Why Didn't my anti-virus protect me?
This is the number 1 question asked by customers when they have paid for anti-virus software, and they still find themselves infected somehow. It is usually a complicated question to, and nobody likes the answer. Anti-virus software works in a certain way, and it is not at all a guarantee against getting a virus. It is a last line of defense, not a first.
To begin to answer this question, we have to understand exactly how anti-virus software works. Most current anti-virus programs have 4 separate components. They have a comprehensive scanner, a “real-time” scanner, a virus encyclopedia, and a heuristic scanner.
- Comprehensive scanners scans on a schedule and inspects each file for threats. It may do a full system scan each night, or morning, whichever time period you tell it, if you do at all (many do not). It compares the contents of the file to the virus definition list. It marks things as infected if it finds a match.
- Virus encyclopedia contains the list of known viruses, and other bad stuff. The virus encyclopedia is often called “virus definitions”. The company you purchased your anti-virus software from provides your computer with daily updates on new viruses, spyware, and other threats. This repository of information contains all the forensic tools your computer needs to detect and remove viruses.
- Real time scanner attempts to scans things as you open or access them, using the same encyclopedia as the comprehensive scanner. If you have a real-time scanner, you may see a performance hit on your computer because scanning everything in real time, well...takes time.
- Heuristic scanner is a tool that looks for things that could be bad, but are not necessarily in the encyclopedia. it compares how a program or file acts, and tries to find things not on the known bad list. It essentially tries to sniff out any suspicious behavior that may be indicative of a virus.
As your computer scans and inspects each file, it compares the contents with it’s list and either says the file is OK, or marks it infected. This is similar to a guest list at a wedding reception. If you are on the list you get in, if not, they wont let you in. The anti-virus software works in the opposite, if you are on the list, your probably are a virus, and if you are not, then you are good (or good as far as it knows).
These 4 aspects work in conjunction with each other to provide the most protection possible. To date, this has been the most effective for finding and removing viruses. Now, let me tell you what goes wrong and why even this elaborate setup doesn’t always work.
A file in it’s entirety is easy to scan. The program opens it, takes a peek, closes it and moves on. When things are downloaded from the internet, is it very hard to scan before it finishes downloading. You don’t have a complete file yet. The anti-virus program actually has to wait until the virus finishes downloading before it can scan it.
The makers of viruses and other bad crap, also have access to the popular virus definitions and repositories. They use this info to come out with viruses that will not be easily detected. This makes it difficult to stay ahead of the viruses, because they are always getting “smarter” at hiding them.
If the anti-virus program does too much scanning and checking, the computer would move at a snails pace. It has been proven that people will choose faster service over more security. Airport lines are too long, passwords are too complex to remember, and anti-virus programs slow my computer down too much. The anti-virus program makers try to balance security with speed, and that makes the programs less effective. Our desire for faster computers is in direct conflict with Anti-Virus software. Scanning everything takes time that we do not want to give.
The anti-virus program makers release new and updated virus definitions as they learn of new threats. Usually, that means someone got infected first. They then study the virus, learn, and try to release updated definitions for their customers. This delay between infection and release means that someone will get infected. They don't know there is some new threat on the prowl, until someone gets infected first.
The anti-virus program will not stop you from using your computer. If it told you no for everything you click on, then you would just turn it off. What is the point of the computer if I cant use it? There is no way for the anti-virus program to know something is bad BEFORE you click on it. How could it? It hasn’t scanned it, and doesn’t even know you will click on it until you do.
The biggest problem with anti-virus programs are in the name. The name makes you think it is more protection that it delivers. Anti-virus is taken to mean no viruses. Or protection against viruses. Neither of which the anti-virus program offers.
So how do you reconcile the fact that you purchased anti-virus software, and still got a virus? You had to pay for the software and then pay to get a virus clean anyway? It can be a hard pill to swallow. It can make you think “I don’t need to buy the software if i will need to pay to get it fixed at some point in the future”
As a technician, I have a difficult time recommending anti-virus software. I found customers were growing considerably more confused about getting infected when they have software that is allegedly suppose to protect them. They feel anything labeled anti-virus, should do just that. Protect me from viruses. I sympathize and apologize. The name is misleading. We try to inform people that nothing provides 100% protection. I’m sure we could do a better job at it. We have a few signs to the effect in all our stores, they could probably be bigger.
The honest truth is, you are far better off having anti-virus software that not having any. Compare it to staying fit and being healthy. That is much better than being unhealthy and having chronic health issues. You will still get sick from time to time, no matter how many fruits and vegetables you eat. Hope this helps explain why that software didn't protect you.