The terms “Malware” and “computer virus” are used interchangeably in the computer world. While most people understand that either will create havoc on your system, they don’t necessarily know the differences between them. Let’s spend a few moments digging deeper to demystify them.
Malware is a general term that encompasses all types of malicious software. This is regardless of how it works, is distributed, or is used. Types of malware include computer viruses, worms, ransomware, spyware, and others. Therefore, a computer virus is a type of malware.
The term of choice is often “computer virus” because it has been around the longest. The very first record of a computer virus attack dates back to 1982 and infected Apple IIe computer systems. However, because it is a more comprehensive term, “malware” should be used when discussing the variety of vulnerabilities out there.
What is a Computer Virus?
A computer virus is a piece of code that inserts itself into existing legitimate files and replicates itself through them. The term was coined because it is analogous to a biological virus that infects a host and is spread through forms of contact. There are three common types of computer viruses:
- File infection virus: One that infects programs or files and attempts to spread via that program across as many computers as possible.
- Macro virus: This type of virus infects programs that have automation compatibilities. It often infects powerful Microsoft Office applications such as Word, Excel, Outlook and PowerPoint.
- Polymorphic virus: This newer type of virus is able to modify its own code to avoid detection while it is infecting files or macros. Traditional antivirus programs using detection that is virus-definition based can be fooled by this type of virus. Only the newer, advanced endpoint protection software tools are effective at finding them.
Other Types of Malware
As previously mentioned, computer viruses are only one type of malware. There are a few others that are more obscure, such as worms, ransomware, scareware, adware/spyware. Let’s take a closer look at these.
Worms are similar to viruses, except that instead of infecting legitimate files, they use their own unique files that can self-replicate and spread through your network. They are therefore harder to detect, because most virus defenses look for common files that have been altered. Worms rely on vulnerabilities that your IT team hasn’t patched, or that your software vendor hasn’t found and written a patch for yet.
This is the new big bad boy on the scene. This type of malware compromises your system, encrypts your data — and oftentimes your data backup — and then demands you pay them a hefty sum to get access to your files. Most of us now know someone who has experienced ransomware attacks. Typically, these exploit you to gain access to your system via phish emails, fake websites, and fake web search results. Sadly, many people or organizations are not prepared properly for this type of attack and they are left to pay the ransom in order to restore their data.
This is the poor stepbrother to ransomware. It uses similar methods to gain access to your system and then preys on your gullibility to scare you into buying something you don’t really need or threatens to release your personal details publicly. A common version of this is an email phish claiming to have control of your system and your use of pornography on that system. It demands a payoff to prevent sharing it with your loved ones. Another version of scareware sells fake antivirus software. Scareware usually can be ignored as far as the threat itself is concerned, but your system will still need to be cleaned of the malware.
This type of malware isn’t as damaging as the other types but still has negative consequences, such as invasion of privacy. Adware and spyware often masquerade as legitimate programs or browser add-ins. It claims to provide you with some function, and sometimes that function is actually provided, but its actual purpose is to exploit you for marketing purposes. For example, it changes what advertisements appear in your browser when surfing the Internet and subjects you to annoying pop-ups. It will also collect your personal information and sell it to third-parties for nefarious purposes.
This is a fast-growing category of malware because it is among the hardest to detect. It doesn’t even place a file on your computer. It operates out of the transient memory of the computer. Only the best endpoint protection software can detect it, as many begin on the assumption that a file needs to be scanned. These types of attacks enter your system through emails or websites and will take action behind the scenes to run scripts or commands using native operating tools that are perfectly normal. Memory-only malware will introduce other types of malware including scareware and ransomware. It can be particularly difficult to fix because you keep fighting the symptoms by cleaning the new malware it introduces. You fix one and another shows up.
While there are additional types of malware beyond those discussed here, this list covers the majority of them. Hopefully you have a better understanding of the criminal element we are facing and from which we need protection. Using the right kind of endpoint and server protection that blocks most or all types of malware is critical. Many of those available on the market have not kept up with the times and are powerless against entire strains of malware. It is amazing they are still in business.
We endorse Sophos Endpoint protection because it is rated number one in effectiveness for malware protection if you combine its advanced endpoint protection with its Intercept X product. It’s a powerful combination and it works on Macs and PC. See the following independent ratings of advanced endpoint protection: (https://www.nsslabs.com/advanced-endpoint-protection-aep-security-value-map).
For more answers to more questions about protecting your systems from malware, contact us.
By Karl Bickmore, CEO Snap Tech IT