You may wonder, “I have antivirus installed so I’m good, right?”
That’s a good thing but not good enough to protect against the more sophisticated types of threats we see today. Keep in mind that viruses are also a type of malware among several common types that anti-malware detects better than more traditional antivirus. Some of these include:
- Malicious crypto mining (also called crypto jacking)
- and more!
“What are heuristics?”
You’ll likely hear more about this fancy word in the coming months and years. It’s important to understand what this means because it separates the old from the new in more ways than one. In short, next-generation protection from malware uses some shortcuts that make them both faster and more accurate for detecting threats like malware. These shortcuts are called heuristics.
There’s a tremendous amount of information coming into and out of our devices. Much like our brains, we need to speed up decision-making processes wherever possible. Our brain relies on some mental strategies, heuristics, to simplify things so we can spend less time analyzing details before we make our decision.
We make thousands of choices each da. What should we wear? What should we eat? What should we drink? What music should we listen to? Should we take the train, the bus, ride our bike, or drive into town today? Heuristics allows us to make decisions easily with as little effort as possible. For example, when trying to decide how to get into town, we might remember that we have several places we need to go today, not necessarily in close proximity. We quickly realize that transit won’t work well, so we decide to take the car, thinking this through in an instant without doing a detailed analysis.
“Why doesn’t antivirus work so well anymore?”
Antivirus programs don’t use heuristics, or shortcuts to quickly stop threats, much in the same way our brains use them to make choices fast. Instead, antivirus does things quite differently: typically by comparing potentially nasty attachments to known signatures, essentially a very looong list of known threats.
The days of this approach being effective are over. Malware has advanced way past that.
Antivirus companies haven’t yet accepted this. They wall need to rethink how they’re going to evolve because signatures and hashes don’t work well against polymorphic code (code that changes with great frequency) that is unique to each attack.
Meanwhile, the days of comparing an potentially harmful executable file to a know list of hashes isn’t good enough to protect us.
“How does anti-malware work?”
Artificial intelligence (AI) and machine learning (ML) are the latest technologies helping us in the battle against malware to analyze threats and take action to protect our devices before we become the next victim.
These next-generation tools use heuristics and behavioral API calls, which is a technical way of saying they use better, more up-to-date methods for detecting nasty stuff.