Antimalware Technologies: terms explained

Every security vendor has a portfolio of advanced “anti-malware technologies” that make its products good and even better than all the rest.

Every security vendor has a portfolio of advanced “anti-malware technologies” that make its products good and even better than all the rest. However, sometimes it’s useful to explain the exact meaning of certain terms, such as “Heuristic analysis” and “anti-malware.” This post isn’t meant to be an encyclopedia or dictionary; rather an attempt to explain the terms simply.

It used to be called “antivirus”

First, what is “malware”? – It’s the shortening of “malicious software”. Years ago, it was mostly “viruses” – a piece of code that makes your PC (or server) behave strangely, destroy data, or malfunction in some way.

Virii are actually the old case. Even “worms” are, although ten years ago they were plaguing  the World Wide Web on a pretty regular basis. They are still around, but hackers today rely mostly on other tools – Trojans, backdoors (although there’s a bit of confusion with this particular term – as explained here), exploits, etc. As long as those are the pieces of code, that’s malware.

Antimalware, or, rather, security solutions are actually both antiviruses, and much more than that.

What about technologies?

There’s a handful of them today. The oldest is “signatures” – i.e. a signature-based method of malware detection. Imagine a police dog trained to sniff out drugs – she recognizes the smell of certain chemical compounds, even if the illegal substances are hidden in something quite odorous on its own (oranges, for instance).

Malware pieces mostly have certain unique – signature – features by which they are recognized: ex ungue leonem. This method is computationally cheap and effective, but there’s just one drawback: The signature must be already known. The dog must be already trained. A brand new unique malware never seen before would make the signature-based method stumble.

For such bad cases there are other aces

Since new malware programs today come in droves (325,000 new samples are detected per day), there are such wise things as “Heuristic analysis”, “Behavioural analysis” and “Allowlists” as the ultimate measure.

Check out our latest “How-To” Guide to keep your business secure from cyberthreats.

Heuristic analysis identifies known malicious instructions rather than a specific code – a specific code of malware. Code may be different, but the nefarious deeds it performs are pretty much the same. So it’s similar to the signature method, but more advanced. This method allows detection of yet-unknown baddies.

Behavioral analysis monitors behavior of every piece of code and the way it interacts with the computer, tracking its activities across different sessions, as well looking at how it interacts with other processes on the computer. In the manner of “I am the eye in the sky, looking at you”.

Finally, there’s an ultimate way to block malware from getting in: Allowlists. It’s not about marking the bad software and preventing it from launching. It’s about branding all of the known legit software, and checking anything new against the known list of malware, and then putting everything that doesn’t budge into either category, into the “grey area”, which is then scrutinized using the aforementioned methods.

And that’s all?

Not exactly. There is also Vulnerability scanning, which does the good job of detecting flaws in the legit software. And it is indeed an anti-malware technology, since malware mostly exploits the errors whether they are popular or not, but still legitimate software.

There are cloud-based Reputation services which allow near real-time protection from newly-discovered threats. In simple terms, metadata about any program ran on a protected computer is uploaded to the vendor’s cloud-based computers, where its overall reputation is assessed (i.e., Is it a known good, known bad, an unknown quantity, how often has it been seen, where has it been seen, etc.) The system operates like a global neighborhood watch, monitoring what is being ran on computers around the world and providing protection to every protected computer if something malicious is detected.

All together now

An efficient security system requires both a handy choice of antimalware solutions, as well as other technologies and approaches that allow businesses to stay afloat in the stormy sea of everchanging cyberthreats.