Next generation antivirus: the future or marketing hype?

If you have even a passing interest in malware or technology in general, you might have heard the term “next generation antivirus” (or “nextgen AV” or “NGAV”) being thrown around.

Understandably, there’s quite a bit of confusion about what nextgen AV actually is and how it differs from traditional antivirus software.

In today’s post, we’re going to weigh in with our opinion on the nextgen antivirus debate and give you some insight to help you make a more informed decision about your antivirus software.

What’s the difference between traditional AV and NGAV?

Interestingly, there’s no single definition for nextgen AV. To some, the term is used to describe endpoint security products that use innovative technologies to provide better protection against a wider range of threats. To others, it’s little more than promotional mumbo-jumbo, buzzwords marketers have dreamed up to sell what is otherwise just plain, old, unsexy antivirus software.

Here’s our take on the matter:

Traditional antivirus

For the sake of this article, we’ll define traditional AV as antivirus software that uses signature checking and heuristic analysis.

What exactly does that mean? Well, in the early days, antivirus software relied heavily on signature checkers that could detect malware by cross-referencing files with a database of known threats. It was a simple system, but adequate to deal with the rudimentary malware that were floating around.

However, as malware grew more advanced and the volume of new malware being released to the world skyrocketed, signature checkers steadily became less effective. In response, many antivirus vendors started using heuristics and behavioral-based protection to detect suspicious characteristics and stop new threats – even those that had never been seen before.

For a while, these two systems combined allowed many antivirus vendors to provide reasonably good malware protection. However, the world of malware is rarely static. In a bid to keep pace with rapidly evolving malware, antivirus companies have introduced various new and innovative technologies that are designed to provide a more holistic solution. This has ushered in the era of nextgen AV.

Nextgen antivirus

What exactly is nextgen AV? Much like traditional AV, there’s no clear-cut definition, but it’s generally accepted that nextgen AV takes a more proactive and system-centric approach to malware, with the aim of providing superior protection against a wider range of threats.

In addition to malware signatures and heuristic analysis, many nextgen AVs use technology such as:

• Machine learning: AV companies can harness the power of AI and machine learning to improve protection capabilities in many different ways.
• Cloud scanning: NGAV takes a more holistic approach to security by using the cloud to identify threats. NGAV checks the system for irregularities, the presence of new apps and any unusual actions. It then verifies those things in the cloud using a massive database of programs and related behaviors.
• Automated remediation: The ability to identify and resolve issues without user input.
• Forensics: Collects and presents a large set of data that can be used to identify what happened before and after an event (e.g. a malware infection) took place.
• Usability: Nextgen AV is designed to provide a better user experience than traditional antivirus.

Looking at these differences, it certainly appears that nextgen AV has a leg-up on traditional AV. Unfortunately, there’s just one problem…

Traditional AV has caught up to nextgen AV

A few years ago, there might have been a functional difference between traditional and nextgen antivirus, but over time the gap has shrunk considerably and continues to get smaller. Today, just about all “traditional” antivirus products incorporate many – if not all – of the same technologies used by nextgen antivirus.

Essentially this means there is no difference between traditional antivirus products made by reputable companies and nextgen antivirus. Even Gartner agrees. Antivirus companies that market their products as nextgen AV are trying to emphasize a point of difference that simply doesn’t exist.

Is Emsisoft Anti-Malware a next generation antivirus product?

We pride ourselves on being transparent and honest, and try to avoid marketing buzzwords that can potentially mislead or confuse. We’ve considered positioning our products as nextgen AV and decided – for the time being, at least – to avoid it.

But what if you really, really wanted to classify Emsisoft Anti-Malware?

Well, our software uses advanced behavioral analytics to identify suspicious behavior and stop unknown malware before it can perform any changes to your system. We use advanced machine learning to continually improve our engine’s detection capabilities. Our removal engine is capable of removing any malicious file on your system, including any references that may point towards it (registry autoruns for example). And the Emsisoft Management Console provides simple, cloud-based control over your protection software, regardless of where you’re physically located.

With these factors in mind, sure, you could consider Emsisoft Anti-Malware to be nextgen AV. It wouldn’t mean anything in particular, and it wouldn’t – and shouldn’t – separate us from our competition. But yes, you could say that Emsisoft Anti-Malware is nextgen AV.

At the end of the day, the difference between traditional and nextgen AV is negligible. What we’re more interested in is continuing to provide the best malware protection we possibly can, regardless of whether we’re considered traditional, nextgen or any other adjective you can think of.

Have a great (malware-free) day!