is just one kind of malware — albeit a specific kind. And depending on who you talk to — or buy from — antivirus software is distinctly different from antimalware software. They both protect your PC, only in different ways and from different threats. There can be overlap, though, meaning that some antivirus applications have antimalware features and vice versa.
Some distinctions between (strictly) antivirus software and (strictly) antimalware software include the following:
- Protects against viruses and their variants such worms and Trojans
- Are signature-based, meaning they look for specific known threats and remove them
- Stops scripts from executing that might harm your PC
- Can’t identify threats that aren’t already known when the software was last updated
- Protects against other types of threats (sometimes in addition to viruses), such as ransomware and spyware
- Uses heuristic techniques to identify previously unknown threats
- Looks for suspicious activities and stops them before they can cause harm or a piece of malware can become installed on a PC
- Can identify threats that haven’t been programmed into its database
In many cases, you’ll want a solution that is both antivirus and antimalware. That means, it will scan for threats in real time as well as look for threats already installed on a PC, protect against and remove any threats it identifies, and maintain an updated database of known threats. That’s the antivirus part. Also, the solution will keep an eye open for unknown threats by monitoring your system for suspicious activity, keep your PC from attaching to known sources of malware, and in some cases provide a “sandbox” where you can run an unknown piece of software or open a file you don’t know is safe without infecting your PC.
In some cases, you’ll want to choose from the best antivirus software and combine it with the best antimalware software. Many companies offer suites that have both antivirus and antimalware components. Choosing which of the many programs out there fits the bill is beyond the scope of this article, but you’ll want to make sure that your solution meets the requirements we’ve outlined here.
What about the internet?
In addition to protecting your local PC, some applications also keep your machine safer on the internet by keeping a lookout for unsafe sites that are known sources for malware. In addition, the software might stop your PC from infecting other PCs, both on your local network and into the internet. Some browsers have limited internet security built in, as do some routers.
Is Microsoft Defender good enough?
If you ask Microsoft, they’ll tell you that you already have a perfectly good antivirus application built directly into the operating system: Microsoft Defender. And depending on who you believe, that might very well be true. Microsoft Defender has improved over the years and is now at least competitive with third-party add-on software. In fact, it’s evolved into more than just an antivirus feature — it has many features of antimalware software built in, including heuristics that can allow it to catch threats that aren’t in its current database.
Microsoft Defender also works together with the rest of Windows 10’s security features, such as Windows 10 Hello, account protection, firewall and network protection, and more. Nevertheless, there are plenty of reasons to choose a third-party security add-on that will provide additional protection over what Microsoft Defender provides. In addition, some solutions offer additional capabilities, such as virtual private networks (VPNs) that Microsoft Defender does not.
Top Antivirus & Security Software Brands
Choosing the right security software is vital. The information we’ve provided here is just a glimpse into the complexities of keeping yourself safe, but it’s enough to get you started. No matter what solution you choose, though, make sure that you keep it up to date. New threats are popping up every day, and without constant updating any security solution will fail.