[Guide] Anti-Viruses VS Anti-Malwares : The differences Hey guys, Yoan here AKA Aura with another little informative thread ! Today, I'll put an end to what I consider being the most annoying thing in the White Hat Help and Computer Protection and Security Alerts section. The debate between Anti-Viruses and Anti-Malwares. More commonly, this is triggered by the following thinking: PEOPLE WHO THINK THAT MALWAREBYTES IS AN ANTI-VIRUS : YOU'RE WRONG ! Stop. No. Niet. Nada. Malwarebytes IS NOT an Anti-Virus. It's an Anti-Malware ! "Uh, isn't it the same thing you ? It does the same job no ?", you'll ask me. No it doesn't do the same job, at all. To understand that, you'll have to understand what an Anti-Virus is and what an Anti-Malware is, how they work and what are their features. What is an Anti-Virus and how does it works ? Anti-Viruses are softwares that are designed to identify and delete any viruses that could be seen as a threat to a system. But there's more, Anti-Viruses are here to PREVENT those threats. That means, they are used in order to IDENTIFY that threat in REAL-TIME in order to block it and eliminate it BEFORE it does any harm. That's the core feature of an Anti-Virus, which is called "real-time protection". Real-time protections means that the Anti-Virus is always on the look-out for eventual threats that could affect the system. That's why Anti-Viruses are the main protection barrier on a system (after the user, of course). Without real-time protection, your computer would most likely get infected everytime you go on a suspicious website, everytime you download an infected torrent, everytime you open a suspicious attachment file in an email, etc. Compare it to a walk outside in the winter during a snowstorm, naked. What do you have to stop all these cold snowflakes to hit your sensible body ? Nothing. Now, imagine your suit, your coat, your gloves, etc. as your Anti-Virus who protect you in real-time. Every snowflakes hits your clothes and melt instantly. That's what you could see as the real-time protection. Also, Anti-Viruses offers more then one feature. They offer many security and protection features that can be enabled and disabled whenever you want. They don't just offer a real-time protection. They also offer on-demand scanning, firewalls, secured web-browsers, etc. In other words, you just don't use an Anti-Virus, you use a "full protection package" that offers many protections and security features for your OS. And these features, like the Anti-Virus, are not just .exe that you execute on the go when you need them, no. The Anti-Virus is installed on your system and install itself in locations that will make it hard for a virus to remove it. It takes it's grip to your system, it covers it fully and it places itself in the first line of defence in order to protect it. Also, most of the features Anti-Viruses offers are independants from each other. If a feature of your Anti-Virus fails, the whole Anti-Virus will not stop working, only that feature, and you can repair it to make it back up and running. Also, most Anti-Viruses offer protection for their own features. Avast! for exemple, will send you a warning if one of it's feature receives the order to be turned off or to stop working, and it will ask you if you're aware of the situation or not. Features Real-time protection; Full installation on the system to integrate it; "Full protection package" (security suite), which means, the Anti-Virus offers many other features then real-time protection; Constantly updated; Most Anti-Viruses are now connected to a database in the cloud with informations about all new viruses and malwares in order to keep the Anti-Virus up-to-date; Supported for all OS versions (in Windows at least); Anti-Viruses Here's a list of the most popular / common Anti-Viruses. I suggest you click on their name to visit their official webpage and read more about each of them, and you'll understand what I mean what I talk about "real-time protection", "full security protection package", "multiple features" and so on. Kaspersky ESET Nod32 Bitdefender Avast! AVG Avira Norton McAfee Panda Security You notice how all these Anti-Viruses promote "real-time protection" as their main and their best feature ? Because it's what an Anti-Virus is all about, to protect you in real-time, tracking each of your action and be ready to react as soon as a threat is identified. You'll also notice the accent that some company but on their Anti-Viruses on their multiple features and purposes too, because they all aim to create the perfect protection solution, that will be composed of everything a system needs to be safe from everything. What is an Anti-Malware and how does it works ? An Anti-Malware is most of the time a tool or a software that is used to detect and delete one or more types of malwares. These tools and softwares are specialized in the detection and removal of precise type of malwares (hard-coded) and in methods (hard-coded) to delete them from an OS. They don't offer any other features then detecting and deleting a threat. And in order to work, the threat must be either running or must be known by the Anti-Malware, which means, in it's database (that can be "local" or acquired through a synchronisation on a first execution of the tool or software). How does it proceed ? Well here's the thing. Once you download an Anti-Malware (and install it if needed, but it's rare), it won't do anything. It will wait till you execute it and command it to SEARCH for the threats that are present on your computer in order to delete them. In order terms, an Anti-Malware is most commonly an on-demand scanner that is waiting for the order to ... scan and delete all threats it has been designed to take care of. From that, you can understand that an Anti-Malware doesn't offer any real-time protection feature, as it's actually waiting for your input in order to start working and it's job. An Anti-Malware is meant to be used to remove malwares that you know that are present on your OS, or that you assume that they are on your OS. They are not meant to be fully installed on your system and place themself in the first line of defence. No, they are meant to "penetrate" in your system, find the threat and remove the threat, that's it. Once the job is done, it stops. To sum it up, Anti-Malwares are designed to provide an additional protection to Anti-Viruses, not to take their place and their role which is the main layer of protection of an OS. Features Most of the time, only offer one feature (scan and deletion of malwares); Aimed at one particuliar type of malware or family of malware; Not updated everyday, every month, etc. (some Anti-Malwares still widely used are discontinued); No connection to an external database that keeps track of all the new threats identified; Most of the Anti-Malwares are only .exe to be used on the go, no installation needed; The PRO version of an Anti-Malware is still not a real Anti-Virus; Anti-Malwares Here's a list of the most common and popular Anti-Malwares used. Now I want you to check out the webpage of each of these Anti-Malwares and tell me if you see an Anti-Malwares that offer both : real-time protection and multiples protection features. [I'll link some of these Anti-Malwares to their BleepingComputer.com download page, as the reviews and descriptions are more detailled then the ones on the Anti-Malware official website] AdwCleaner Junkware Removal Tool TDSSKiller RogueKiller Malwarebytes (forget the PRO version that cost money, I'll talk about it later in this thread) RKill SUPERAntiSpyware SpyBot Seach&Destroy Now, many of you will think "You obviously don't know what you're talking about ! I checked some Anti-Malwares you linked and some of them provide real-time protection !". Yes, they do. Now ask yourself these two questions : Does the free version provide a "real-time protection" ? The answer will most of the time be "No". In order to "enable" an Anti-Malware "real-time protection", you'll have to pay for the full version of that software, which goes in my opinion against the main existence reason of Anti-Malwares, as these should be used for free, on-the-go, only from times to times and in certain situations only. Does the paid version of that Anti-Malware becomes an Anti-Virus ? The answer to that question is quite obvious. Even if you pay for the paid version of that Anti-Malwares, it won't transform it into a full Anti-Virus with multiple features and a "real" real-time protection feature. You can check on all of these Anti-Malwares official webpage and websites that I listed, it will always be stated that these tools should NOT be considered as an Anti-Virus, free version or paid version. Now that you asked yourself these two questions and got your answers, shall we move on to the question we are all waiting for ? Why Malwarebytes should not be considered an Anti-Virus If you read my whole thread and got to this point, first of all, Bravo. You went through all my rant without exiting the webpage. And secondly, you should then be able to answer this question by yourself. But I'll assume that you still don't understand at this point why Malwarebytes should not be considered as an Anti-Virus and so, I'll give you the main reasons. It doesn't offer real-time protection : This reason alone is enough to say that Malwarebytes isn't an Anti-Virus. We saw earlier that real-time protection is what make the difference between an Anti-Virus and an Anti-Malware, that's it's the main protection feature of an Anti-Virus. Does Malwarebytes have it ? No. "But the PRO version features real-time protection !" Refer to the second point in the list in the precedent point, thank you. It doesn't offer multiple features : Again, Malwarebytes is only a on-demand scanner that provides different scanning options and settings for these scans. It doesn't offer anything else such as a Firewall, secured Web browser, data encryption, etc. This once again makes it only a simple Anti-Malwares, with the purpose of being manually launched and executed in order to work, nothing more. Malwarebytes is a single program : Malwarebytes is only a program that is meant to scan a system, look for threat and remove them, that's it. That means that if the program fails, or it gets killed by a virus, it will stop working totally. The scanner option it provides isn't a "separate feature" from the program, IT'S the whole program. If for whatever reason, Malwarebytes doesn't work, crash on execution, or else, you can't use it. You'll have to repair, fix, troubleshoot, etc. the whole program in order to put it back up and running. And this happens often when a system is badly infected. Just this is enough to prove that Malwarebytes isn't an Anti-Virus and that it shouldn't be threated as such. Still don't believe me or disagree with what I say ? Okay. Source : https://helpdesk.malwarebytes.org/entries/20818081-Does-Malwarebytes-Anti-Malware-replace-antivirus-software- Source : https://forums.malwarebytes.org/index.php?showtopic=8068#entry38089 This last quote is worth reviewing. This person makes a point. Malwarebytes is mostly designed to "remove infections that most Anti-Viruses tend to miss or are unable to remove." Therefore, that's why we speak of Anti-Malwares as "complementary" to Anti-Viruses, because they add a SECOND layer of protection and should be used when you think your Anti-Virus failed, NOT to do your Anti-Virus main job. Yes, Anti-Viruses are not perfect and I'm sure they won't be perfect by tomorrow, but they are the best protection you can get in the front line, not Anti-Malwares. Anti-Malwares should only be used as secondary-scanners and extra layer of protection (on-demand protection) in cause where you think that your main layer of protection will have failed. And that's why, Malwarebytes isn't an Anti-Virus and can't be compared to Anti-Viruses like Kasperky, ESET Nod32, Bitdefender, Avast!, Avira, etc. That's it ! Well folks, that's all I had to say on the subject. I really hope that you'll understand now what is the difference between an Anti-Virus and an Anti-Malware, and you'll stop asking yourself why does a lot of people like me correct you and gets mad when you refer to Malwarebytes and other Anti-Malwares as "Anti-Viruses" and why you recommend them as such tools. I don't expect this tutorial to pass softly, I except a lot of people flaming me and starting a debate with me. I'm good with that, I'll be there ready to answer and listen to your point. And I also know a couple of people who will gladly join in that debate too. If you have any questions about that tutorial, you want me to detail a point more or want me to add something to this tutorial for more comprehension, always feel free to either post in the thread or send me PM and I'll reply to you. Thank you. Credits phybeя : Your security researcher input is always appreciated, as well as your constructive feedback and the time you take to actually read the whole thread and discuss with me on how to make it better. You're truly one of the best on this forum.