Getting a malware (malicious software) infection of any sort, be it virus, adware, spyware, trojan, worm, whatever, can be a real headache. Removing any sort of infection can be a real nightmare. That’s why many people rely on commercial antivirus software to remove the offending programs.
Most workplaces also use corporate versions of virus removal and infection-prevention software to keep their networks clean. These versions are costly, but deemed necessary to protect the network.
With all the money spent on keeping computers and networks protected, things must be safe, right?
Antivirus Software Can’t Protect Against Everything
A lot of people get lulled into using antivirus software or antispyware software, thinking that it will keep them safe from harm at every turn. They think that it will protect them from themselves – do whatever they want and, if it’s bad, the antivirus software will stop it.
If only it were this simple! If it were, no one would ever need to worry about getting infected as long as they kept antivirus software and kept it current. I’m sure most anyone would be willing to take those steps if it would ensure constant safety and protection from malicious software.
Sadly, that is not the case at all. To understand why antivirus software is not a catch-all for any bad stuff trying to make its way into a computer, we must first take a look at how antivirus software determines what is infected.
Antivirus Software Works Based On What It Knows
New viruses, spyware, rootkits, and other forms of malware come out all the time. Sometimes they’re discovered quickly, other times not so much. Some forms of malware are set up like a ticking time-bomb, they lay dormant until the user performs a certain action. Other malware only serves as a minor nuisance and may not even be noticed right away. Different types are contracted in different ways, and each type has its own unique actions. Some types will even morph or mutate to avoid being caught and removed.
If an antivirus program could have every single virus signature (the code of the virus) in its database, we could expect it to work almost flawlessly. Unfortunately, none of them have databases that exhaustive. Even if the software was updated hourly, the company producing it simply doesn’t have access to every single virus signature.
Antivirus software compares its virus signatures against the code found in files on your computer. If it finds a file or files matching that code, it proclaims them infected. However, since it won’t have a comparison for everything, it also uses something called heuristics. Heuristics lets the software seek out code that resembles virus code. In some cases, it helps to proactively catch infected files. In others, it returns false positives (files it claims to be infected that aren’t). Heuristics is only an estimate to begin with, so it’s also very possible to completely miss infected files as well.
The software isn’t really to blame for this – it is doing its best with what it has. Heuristics can help antivirus software programs stay on top of the game. Some antivirus programs may not have it. Without it, they are literally limited to only what they already have to compare against.
With this in mind, it’s easy to understand how it’s impossible for any one antivirus program to be a 100% capable solution. If this was its only flaw, it might still have some sort of chance. Unfortunately, this isn’t the only hindrance to an antivirus programs capabilities.
Some Malware Can Disable Your Antivirus Software
Even with the best antivirus software, updated constantly and using heuristics, something could still slip past. That something could potentially disable any installed antivirus software.
Antivirus software often has defenses against this, but if a virus is written well enough, it could still work. Some of the free antivirus software may be more vulnerable to being shut down as well.
Another common feature of many different viruses and other malware is a browser hijacker. When a web browser is hijacked, the virus or other malicious program is in control (full or partial). What this means for the person trying to use the browser is they will only be able to go to limited websites of their choosing.
Some browser hijackers will only redirect when trying to visit a website commonly used for removing viruses. This could include antivirus software manufacturer websites, technology forums, etc. Other hijackers will redirect everything. In this instance, a person trying to visit any website with the hijacked browser will be taken to a different website, often an ad site.
Scam Software Often Poses As Antivirus/Antispyware Software
Yet another thing to be careful of with antivirus and antispyware software are the phonies. There are lots of programs that claim to be antivirus software or antispyware software that, in actuality, are a virus or spyware.
One of the most common features of fake antivirus software is the browser hijacker. These scam programs typically redirect back to a website where they can be purchased, and will almost definitely redirect to their own website when any genuine antivirus website is visited.
Fake antivirus software often ends up on a person’s computer without any knowledge of how it got there. In other words, it usually wasn’t downloaded intentionally. That’s an easy clue that it’s not a legitimate program.
However, some are sneaky. Some of these programs have websites set up to appear like legitimate solutions for certain viruses or other malware infections. The website may discuss how difficult virus removal is and, in the end, suggest their own particular software. Sure, most people or websites will recommend certain software over others. But watch out if a website has ads for a particular antivirus or antispyware program AND recommends it as being the easiest/best/only virus removal solution. You can probably count on it being bad.
Fake antivirus programs also like to bombard a computer with warnings and pop-up security messages. They typically won’t pop up browser windows, but they’ll overwhelm a computer with Windows messages about how infected the computer is. They often force scans – not every so many days, but every so many minutes or hours.
Once the scan is done, a large list of files will be displayed. Normal files are usually displayed in the scan as infected files. This is to create a sense of urgency, make it appear as though the computer was horribly infected even if it had no previous viruses or other malware at all. If removal is attempted, the software will demand payment.
It’s always safest to use a well-known, trusted antivirus or antispyware program. Many free ones exist, or there are the popular pay versions that are safe to install.
Antivirus Software Can Interfere With Other Programs
Antivirus software often interferes with other programs, based on the aggressive way that antivirus software functions (to protect a computer as well as itself). Multiple antivirus and antispyware programs can be used, but often not simultaneously without them interfering with each other.
Most programs can run just fine alongside antivirus or antispyware software. However, sometimes a completely unrelated program will have difficulty running and the solution is to disable the antivirus program. Some software installs also require first disabling any antivirus software.
You Get What You Pay For
Commercial versions of antivirus software often also offer free versions. AVG, for example, is one of the most popular free antivirus programs. There is an AVG Free, and an AVG Premium. Avira is another popular one, offering AntiVir Free and AntiVir Premium.
The pay versions are usually sold in annual subscriptions. A subscription lapse may lead to all worthwhile features being disabled. Some brands may instead lose certain features. Two of the most common features not included in free versions, or disabled when a subscription lapses, are real-time protection and auto-updating.
Real-time protection scans files as they’re downloaded or when they’re used to make sure that they are safe. Without real-time protection, files have to be manually scanned after download. That’s great if it’s done, but it’s easy to forget or not even think about it in the first place.
Auto-updating makes sure that the software has the most current set of virus definitions available. If auto-updating is disabled the software must be manually updated – frequently – or it won’t be very worthwhile.
Why Bother With Antivirus Software to Begin With?
With all of these negative points to antivirus software, should it be avoided? What’s even the purpose of having it if it isn’t 100% reliable?
It all depends on who is using the computer, and for what.
Antivirus software can be beneficial in preventing or cleaning up some malware infections. It should be thought of as sort of a “first line of defense”, instead of a be-all-end-all solution. Someone who is just learning computers or is a relative beginner could use antivirus software as basic protection, to avoid a costly tech support call.
There is also the possibility that the software will work exactly as it should, and remove a worse infection. When calling tech support, a minor virus removal or spyware removal call could be charged the same as a more complex one – best to avoid it altogether if possible.
Ultimately antivirus/antispyware software has its place. For some people it is very useful. For others, it’s almost not necessary. If a computer is being used by anyone that may visit questionable websites, it’d be recommended to have antivirus software as a first line of defense.
If you feel more comfortable using antivirus software, that’s fine. If you are a techie beginner, I definitely recommend it. But no matter what your knowledge level, antivirus software does not make your computer virus-proof. If you are careful with your computer, it may never become an issue.