Helping people with computers... one answer at a time.

Anti-virus tools won't catch all malware, all the time - especially in real-time visits of questionable sites.

While visiting some adult sites recently using IE in private browsing, I got what looked like an official screen from the metropolitan police advising me that my computer had been detected accessing illegal sites and would be locked. My camera was activated and my picture was taken and displayed on my screen. I switched my machine off using the power button, waited a few seconds and then rebooted into Windows 7. Everything seemed to be ok. After my initial panic, I fired up my iPad and looked on the web to see if there was any mention of this message and sure enough several sites identified it as a Trojan that had gotten on to my machine. I started an AVG scan. AVG is/was my favorite anti-virus software and is/was constantly running on my machine. I found several instances on a Trojan, which it quarantined. Up until now, I've always promoted AVG as the best protection around. So I was a bit shaken that this Trojan had gotten through. Any help or words of wisdom you can provide would be reassuring.

In this excerpt from Answercast #95 I look at what you might get on your computer if you visit questionable sites.

Anti-virus doesn't catch all malware

The actual question is a fair bit longer but the bottom line is that the person asking the question is concerned that something got through their anti-virus software.

The bottom line here is that not all anti-virus tools will catch all viruses. Not all anti-spyware tools will catch all spyware. They will catch most. And in this particular case within AVG, it did catch it when you did the scan of your hard disk.

What it didn't do was catch it as it happened.

Real time scanning

This is what we refer to as real-time scanning.

Now, I often recommend that people turn off real-time scanning because it can interfere with the function of the web browser, or the mail client, or any number of other things. But it's real-time scanning that actually might have caught this as it happened.

As it turns out, either it didn't, or it wasn't turned on to do real-time scanning. But the scan, the static scan, the scan that you initiated after you suspected a problem, did. So that implies that AVG knows about this and will clean it up.

AVG will catch it when it does its regularly scheduled scan. It just didn't do it in real time - quite possibly because you had real-time scanning turned off.

Visiting questionable sites

This is one of those decisions that you as a computer user need to understand and need to make. Real-time scanning can be important if you regularly frequent areas of the internet that are, for lack of a better word, questionable, and yes - many of the adult sites on the internet qualify as being in that questionable category. There's a lot of malicious software that is delivered if you visit the wrong adult sites.

This is also true if you visit software downloading sites, illegal music sites, all those kinds of things. They all have a reputation of giving you more than what you're looking for in the form of malware.

In those cases, if that's the kind of thing you do on a regular basis, you want to make sure that you're running anti-malware software that is scanning in real-time.

Problems with real-time scan

If it's interfering with your browser, if it's interfering with your email, that's a problem that you need to fix somehow. It may mean using a different email program or browser. It may mean using a different anti-malware tool but if you're visiting these kinds of places regularly, you want to make sure that you've got real-time scanning enabled.

Now, the other approach of course is don't go there. Avoid the sites that are known to give this kind of experience. I have nothing against adult sites personally but I do know that when you visit random adult sites, you're putting your computer at risk for exactly this kind of thing. Either you need to be taking the steps to avoid that by properly choosing and configuring the anti-malware software that you run, or you need to choose not to go there.

(Transcript lightly edited for readability.)

End of Answercast 95 Back to - Audio Segment

Article C6326 - February 24, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
snert
February 26, 2013 1:41 PM

Boys wil be boys and girls will be girls.
Make you computer wear a condom. I have several in different flavors and colors. Threatfire is a decent one but it only comes (sic) in one flavor and colors are not an option. I have my real-time scanning from several anti-malware apps enabled when I go porn cruising and what suprises me is - they don't step on each others toes, but they keep my machine lean 'n' clean.

Mike
February 26, 2013 4:41 PM

Use Sandboxie when visiting questionable sites. Anything that tries to invade via your browser can be deleted when the browser is closed.

johnpro2
February 27, 2013 2:22 AM

@mike ...
good advice indeed. Sanboxie will also prevent the installion of malware from any site.
Caveat: providing you don't choose to save outside the sandbox protected browser and risk an infection installing.
Jp

Mark J
February 27, 2013 3:21 AM

One good tool to use in these cases is WOT (Web of Trust). It is a plug in for all the major browser which warns you of questionable sites base on the ratings of WOT users. Web Of Trust - Website Trust Ratings from Other Internet Users. It will block the vast majority of drive-by malware websites. It's not perfect, but it's an extra level of protection which doesn't noticeably slow down your browsing experience.

Adrian
February 27, 2013 9:45 AM

It would help if we configured a browser not to allow any kind of javascript on any page. For other sites we can use another browser. This way we get rid of the annoying ads.

Mark J
February 27, 2013 2:46 PM

@Adrian
You can block JavaScript in Firefox, using a plugin called NoScript. By default JavaScript is blocked, but you can turn it on for any website you want to access that requires JavaScript. You can choose to always run it on that web site or to run it just for that session.

Mike
February 27, 2013 5:31 PM

@JohnPro2: actually if you do download & save something outside the sandbox (i.e. music, video), you can then run the item sandboxed to check its behavior. Never did it with an .exe file, though.

johnpro2
March 1, 2013 1:02 PM

@mike:
I agree. exe files run sandboxed would be quite safe as well.
Right click the .exe files and a menu should appear giving the option to run sandboxed.
jp

Ken in San Jose
March 2, 2013 11:39 PM

It's not just porn sites.
I regularly do searches on tech stuff I run across on the web, and ask-leo. At least once a month while visiting a tech site I got from a Google search, Norton Anti-virus pops up that it had blocked some malware that was trying to attacking my computer. Usually it says the malware was blocked and I do not need to do anything. But once Norton Anti-virus gave a notice that the attack was serious/dangerous... I immediately closed the browser and did a virus scan with Norton Anti-virus, which found nothing. And with Microsoft Windows Defender Offline, which found a Java malware. Even though Windows Defender Offline says it cleaned the infection, I re-installed my computer from the last Windows 7 Image backup. Then again did scans which came up clean. Yes Leo, backup, backup, backup!!!
Tech sites can be very dangerous!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.