We hear the terms ‘antivirus’ and ‘antimalware’ bandied about so much it’s easy to understand why we confuse their meaning and what they actually do. “Can antivirus detect malware?” is, in fact, a very common question because of this confusion. The short answer to that question is ‘yes’, antivirus can detect malware. The complete answer, however, is a little more complex, starting with the origin of these cyber terms.
Computer viruses, malware, antivirus, and antimalware
The term ‘computer virus’ was coined in the early 1980s because the first types of cyberattacks mimicked biological viruses in that they spread from computer to computer in the same way that biological viruses spread from person to person. Antivirus software was developed, and named accordingly, to respond and defend against computer viruses.
Fast forward a few years later, and we have the term ‘malware’, a shortcut for ‘malicious’ and ‘software’. ‘Malware’ became common ‘cyberspeak’ due to all the new and emerging types of cyber threats, in addition to viruses, that were continuously appearing on the cyber landscape. Hence, ‘malware’ refers to all types of cyber threats, including but not limited to viruses. In other words, viruses are just one type of malware, but there are many other types such as Trojans, worms, ransomware, spyware, and more.
So what does all this mean?
As the number of malware types grew, the need for software that could defend against all types of malware grew too; we needed to be able to detect malware, not just viruses. Nevertheless, the term antivirus had already gone mainstream, so the name stuck, even though modern antivirus software does detect all types of malware. They do this using three methods: a database of virus signatures, behavioral detection and rule-based detection e.g., heuristics detection. The first method is used for scanning your files. Antivirus software compares the signatures of the files on your system to the virus signatures in the signature database to see if any signatures match. If they do, a virus has been detected. This method works well for detecting known malware. The second two methods are needed to detect unknown malware and do not rely on a signature database. Behavioral detection looks for irregular behaviors in files while rule-based detection relies on a defined set of rules to look for irregular commands. In this way, behavioral and rule-based detection can detect new and emerging malware that do not yet have their malware signatures in the signature database.