What is antimalware (anti-malware)?
Antimalware is a type of software program created to protect information technology (IT) systems and individual computers from malicious software, or malware. Antimalware programs scan a computer system to prevent, detect and remove malware.
What is malware?
Malware is short for malicious software, which is software specifically designed to damage data or a computer system. It's a broad term for software used to disrupt computer operation, gather sensitive information or gain access to private computer systems. Malware typically comes in the form of malicious code hidden in computer systems and is often installed without the knowledge or consent of the computer's owner. Malware spreads by email, operating systems (OSes), removable media or the internet. Common examples of malware include viruses, spyware, worms, rootkits and Trojan horses.
The three most common types of malware mentioned above are viruses, worms and Trojan horses. A virus is a piece of software that duplicates itself and spreads from one computer to another. A worm is similar to a virus, except that it doesn't need to infect other programs on a computer to spread. A worm can spread on its own. A Trojan horse appears to be something benign, such as a game or a screen saver, but it actually contains code that causes damage to the computer or enables the author to access the user's data.
How antimalware works
Antimalware software uses three strategies to protect systems from malicious software: signature-based detection, behavior-based detection and sandboxing.
1. Signature-based malware detection
Signature-based malware detection uses a set of known software components and their digital signatures to identify new malicious software. Software vendors develop signatures to detect specific malicious software. The signatures are used to identify previously identified malicious software of the same type and to flag the new software as malware. This approach is useful for common types of malware, such as keyloggers and adware, which share many of the same characteristics.
2. Behavior-based malware detection
Behavior-based malware detection helps computer security professionals more quickly identify, block and eradicate malware by using an active approach to malware analysis. Behavior-based malware detection works by identifying malicious software by examining how it behaves rather than what it looks like. Behavior-based malware detection is designed to replace signature-based malware detection. It is sometimes powered by machine learning algorithms.
Sandboxing is a security feature that can be used in antimalware to isolate potentially malicious files from the rest of the system. Sandboxing is often used as a method to filter out potentially malicious files and remove them before they have had a chance to do damage.
For example, when opening a file from an unknown email attachment, the sandbox will run the file in a virtual environment and only grant it access to a limited set of resources, such as a temporary folder, the internet and a virtual keyboard. If the file tries to access other programs or settings, it will be blocked, and the sandbox has the ability to terminate it.
Uses of antimalware
The value of antimalware applications is recognized beyond simply scanning files for viruses. Antimalware can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. Antimalware programs can also detect advanced forms of malware and offer protection against ransomware attacks.
Antimalware programs can help in the following ways:
- prevent users of from visiting websites known for containing malware;
- prevent malware from spreading to other computers in a computer system;
- provide insight into the number of infections and the time required for their removal; and
- provide insight into how the malware compromised the device or network.
Antimalware is helpful to keep a computer malware-free, and running an anti-malware program regularly can help keep a personal computer (PC) running smoothly and safely. The best type of antimalware software catches the most threats and requires the fewest updates, meaning it can run in the background without slowing the computer down. There are many free antimalware programs that can protect a computer from becoming infected with malware.
Differences between antimalware and antivirus
While the terms malware and virus are often used interchangeably, historically, they did not always refer to the same thing. A virus is a type of malware, but not all forms of malware are viruses. Viruses are the most common type of malware; they are a type of malicious code used to gain access to a computer or data network in order to cause damage. Viruses were regarded as older, more well-known threats, such as Trojan horses, viruses, keyloggers and worms. A virus is a program that can replicate itself, whereas malware is a program that attempts to accomplish a given goal but is not self-replicating. Malware became a term used to describe newer, increasingly dangerous threats spread by malicious advertising (malvertising) and zero-day exploits.
Similarly, the terms antivirus and antimalware are often used interchangeably, but the terms initially referred to different types of security software. Although both were designed to combat viruses, they originated to serve different functions and target different threats. Today, both antimalware and antivirus software perform the same or similar functions.
What is an antimalware service executable (AMSE)?
AMSE is a background-running service used to provide protection from malware and spyware for computers with Microsoft Defender Antivirus. Also known as Windows Defender, the software serves as a default level of protection for computers running Microsoft OSes. The AMSE checks every program that runs on a computer and sends a report to the administrator identifying any programs that may contain malware.
AMSE files are the files used to carry out the tasks of an antimalware service. There are two different types of AMSE files: those that act as hosts, which are used to allow malware to run on the computer so that it can be analyzed, and those that are used to stop malware from infecting the computer. The AMSE process is normally initiated by the antimalware program when the computer boots up. It is a standalone executable program that stays resident in memory.
For more on advances to Windows Defender and how they protect against malware, read "How a Windows antimalware tool helps endpoint security."