I have antivirus software, why did I still get a virus (and how to avoid it)?
NOTE: For this article, any form of malware that is harmful to your computer and causes ill-behavior will be referred to as a virus.
If you have been the victim of a virus infection, you know how serious it can be – your computer usually stops working correctly, it displays errors or does things that you did not expect, and your trusty antivirus software may no longer appear to be working. As a matter of fact, the icon may be completely missing from the notification area near the clock in the taskbar!
Why do you think this happened and how come the antivirus software did not stop it, especially considering that viruses are written by bad guys that are looking for notoriety, looking to have some fun, or most commonly looking for money? These are really good questions, and ones that I get asked a lot when I am removing viruses from my customer’s computers. So to keep things straight, let’s tackle these questions in reverse.
First, why didn’t the antivirus software stop it? I always tell my customers that no antivirus software, no matter how good it is, even if you paid a million dollars for it, will stop all viruses. Why? Let’s play a game and pretend that you are a virus writer and I am an antivirus software company – it doesn’t matter which – Norton, Comodo, Trend, Mcafee, AVG, any of them.
YOU have just programmed your latest virus creation – you have tested it over and over again on multiple computers and it appears to do what it is supposed to do. Now you get in with the huge group of other virus writers who already have a large network of websites that people inadvertently go to for many reasons (mis-spelled domain names, malware links in emails or on Facebook/MySpace, etc) and you set off your creation on some of those websites.
Do I (as the antivirus company) know about this yet? Of course not!! How could I? It’s not like you emailed me and told me you were going to do this and sent me the code so I could figure out what it was going to do, right? I (again as the antivirus software company) have to wait until:
1) I find it on the Internet.
2) My software reports it as a potential issue.
3) Someone reports it to me because their computer got infected and they were being a good citizen.
Then after I find it, I have to change my program so my software can detect it and fight it (these are the virus definitions). Sometimes my software doesn’t work right and I have to re-update my definitions so it works right. How long does this process take? I have personally seen companies like Norton and Mcafee not detect and remove certain viruses for months after I have seen a virus for the first time and figured out how to remove it manually.
Is this because they are reluctant to find and fight the viruses? No – for sure no. It is because of the nature of the game – the bad guys are always two steps ahead! If I was a virus writer I sure wouldn’t want the good guys figuring out what I am doing because I am making money off of it! So I might even change my virus in enough ways to fool the antivirus software so it won’t detect it or disable it anymore (these are called variants or variations).
What’s worse, the first thing that the virus does in many cases is disable your antivirus software! That’s right – it just takes it out – no fooling. So now the virus can just roam free on your computer and do whatever it wants including stealing your personal information and relaying it to the ‘home’ server (yes when this happens it is VERY bad).
Okay, so that was question number 1. Now onto question number 2 – how did this happen?
1) In most cases that I have run across (and I mean most) it was because the user knowingly clicked on a link that could be dangerous (and did it anyway) or went to a risky website such as those free porn sites, party poker sites, or hacker sites, OR received an email saying something that makes them want to click on the link. DON’T DO IT!! The email thing (and Facebook/MySpace, etc) is called Social Engineering – you are made to think that you should click the link. On the porn/party poker/hacker sites: if you really want to do those things, seriously consider paying for them because you are much less likely to get infected if you pay. Paid sites generally rely on subscriptions and do not intentionally infect their customer’s computers – the subscription income is much more substantive than anything they could get from infecting computers.
2) Going further, in some cases the user was just surfing the web and got hijacked by a virus from a plain old advertisement on the web page. Now this is happening much less because ad networks have gotten much tighter about their ads, but up until a few months ago this happened quite a bit – even from sites such as MSN and Yahoo! Ad blockers are good ways to combat this – a great one is Adblock Plus available for Firefox and Chrome.
3) Other ways to get viruses is just from plain old searching on the Internet. My computer has been hacked (meaning in this case infected or ALMOST infected) by a Google Images page just by clicking on a perfectly socially acceptable picture and going to the web page hosting the image! I have also heard of customers getting hacked by clicking on a webpage from Google (or other search engine – let’s not single out Google here) and getting infected because the website was literally hacked and malware now lives on the server, infecting any computer that goes to it. Google is doing a much better job of detecting these sites and warning users (and site owners so they can correct the problem), but Google is not perfect either.
The Internet is a wondrous place. It is also a very dangerous place for your computer and ultimately you if you are not careful. If your computer gets infected, it means that you are going to be inconvenienced at the very least. You could spend hours or even days attempting to find a solution. You will end up paying for professional help if you cannot find the solution or if you want to avoid the potentially monstrous waste of time. Your computer may end up sending emails to all of your friends and relatives, increasing their risk of contracting a virus. In the absolute worst case scenario, you may also lose your identity which could take years to fix.
Here are the tricks to avoiding virus infections:
1) Use antivirus software, always – and keep it updated (also make sure you have a good firewall installed – Windows 7 and 8 Firewalls are very good, consider a third party firewall for previous Windows versions).
2) Keep your computer’s operating system updated (Windows, for example).
3) If you are still using Windows XP, for gosh sakes, get a new computer already! Windows XP is not being updated anymore, and the meager support it is receiving from Microsoft will end in April next year. XP is horribly insecure and has virtually no native defense against newer or recent viruses – if you end up on a page with a malware script you will not even be warned – it will just get on your computer (at least with newer versions of Windows you MAY have a chance to just shut the computer down and avoid the infection).
4) Avoid risky behavior on the Internet. Stay away from hacker sites, free porn sites, and party poker sites. Never click on a suspicious looking link in an email, even if from a friend or relative. They could be infected and the virus may have sent you the email. Keep your wits about you. If you do happen to see some type of strange warning that you have a million viruses on your computer or some program wants to run without your permission and you didn’t do anything but go to a website or click a link, just push the reset button on your computer, or if you don’t have one, hold the power button on your computer until it turns off. No it is not the best way to turn it off, but in an emergency it may be the best way of avoiding infection. Be certain to avoid going back to that same web page again.
DISCLAIMER: There is a slight possibility of file system or hard drive damage by turning off the computer while holding the power button – if your computer does not boot properly after turning it off you may need professional help. ALWAYS back up your stuff in case something like this happens!
David Glick is an A+ and Network+ Certified Computer Technician with an Associates Degree Information Technology and over 3 decades of computer experience. His favorite aspects of computing include helping people with their computer issues, computer security, and writing computer programs. He owns a computer repair company based in Arizona and serves the Phoenix and Verde Valley areas of Arizona. His Phoenix Computer Repair website is http://www.glickscomputerrepair.com. Please like his Facebook page at http://www.facebook.com/mypctech to get great computing tips and tricks!