Helping people with computers... one answer at a time.
It seems like even the most up-to-date anti-virus software package isn't always enough. It's frustrating because you'd think that it would be.
I have AVG virus protection always on and Windows XP firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up to date.
That's a very good question, particularly as so many people believe that with only an anti-virus program, they're totally protected.
Unfortunately, that's simply not true.
The answer is partly the nature of anti-virus software...
... and partly the nature of "the race."
The race - and bad luck
I use that term - "the race" - on purpose. Combating viruses is a three-way race:
In the lead are virus writers looking for vulnerabilities and writing viruses to exploit them
Coming in second are the anti-virus software vendors looking for ways to detect each new virus as it appears as well as figure out the correct way to eradicate it when found
Next are the software vendors looking to plug the security holes that the viruses exploited in the first place.
Lastly are folks like you and me, hopefully keeping our systems up to date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.
As you can see, virus writers are almost always in the lead. You and I? We're dead last. Hopefully close to the pack, but still - last.
As a result, the first answer boils down to simple bad luck. It's possible to be doing everything as right as you can and still get infected if:
Your anti-virus software has not yet been updated to know how to detect it
Your software has not yet been patched to fix whatever vulnerability the virus exploits
All anti-virus software is the same, only different.
Sadly, as far as I can tell, there is no "best" anti-virus or anti-malware package. Almost all of the name brands are good, but I've not run into one that really stands out above the crowd at detecting absolutely positively everything.
What that means to you is that no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there doesn't seem to be a single package you can count on to catch everything. So it's possible to still get infected even though your anti-malware tools are completely up to date.
The internet - Wear protection before touching it
One of the more frustrating scenarios I've seen involves going through great lengths to clear a machine of viruses only to get infected again within seconds of connecting to the internet.
Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don't even have time to download your operating system update, or anti-virus software, before your machine is once again a victim.
Firewalls help - particularly hardware firewalls such as routers. That's one of the reasons folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic and types that you'd never need. They block out the unwanted stuff before your computer ever really sees it or has a chance to be infected by it.
The good news here is that most operating systems now either come with a software firewall turned on by default or strongly encourage you to turn it on as you perform your initial install.
The harsh reality
All viruses are not created equal - hence, all the different terms used to describe them. Some exist merely to propagate, others exist to do damage, some exist to silently send spam while still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email, others by downloaded applications, and as we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.
No anti-malware tool can protect you from yourself. For example, if you open an email attachment you don't recognize and run it, you may install a virus before your anti-virus software has a chance to act. If, when downloading a file, you choose to ignore a warning that your anti-virus package or firewall throws up, you're telling the software that you know better than it does what is or is not safe.
If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up to date as possible ... it's on you to know what you're doing.
Let's hope you do.
Why is it like this? It's hard to say. Ask 10 people and you'll get 10 different answers: hackers with too much free time, operating systems that aren't robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there's a lot of money to be made by infecting large numbers of machines with spam-sending bot software.
Of course, it shouldn't be like this.
But what we do know is that it for whatever reason is like this and will be for the foreseeable future. That's why, ultimately, you and I are each responsible for keeping our computers safe on the internet.
(This is an update to an article originally published in September, 2004.)