Helping people with computers... one answer at a time.

Malware terminology has become more confusing over time. Definitions for anti-virus, anti-spyware and internet security are unclear and inconsistent.

What is difference between antivirus and internet security? How to compare two products for their dependability when both offer same services?

I'll start by saying that it's a confusing mess.

I'll also start by lumping them all together as "security software", and then point out that the confusion is really in some security software vendor's best interest.

Why? In the name of fear, people purchase more security software than they need.

So let's compare the various terms.

First the basic, "big three":

Anti-virus programs scan for viruses and related malware by examining the files on your system for patterns of data that have been identified as being viruses. On some regular basis the database of patterns the programs use is updated to contain the latest information on known viruses.

"In short, you should have one each of all three."

Anti-spyware programs monitor your system as you use it for behaviours that are known to be spyware-related. For example, an anti-spyware program might trap attempts to change your browser home page, or attempts to install software that starts automatically.

Firewalls prevent malware from reaching your machine through your network. They don't prevent things you control, like downloads or email, but rather stop attempts to connect to or infiltrate your machine without your knowledge or participation.

In short, you should have one each of all three.

It's seems simple, but sadly it's not.

"Internet security suites" are, in essence, bundles of two or more of the basics above, and typically also include additional security software or shortcuts as well. For example, one extremely popular internet security suite contains all three: anti-virus, anti-spyware and a firewall, as well as calling out "phishing" protection, keylogger protection, website reputation information, email and download monitoring, spam filtering, parental controls and even throws in some PC performance tools to boot.

Everything but the kitchen sink, it seems.

Once again, on the surface it seems like a good idea. Who wouldn't want all that?

Based on my experience here at Ask Leo! I've become fairly biased against internet security suites or bundles. I see several problems:

  • I get more problem reports about security suites than I do with the individual programs that they replace.

  • From what I can tell, most suites are based on one very good program - say an anti-virus tool - and then add additional tools and features, typically of lower quality, simply so that they can claim a longer checkbox list of features.

  • Much of what these suites call out as separate features are, in fact, fundamental to one of the big three tools anyway. Saying you have "keylogger" protection and spyware protection, for example, is redundant.

  • Much of what these suites include is also unnecessary, or not something I'd go to them for. I wouldn't use my internet security suite to try and tune up my PC, for example.

But, that's what internet security suites are: they give you a lot of stuff in a single package; some of it good, some of it not so good, some of it, in my opinion, completely unnecessary. And with so much stuff being added to your system, it's not at all uncommon for the suites to in fact cause both functional problems and system performance issues.

Now, there's one other point of confusion that's worth addressing: the growing convergence of spyware and viruses and the technologies that scan for them.

You've probably seen an increase in the use of the term "malware". That's a generic term meaning "bad" "software", and is used to encompass viruses, spyware and in fact anything else that might come along.

The problem is that the line between viruses and spyware isn't nearly as clear as I've painted above. And as a result, the scanning and prevention technologies are also overlapping more and more. In fact, some tools are now starting to label themselves as simply anti-malware, since their approach and their coverage seems to straddle the definition.

Unfortunately, it leaves us in an interesting position: if you know you need both anti-virus and anti-spyware tools, is a single anti-malware tool sufficient?

Maybe.

It all depends on the specific tools involved.

My recommendation for determining which tools are right for you, and which might be better than others, is simply to do some research on the internet. I'm a huge believer in reputation as a guideline. While no tool has a perfect reputation, you'll often see both good and bad information that will allow you to compare relative merits.

But, ultimately ... well, I told you it was a confusing mess.

Article C3880 - September 27, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Tony
September 27, 2009 4:37 PM

AVG Pro works for me scan for spyware and rootkits along with vista firewall, and MBAM for on-demand scanning. I'm quite happy with this combo. of course there is windows defender under the hood not sure how good it is but unfortunately it is not uninstallable on vista. you can pick up a copy at walmart for cheap and it works good.

Bob
September 28, 2009 8:06 AM

With regard to internet security, my stance is this: - no one package, however expensive, will catch everything. My solution: Use several free packages. It is a simple matter to use a free anti-virus, free firewall, free anti-spyware, and then take advantage of one of the reputable free online scanning sites, just to check your system now and again.

Mary
September 29, 2009 12:14 AM

Whether one chooses an all-in-one suite or individual components, make sure you have real time scanning/monitoring. Doesn't make much sense to let your computer become infected and then scan after the fact to try to remove something. Once a system is infected the only guaranteed way to know all traces of the malware has been removed is to erase the hard drive and reinstall the OS. As a precaution, don't run two real time scanning AV programs at the same time. They could view each other as a threat and cause your computer to crash.

Andrew
September 29, 2009 2:30 AM

I only use trial versions of internet security suites.I change them every month or two.Security suites offer more protection than a personal firewall or antivirus.I think it's worth the money to buy one.

David Hutchins
September 29, 2009 9:48 AM

I agree that some of the suites are not that good overall, but they are getting better. There are several good products now that combine anti-virus and anti-spyware (Webroot's Antivirus/Antispyware and Sunbelt's Vipre specifically are two very good ones.) Some people prefer using free products and while many are quite good, I have found most lacking in one or more important aspects. I prefer paid products, but I do use the free ones to double check on my paid versions. Also, as pointed out, no one product finds everything, so best to use an array of products to checks things. Just don't run two anti-virus programs at once or two Firewalls at once, as you can get conflicts.

Bob
September 29, 2009 10:52 AM

anti spyware free I have used ADAWARE and found it excellent and also PC Tools Spy Doctor downloadable ffree fromm Google pack (has a lot of good free programs.
AntiVirus free Try Bitdefender also Comodo now has a free one that is supposed to be good

Craig Griffin
September 29, 2009 1:15 PM

I have to agree with you Leo, Suites are bloated, resource hungry tools that just don't cut it in my opinion. I use AVG free, a variety of free online virus scanners and at least three different spyware and malware tools of the paid variety. My router provides the main firewall and I use Windows 7's firewall.

Justin Davis
September 29, 2009 3:14 PM

Have you ever used a Live CD to scan for viruses? I've heard some guys working on a Linux live CD that you basically boot the computer into Linux, and it scans for problems... The idea being a virus written for windows won't effect linux... you heard of it?


Justin Davis

It's a valid technique, particularly when the Windows machine won't boot or behave when booted. I dislike it because anything burned to CD-ROM is immediately out of date, and not all of the tools automatically update themselves, nor are they as complete as some of the Windows based alternatives. But it's definitely a good tool to have in your toolbox.
Leo
30-Sep-2009
Justin Davis
September 29, 2009 3:15 PM

damn my link looks huge. sorry about that I can blog at work, but they make me put a disclaimer on everything

Michael
September 29, 2009 7:22 PM

I have several different "security" apps on my computer. Only is running "real-time" and, that is ZoneAlarm Security Suite (ZASS). The other apps, while installed, are not set-up to run in real-time. I use these other apps to perform scans of my computer (manually - if no scheduler is available) to look for "stuff" that the primary app (ZASS) may have missed. Each app is run on a weekly basis. This may be "over-kill" but, for me, that's what I want. Safe computing yaw-ll!!!

Michael Horowitz
September 29, 2009 7:37 PM

The Live CD to scan for viruses may be a reference to the Ultimate Boot CD for Windows. It boots to Windows however, not to Linux. This makes sense as antimalware software runs on Windows. See ubcd4win.com and this

http://www.esecurityplanet.com/features/article.php/3821001/The-Best-Way-to-Remove-Viruses-Spyware-and-other-Malware-Part-1.htm

Ravi Agrawal
September 29, 2009 10:57 PM

The issue with malware is really very very sore. The best would be get behind a NAT router as always pointed out by Leo and follow safe browsing practices. This should keep most of the malware out of one's business.

For the techies, it would be to use any flavor of Linux and for those diehard techies who know everything, it would be better to run the Internet on a Virtual Machine.

But I personally am very much inclined not to use such security suites type of stuff. I follow the above guidelines and have rarely been infected. Most of the infections I receieved were from USB pendrives. After that I completely turned off AutoPlay and haven't faced a single problem since then.

Ravi.

Duane
October 3, 2009 3:33 AM

I've used free tools for years now, and I recommend them to everyone I speak to. I use Avira anti-virus, and Malawarebytes’ anti mal-ware. The latter has literally brought two computers back from the dead. I found 50 or so malware infections on a friend’s computer that refused to boot, but my daughter’s computer set the record with 610 malware infections. In both cases, Malawarebytes’ had the machines back to operational within an hour.

Babs
July 18, 2011 1:10 PM

Thanks Leo, for an answer to this question!! Clear, concise and simply put. I get it now. If only the software publishers would be as forthright about their products!!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.