Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What's the difference between anti-virus, anti-spyware and internet security software?

Question:

What is difference between antivirus and internet security? How to compare two products for their dependability when both offer
same services?

I'll start by saying that it's a confusing mess.

I'll also start by lumping them all together as "security software", and then point out that the confusion is really in some
security software vendor's best interest.

Why? In the name of fear, people purchase more security software than they need.

So let's compare the various terms.

]]>

First the basic, "big three":

Anti-virus programs scan for viruses and related malware by examining the files on your system for patterns of data that have been identified as being viruses. On some regular basis the database of patterns the programs use is updated to contain the latest information on known viruses.

"In short, you should have one each of all three."

Anti-spyware programs monitor your system as you use it for behaviours that are known to be spyware-related. For example, an anti-spyware program might trap attempts to change your browser home page, or attempts to install software that starts automatically.

Firewalls prevent malware from reaching your machine through your network. They don't prevent things you control, like downloads or email, but rather stop attempts to connect to or infiltrate your machine without your knowledge or participation.

In short, you should have one each of all three.

It's seems simple, but sadly it's not.

"Internet security suites" are, in essence, bundles of two or more of the basics above, and typically also include additional security software or shortcuts as well. For example, one extremely popular internet security suite contains all three: anti-virus, anti-spyware and a firewall, as well as calling out "phishing" protection, keylogger protection, website reputation information, email and download monitoring, spam filtering, parental controls and even throws in some PC performance tools to boot.

Everything but the kitchen sink, it seems.

Once again, on the surface it seems like a good idea. Who wouldn't want all that?

Based on my experience here at Ask Leo! I've become fairly biased against internet security suites or bundles. I see several problems:

  • I get more problem reports about security suites than I do with the individual programs that they replace.

  • From what I can tell, most suites are based on one very good program - say an anti-virus tool - and then add additional tools and features, typically of lower quality, simply so that they can claim a longer checkbox list of features.

  • Much of what these suites call out as separate features are, in fact, fundamental to one of the big three tools anyway. Saying you have "keylogger" protection and spyware protection, for example, is redundant.

  • Much of what these suites include is also unnecessary, or not something I'd go to them for. I wouldn't use my internet security suite to try and tune up my PC, for example.

But, that's what internet security suites are: they give you a lot of stuff in a single package; some of it good, some of it not so good, some of it, in my opinion, completely unnecessary. And with so much stuff being added to your system, it's not at all uncommon for the suites to in fact cause both functional problems and system performance issues.

Now, there's one other point of confusion that's worth addressing: the growing convergence of spyware and viruses and the technologies that scan for them.

You've probably seen an increase in the use of the term "malware". That's a generic term meaning "bad" "software", and is used to encompass viruses, spyware and in fact anything else that might come along.

The problem is that the line between viruses and spyware isn't nearly as clear as I've painted above. And as a result, the scanning and prevention technologies are also overlapping more and more. In fact, some tools are now starting to label themselves as simply anti-malware, since their approach and their coverage seems to straddle the definition.

Unfortunately, it leaves us in an interesting position: if you know you need both anti-virus and anti-spyware tools, is a single anti-malware tool sufficient?

Maybe.

It all depends on the specific tools involved.

My recommendation for determining which tools are right for you, and which might be better than others, is simply to do some research on the internet. I'm a huge believer in reputation as a guideline. While no tool has a perfect reputation, you'll often see both good and bad information that will allow you to compare relative merits.

But, ultimately ... well, I told you it was a confusing mess.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

13 comments on “What's the difference between anti-virus, anti-spyware and internet security software?”

  1. AVG Pro works for me scan for spyware and rootkits along with vista firewall, and MBAM for on-demand scanning. I’m quite happy with this combo. of course there is windows defender under the hood not sure how good it is but unfortunately it is not uninstallable on vista. you can pick up a copy at walmart for cheap and it works good.

    Reply
  2. With regard to internet security, my stance is this: – no one package, however expensive, will catch everything. My solution: Use several free packages. It is a simple matter to use a free anti-virus, free firewall, free anti-spyware, and then take advantage of one of the reputable free online scanning sites, just to check your system now and again.

    Reply
  3. Whether one chooses an all-in-one suite or individual components, make sure you have real time scanning/monitoring. Doesn’t make much sense to let your computer become infected and then scan after the fact to try to remove something. Once a system is infected the only guaranteed way to know all traces of the malware has been removed is to erase the hard drive and reinstall the OS. As a precaution, don’t run two real time scanning AV programs at the same time. They could view each other as a threat and cause your computer to crash.

    Reply
  4. I only use trial versions of internet security suites.I change them every month or two.Security suites offer more protection than a personal firewall or antivirus.I think it’s worth the money to buy one.

    Reply
  5. I agree that some of the suites are not that good overall, but they are getting better. There are several good products now that combine anti-virus and anti-spyware (Webroot’s Antivirus/Antispyware and Sunbelt’s Vipre specifically are two very good ones.) Some people prefer using free products and while many are quite good, I have found most lacking in one or more important aspects. I prefer paid products, but I do use the free ones to double check on my paid versions. Also, as pointed out, no one product finds everything, so best to use an array of products to checks things. Just don’t run two anti-virus programs at once or two Firewalls at once, as you can get conflicts.

    Reply
  6. anti spyware free I have used ADAWARE and found it excellent and also PC Tools Spy Doctor downloadable ffree fromm Google pack (has a lot of good free programs.
    AntiVirus free Try Bitdefender also Comodo now has a free one that is supposed to be good

    Reply
  7. I have to agree with you Leo, Suites are bloated, resource hungry tools that just don’t cut it in my opinion. I use AVG free, a variety of free online virus scanners and at least three different spyware and malware tools of the paid variety. My router provides the main firewall and I use Windows 7’s firewall.

    Reply
  8. Have you ever used a Live CD to scan for viruses? I’ve heard some guys working on a Linux live CD that you basically boot the computer into Linux, and it scans for problems… The idea being a virus written for windows won’t effect linux… you heard of it?

    Justin Davis

    It’s a valid technique, particularly when the Windows machine won’t boot or behave when booted. I dislike it because anything burned to CD-ROM is immediately out of date, and not all of the tools automatically update themselves, nor are they as complete as some of the Windows based alternatives. But it’s definitely a good tool to have in your toolbox.

    Leo
    30-Sep-2009
    Reply
  9. I have several different “security” apps on my computer. Only is running “real-time” and, that is ZoneAlarm Security Suite (ZASS). The other apps, while installed, are not set-up to run in real-time. I use these other apps to perform scans of my computer (manually – if no scheduler is available) to look for “stuff” that the primary app (ZASS) may have missed. Each app is run on a weekly basis. This may be “over-kill” but, for me, that’s what I want. Safe computing yaw-ll!!!

    Reply
  10. The issue with malware is really very very sore. The best would be get behind a NAT router as always pointed out by Leo and follow safe browsing practices. This should keep most of the malware out of one’s business.

    For the techies, it would be to use any flavor of Linux and for those diehard techies who know everything, it would be better to run the Internet on a Virtual Machine.

    But I personally am very much inclined not to use such security suites type of stuff. I follow the above guidelines and have rarely been infected. Most of the infections I receieved were from USB pendrives. After that I completely turned off AutoPlay and haven’t faced a single problem since then.

    Ravi.

    Reply
  11. Thanks Leo, for an answer to this question!! Clear, concise and simply put. I get it now. If only the software publishers would be as forthright about their products!!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.