Helping people with computers... one answer at a time.
It's possible to get malware, even with anti-malware tools installed, for a variety of reasons. I discuss some of the reasons why this happens that I feel are the most significant.
I've been an independent computer repair tech for over 12 years now. The question I get the most (and have the hardest time answering) is this: how come my antivirus program didn't stop me from getting this virus? When you're installing AVG, the program says that only 3% of today's security problems are caused by traditional viruses. Is this true? Is it true for the other antivirus programs as well? And why is it that, when we do get one of these non-traditional security issues (i.e. malware), we then must rely on free software downloaded from the internet? Why don't the ‘traditional' antivirus suppliers include a malware remover module with their software? If traditional antivirus programs are going to be satisfied with being the canary in the coal mine (we know we're infected when our antivirus program dies), why not just download a free product, use our common sense on the internet and hope for the best?
•
In other words, why don't anti-malware tools work better than they seem to?
I have to fault AVG for the phrase "traditional viruses". I think that put an unrealistic spin on your expectations. Malware is malware, and that includes viruses, spyware, rootkits, zombies, and gosh knows what else.
What's "traditional"? Ya got me. I also have no idea where that 3% figure comes from.
But there's a kernel of truth in AVG's statement. No matter what program you run, there's still a chance your computer will get infected.
•
Different Tools, Different Jobs
When looking at anti-malware tools, the most obvious way to categorize them is by seeing what kind of malware that they're targeting:
-
Antivirus programs examine the files that are currently on or being copied to your machine for patterns of data that match those of known viruses.
-
Anti-spyware programs lock or monitor certain types of changes on your machine and compare these to the known behavior of spyware.
-
Anti-rootkit programs specifically look for and counter the advanced techniques that rootkits use to hide the files that comprise them.
-
Anti-whatever programs slice the malware universe differently or look for more specific threats.
Convention has long held that you need at least one antivirus and one anti-spyware tool, in addition to other things like a firewall, a backup and good behavior on your own part.
But picking tools can be confusing as more anti-malware tools try to cover more bases. Almost all of the major anti-malware vendors offer a suite of programs with multiple tools, like those mentioned above.
The varying classes of malware out there typically require different approaches for detection and prevention. The result is that specific tools are needed for different jobs. For example, a purely antivirus program isn't likely to catch spyware.
Different Programs, Different Techniques
Even within the same category of anti-malware programs, similar tools from competing vendors will often use different ways to detect malware. This is one of the reasons why some antivirus programs won't catch the same viruses that others will.
Viruses are crafty little beasts. They'll use a variety of techniques to get into your system and avoid detection. From making sure that no two copies of itself look alike to encrypting key parts of its inner workings, the ways that a virus hides are only limited by the virus writers' imagination and skill.
That's why antivirus tools are continually playing a game of catch-up. Every time a new virus is found , the antivirus tool needs to be updated. Most often, it's a simple matter of updating the database of known viruses with new information.
But even this can be more involved than you think. It's possible that the virus is so good at hiding itself that the tool requires more than a simple database update; the detection method used by the antivirus tool simply can't detect the virus. In a case like this, parts of the tool itself are what needs to be updated.
Different Companies, Different Responses
As I said, new malware of all forms is being discovered daily, if not more often. That means that anti-malware companies need to have the staff, resources and dedication to continually update their database and tools. They also need the infrastructure, maturity and means to rapidly implement, test and deploy changes to those tools.
I think that's the other source of disparity among anti-malware tools - some are good at rapid deployment, while others take a while longer.
It may not even be a matter of competence, but rather prioritization; a specific virus might be defined as high priority by one company and in need of an immediate update, while another company might classify it as less important and thus take longer to push out the detection update.
I don't mean to imply that any of this is easy. We've seen major antivirus tool vendors push out updates that have failed or even crashed users' machines. It shouldn't happen, but in the rush to get security updates tested and out quickly... well, I'm surprised problems like these don't happen more often. It's exceptionally difficult to get it right 100% of the time, especially when we expect anti-malware tools to not impact the performance or functionality of our machines while they do this important work.
What's It All Mean?
I've often said that there is no best anti-malware tool. Program A may catch this newly released virus today, but tomorrow's new virus might be caught more effectively by program B.
Most vendors know this, so they're continually working to improve the coverage of their products.
But it's still a race between malware writers releasing new versions of their stuff, and anti-malware vendors struggling to make sure that each new issue gets caught appropriately.
There's always a hole in the coverage and something will slip through.
That's why, in addition to a good antivirus tool, anti-spyware tool and firewall, I also say that you are the most important anti-malware tool that your computer has.
Your potential ability to recognize and skip malware is actually far superior to that of most anti-malware tools. You can recognize spam and bogus attachments. You know you shouldn't have visited that web site. You know that too-good-to-be-true offer was, well, too good to be true. What you then do with that knowledge is what keeps your machine safest of all.
Article C4728 - January 30, 2011 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
February 6, 2011 3:15 AM
Will anyone here let me know if combofix messed up their computer. It is safe for me. Why do you need to hire a tech to run Combofix, Michel G. It has only two options, run or cancel.
February 8, 2011 9:18 AM
Question for Bob K.
Hi, I'm the guy who posted the initial question.
Nobody who responded attempted to answer the my question about the free antimalware programs and why don't folks like Symantec incorporate a similar removal system in their payed for products? Any ideas?
February 10, 2011 10:09 AM
Best judgement always # 1. I admit I have found humor in the folley of others through various forums (best judgement not used). One case: a user wanted money back due to a virus filled download of an open source program from e-bay. Another case: a user was at the proper download site, but chose to click a sidebar ad and received the program, but with.....a virus. User failure indeed. Always do research, go to the actual true download site, never deviate from the direct path. Otherwise, I'll be chuckling at your folley in a forum. Sorry.
June 2, 2012 11:56 PM
i have never used an av on my laptop all i use is firewall and defender and occasionally run anti malware to check system i have never had a virus in 2 years
December 29, 2012 3:27 AM
Moncler On Sale Discount Moncler Moncler Sale Uk Moncler Women Coats Moncler Jacket Mens.
•
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.