Helping people with computers... one answer at a time.
It seems like even the most up-to-date anti-virus software package isn't always enough. It's frustrating, since you'd think that it would be.
I have AVG virus protection always on and windows XP firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up to date.
•
That's a very good question, particularly since so many people believe that with only an anti-virus program they're totally protected.
Unfortunately, that's simply not true.
The answer is partly the nature of anti-virus software...
... and partly the nature of "the race".
•
The Race - And Bad Luck
I use that term - "the race" - on purpose. Combating viruses is a three way race:
-
In the lead are virus writers looking for vulnerabilities and writing viruses to exploit them
-
Coming in second are the anti-virus software vendors looking for ways to detect each new virus as it appears as well as figure out the correct way to eradicate it when found
-
Next are the software vendors looking to plug the security holes that the viruses exploited in the first place.
-
Lastly are folks like you and me: hopefully keeping our systems up to date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.
As you can see, virus writers are almost always in the lead. You and I? We're dead last. Hopefully close to the pack, but still - last.
As a result the first answer boils down to simple bad luck. It's possible to be doing everything as right as you can and still get infected if:
-
your anti-virus software has not yet been updated to know how to detect it
and
-
your software has not yet been patched to fix whatever vulnerability the virus exploits
All Anti-Virus Software is the Same, Only Different.
Sadly, as far as I can tell,there is no "best" anti-virus or anti-malware package. Most all of the name brands are good, but I've not run into one that really stands out above the crowd at detecting absolutely positively everything.
What that means to you is that no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there doesn't seem to be a single package you can count on to catch everything. So it's possible to still get infected even though you're anti-malware tools are completely up to date.
The Internet - Wear Protection Before Touching It
One of the more frustrating scenarios I've seen involves going through great lengths to clear a machine of viruses, only to get infected again within seconds of connecting to the internet.
Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don't even have time to download your operating system update, or anti-virus software, before your machine is once again a victim.
Firewalls help - particularly hardware firewalls such as routers. That's one of the reasons folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic, and types that you'd never need. They block out the unwanted stuff before your computer ever really sees it, or has a chance to be infected by it.
The good news here is that most operating systems now either come with a software firewall turned on by default, or strongly encourage you to turn it on as you perform your initial install.
The Harsh Reality
All viruses are not created equal - hence all the different terms used to describe them. Some exist merely to propagate, others exist to do damage, some exist to silently send spam while still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email, others by downloaded applications, and as we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.
No anti-malware tool can protect you from yourself. For example, if you open an email attachment you don't recognize and run it, you may install a virus before your anti-virus software has a chance to act. If, when downloading a file, you choose to ignore a warning that your anti-virus package or firewall throws up, you're telling the software that you know better than it does what is or is not safe.
If you choose to connect without a firewall, or choose not to use automatic updating tools to keep your system as up to date as possible ... it's on you to know what you're doing.
Let's hope you do.
Why?
Why is it like this? It's hard to say. Ask 10 people and you'll get 10 different answers: Hackers with too much free time, operating systems that aren't robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there's a lot of money to be made by infecting large numbers of machines with spam-sending bot software.
Of course it shouldn't be like this.
But what we do know is that it for whatever reason is like this, and will be for the foreseeable future. That's why, ultimately, you and I are each responsible for keeping our computers safe on the internet.
(This is an update to an article originally published in September, 2004.)
Article C2175 - January 3, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Hi Leo!
I´ve driven this philosophy for a long period of time about the antivirus corporations, which is that they
create their own viruses, which only they self can treat in the begining. This only to make normal people like me, by their antivirus product. Do you think that this could be a good assumption? I really belive that antivirus, (and antispyware for that matter), corporations are responsible for atleast 70% of viruses on the internet, by hiring private hackers. Do tou think that there is something close to my philosoophy?
I do not believe that mainstream anti-virus software manufacturers - regardless of how good or bad their product might be - are engaged in anything such as you describe. There are plenty of viruses being created for real - there's no need to "manufacture" a need for anti-virus software.
There have been a couple of isolated cases where specific viruses were unleashed and specific removal tools could be purchased from the virus creators, but it's been quite a while since I've heard of any, and they never involved the general purpose anti-virus tools.
There is no conspiracy.
11-Mar-2007
Posted by: Gabriel Sweden at March 11, 2007 7:27 PM
I firmly believe that those Anti-Virus companies are indeed conspiring to place viruses on the net. Think about it! It's a very big money maker!
Posted by: John at October 16, 2007 6:36 AMyeah, and they publish them from the "grassy knoll"...lol (for those that don't get this reference, ask your parents)
Posted by: David at October 24, 2007 2:25 PMI using AVG in still got infected with trojan and backdoors. I want to change my real time anti virus,but don't know how. Leo,can you suggest some good anti virus? and kindly guide me too as well to how to install it. thanks.
30-Dec-2009
I have OpenOffice 3.3, it keeps crashing everytime I want to open a file or type a new letter. What is the problem? Thank you
Posted by: Arleen at April 20, 2012 10:47 AM