Every security vendor has a portfolio of advanced \u201canti-malware technologies\u201d that make its products good and even better than all the rest. However,\u00a0sometimes it\u2019s useful to explain the exact meaning of certain terms, such as \u201cHeuristic analysis\u201d and \u201canti-malware.\u201d This post isn\u2019t meant to be an encyclopedia or dictionary; rather an attempt to explain the terms simply.<\/p>\n
It used to be called \u201cantivirus\u201d<\/strong><\/p>\n First, what is \u201cmalware\u201d? \u2013 It\u2019s the shortening of \u201cmalicious software\u201d. Years ago, it was\u00a0mostly \u201cviruses\u201d \u2013 a piece of code that makes your PC (or server) behave strangely, destroy data, or malfunction in some way.<\/p>\n Virii are actually the old case. Even \u201cworms\u201d are, although ten years ago they were plaguing \u00a0the World Wide Web on a pretty\u00a0regular basis. They are still around, but hackers today rely mostly on other tools\u00a0\u2013 Trojans, backdoors (although there\u2019s a bit of confusion with this particular term \u2013 as explained here<\/a>), exploits, etc. As long as those are the pieces of code, that\u2019s malware.<\/p>\n Antimalware, or, rather, security solutions\u00a0are actually\u00a0<\/em>both antiviruses, and much more than that<\/a>.<\/p>\n What about technologies?<\/strong><\/p>\n There\u2019s a handful of them today. The oldest is \u201csignatures\u201d \u2013 i.e. a signature-based method of malware detection. Imagine a police dog trained to sniff out drugs \u2013 she recognizes the smell of certain chemical compounds, even if the illegal substances are hidden in something quite odorous on its own (oranges, for instance).<\/p>\n Antimalware Technologies: terms explained #security<\/p>Tweet<\/a><\/blockquote>\n Malware pieces mostly have certain unique \u2013 signature \u2013 features by which they are recognized: ex ungue leonem. This method is computationally cheap and effective, but there\u2019s just one drawback: The signature must be already known. The dog must be already trained. A brand new unique malware never seen before would make the signature-based method stumble.<\/p>\n For such bad cases there are other aces<\/strong><\/p>\n Since new malware programs today come in droves (325,000 new samples are detected per day), there are such wise things as \u201cHeuristic analysis\u201d, \u201cBehavioural analysis\u201d and \u201cAllowlists\u201d as the ultimate measure.<\/p>\n Check out our latest <\/em>\u201cHow-To\u201d Guide<\/em><\/a> to keep your business secure from cyberthreats.<\/em><\/p>\n Heuristic analysis<\/strong> identifies known malicious instructions rather than a specific code \u2013 a specific code of malware. Code may be different, but the nefarious deeds it performs are pretty much the same. So it\u2019s similar to\u00a0the signature method, but more advanced. This method allows detection of yet-unknown baddies.<\/p>\n Behavioral analysis<\/strong> monitors behavior of every piece of code and the way it interacts with the computer, tracking its activities across different sessions, as well looking at how it interacts with other processes on the computer. In the manner of \u201cI am the eye in the sky, looking at you\u201d.<\/p>\n Finally, there\u2019s an ultimate way to block malware from getting in: Allowlists<\/strong>. It\u2019s not about marking the bad software and preventing it from launching. It\u2019s about branding all of the known legit software, and checking anything new against the known list of malware, and then putting everything that doesn\u2019t budge into either category, into the \u201cgrey area\u201d, which is then scrutinized using the aforementioned methods.<\/p>\n