What's the difference between a virus and malware?


When most people hear virus and malware, they think that they're the same thing. However, there is a difference that most computer security professionals agree on.

A virus is an executable payload that is designed to damage your computer. It may have other side effects, like damaging other computers on the network, but its primary goal is to damage your computer. With modern antivirus tools, most viruses are stopped before they are even executed, and some antivirus tools will even hide the virus from you to prevent you from executing it. Antivirus software works by comparing the executable to a known list of bad software. These lists are known as definitions, but sometimes, definitions are old or aren't updated by the time a new piece of malware is released.

Comparatively, malware is designed to damage your computer but doesn't stop at your computer's operating system. Malware can take many different forms, but the difference is that malware isn't necessarily a single executable payload. It may be a series of payloads that also exploit a known vulnerability in your system. When vulnerabilities are discovered, it takes time for the software manufacturer to fix those holes, so these malware packages are often referred to as "zero-day exploits." Anti-malware software typically does not look at a list of bad software. Instead, it looks at a list of bad behaviors and compares individual processes to those patterns. If it recognizes patterns known to cause damage, it will stop the process that's executing those patterns. For example, if your anti-malware software notices a lot of files being encrypted, this is a symptom of ransomware, and it will stop the process that's doing that encryption work.

Most security software suites come with both antivirus and anti-malware components, and it's important to let both of these components do their work to keep you, your computer, and your data safe.