I Run Anti-virus Software. Why Do I Still Sometimes Get Infected?


I have AVG virus protection always on and have the Windows firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up-to-date.

That’s a very good question. Most people believe they’re totally protected because they have an anti-malware program.

Unfortunately, that’s not true.

The answer is partly the nature of anti-malware software …

… and partly the nature of the race.

The race

I use that term — “the race” — on purpose. Combating viruses is a four-way race:

  • In the lead are malware writers, looking for vulnerabilities and writing malware to exploit them.
  • Coming in second are the anti-malware software vendors, looking for ways to detect new malware as it appears and eradicate it when found.
  • Next are the software vendors, looking to plug the security holes that the malware exploited in the first place.
  • Lastly are folks like you and me, hopefully keeping our systems up to date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.

As you can see, virus writers are always in the lead. You and me? We’re dead last. Hopefully close to the pack, but still, last.

As a result, the first answer boils down to simple bad luck. It’s possible to be doing everything as well as you can and still get infected, if:

  • Your anti-malware software has not yet been updated to detect a new threat
  • Your system or application software has not yet been patched to fix whatever vulnerability the virus exploits

All anti-virus software is the same… only different

Sadly, as far as I can tell, there is no “best” anti-virus or anti-malware package. Almost all of the name brands are good, but I’ve not run into one that detects absolutely, positively everything.

In other words, no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there’s no single package you can count on to catch everything. So it’s possible to still get infected even though your anti-malware tools are completely up to date.

The internet: wear protection before touching it

One of the more frustrating scenarios that I’ve seen involves going to great lengths to clear a machine of viruses only to get infected again within seconds of connecting to the internet.

Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don’t even have time to download your operating system update or anti-virus software before your machine is once again a victim.

Firewalls help — particularly hardware firewalls such as routers. That’s one of the reasons why folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic and types that you’d never need. They block out the unwanted stuff before your computer ever really sees it or has a chance to be infected by it.

The good news here is that most operating systems now either come with a software firewall turned on by default or strongly encourage you to turn it on as you perform your initial install.

The harsh reality

All malware is not created equal, which is why there are so many different terms to describe the variations. Some exist merely to propagate. Others exist to do damage. Some exist to silently send spam. Still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email. Others travel by downloaded applications. As we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.

No anti-malware tool can protect you from yourself. For example, if you open an email attachment that you don’t recognize and run it, you may install a virus before your anti-virus software has a chance to act. When downloading a file, if you choose to ignore a warning that your anti-virus package or firewall displays, you’re telling the software that you know better than it does what is or is not safe.

If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up to date as possible, it’s on you to know what you’re doing.

Why?

Why is it like this? It’s hard to say. Ask 10 people and you’ll get 10 different answers: hackers with too much free time, operating systems that aren’t robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there’s more money to be made by infecting large numbers of machines with spam-sending bot software.

Of course it shouldn’t be like this.

For whatever reason, it is like this and will be for the foreseeable future. That’s why you and I are each responsible for keeping our computers safe on the internet.

Originally published as I Run Anti-virus Software. Why Do I Still Sometimes Get Infected? on Ask Leo!