Anti-malware is the umbrella term for software and policies designed to protect systems from malware (malicious software like computer viruses). Anti-malware tools can prevent new malware from being installed on the system (for example, by scanning files while they’re being downloaded) or detect, quarantine, and remove existing malware.
- Signature-based: The suspected file’s digital signature (based on the file’s contents and calculated using a cryptographic hash function) is compared against a database of known malware signatures. A match immediately flags the file as malicious.
- Behavior-based (heuristic evaluation): The anti-malware flags suspicious behavior by files and apps, such as creating new secret documents in hidden folders. If the suspect’s behavior matches the profile of malware, it is deemed malicious and quarantined.
- Recursive unpacking: The suspected file is decompressed multiple times, scanning each layer revealed for hidden malware.
- Sandboxing: The anti-malware observes the suspected file’s behavior on a virtual machine, isolated from the main system. If the file’s behavior matches the profile of malware, it is not allowed to run on the user’s device.
Real anti-malware examples
- Antivirus software is generally designed to combat one specific type of malware — viruses. Some antiviruses also offer tools to block or remove other malware types, such as adware or spyware.
- NordVPN’s Threat Protection protects your device by scanning files for malware as they’re being downloaded, stopping malicious programs from taking root