I run anti-virus software. Why do I still sometimes get infected?

It seems like even the most up-to-date anti-malware package isn't always enough. It's frustrating because you think that it would be.

//
I have AVG virus protection always on and have the Windows firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up-to-date.

That’s a very good question. Most people believe that they’re totally protected because they have an anti-malware program.

Unfortunately, that’s simply not true.

The answer is partly the nature of anti-malware software…

… and partly the nature of “the race.”

The race – and bad luck

I use that term – “the race” – on purpose. Combating viruses is a four-way race:

  • In the lead are malware writers looking for vulnerabilities and writing malware to exploit them.
  • Coming in second are the anti-malware software vendors looking for ways to detect new malware as it appears as well as figure out the correct way to eradicate it when found.
  • Next are the software vendors looking to plug the security holes that the malware exploited in the first place.
  • Lastly are folks like you and me, hopefully keeping our systems up-to-date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.

As you can see, virus writers are almost always in the lead. You and I? We’re dead last – hopefully close to the pack, but still – last.

As a result, the first answer boils down to simple bad luck. It’s possible to be doing everything as right as you can and still get infected if:

  • Your anti-malware software has not yet been updated to know how to detect it.
  • Your system or application software has not yet been patched to fix whatever vulnerability the virus exploits.

All anti-virus software is the same, only different

Sadly, as far as I can tell, there is simply no “best” anti-virus or anti-malware package. Almost all of the name brands are good, but I’ve not run into one that really stands out above the crowd at detecting absolutely positively everything.

In other words, no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there’s no single package that you can count on to catch everything. So it’s possible to still get infected even though your anti-malware tools are completely up-to-date.

The internet: Wear protection before touching it

One of the more frustrating scenarios that I’ve seen involves going to great lengths to clear a machine of viruses only to get  infected again within seconds of connecting to the internet.

Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don’t even have time to download your operating system update, or anti-virus software, before your machine is once again a victim.

Firewalls help, particularly hardware firewalls such as routers. That’s one of the reasons why folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic and types that you’d never need. They block out the unwanted stuff before your computer ever really sees it or has a chance to be infected by it.

The good news here is that most operating systems now either come with a software firewall turned on by default or strongly encourage you to turn it on as you perform your initial install.

Infected!The harsh reality

All malware is not created equal, which is why there are so many different terms to describe the variations. Some exist merely to propagate. Others exist to do damage. Some exist to silently send spam. Still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email. Others travel by downloaded applications. As we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.

No anti-malware tool can protect you from yourself. For example, if you open an email attachment that you don’t recognize and run it, you may install a virus before your anti-virus software has a chance to act. When downloading a file, if you choose to ignore a warning that your anti-virus package or firewall displays, you’re telling the software that you know better than it does what is or is not safe.

If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up-to-date as possible … it’s on you to know what you’re doing.

Let’s hope you do.

Why?

Why is it like this? It’s hard to say. Ask 10 people and you’ll get 10 different answers: hackers with too much free time, operating systems that aren’t robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there’s more money to be made by infecting large numbers of machines with spam-sending bot software.

Of course, it shouldn’t be like this.

For whatever reason, it is like this and will be for the foreseeable future. That’s why you and I are each responsible for keeping our computers safe on the internet.

This is an update to an article originally posted : September, 2004

There are 19 comments:

  1. mary Reply

    I had to turn off my Firewall because my Dell said that AOL was being blocked by it. I was asked to remove it so I could go online. Is this neccessary? Can I run thae Privacy wall instead? Help. Yhank-You.

  2. John Reply

    I firmly believe that those Anti-Virus companies are indeed conspiring to place viruses on the net. Think about it! It’s a very big money maker!

  3. David Reply

    yeah, and they publish them from the “grassy knoll”…lol (for those that don’t get this reference, ask your parents)

  4. mimi Reply

    I using AVG in still got infected with trojan and backdoors. I want to change my real time anti virus,but don’t know how. Leo,can you suggest some good anti virus? and kindly guide me too as well to how to install it. thanks.

    What Security Software do you Recommend? has recommendations.

    Leo
    30-Dec-2009
  5. Arleen Reply

    I have OpenOffice 3.3, it keeps crashing everytime I want to open a file or type a new letter. What is the problem? Thank you

  6. Shridhar...india Reply

    I am ur big follower LEO….a BIG thank you for all the help & ur advices!!!!!! hope fully u will continue all this good work…..cheers

    • Gabe Reply

      I agree and couldn’t have said it better myself. Thanks for what you do, Leo!

  7. James S Reply

    I have never, in over 20 years of increasing internet use, installed any security software. I have suffered two viruses: the first was on a floppy given me by someone I trusted; the second was while updating Windows immediately after installing it, before Windows firewall was enabled by default. Now Shields Up tells me I’m invisible, except for Ping, which doesn’t bother me.

    Vigilance is all it takes – there’s no substitute for it.

  8. fay Reply

    avg became the malware. I tried it once, but it did nothing for me, so I uninstaled it, but it then got into everything and just kept getting worse. It even took money out of one of my accounts. No mater how many solutions I tried, it just multiplied and blocked my firewall, so I had more viruses. I finally had to get a new complete install. That sort of worked but blocked any programs until I sent money to another secuurity program, which I later learned was another scam. So far I have been unable to get a refund, but i think my computer is now working with microsoft security.

  9. johnpro2 Reply

    The stuff that ‘infects’ many computers these days are unwanted browser extension ,add ons. toolbars, browser hijackers which change home page and search engine. These can slow the computer down to a crawl.
    Most antivirus packages do not remove these as they come bundled with wanted software programs and are not detected as malware.
    Getting rid of this scourge is easy enough when you know how. Most removals have to be done one by one,but often it just comes straight back unless thoroughly removed.
    The best fix is a Windows reinstall …this usually takes less time overall and is the most effective.
    jp

    • Mark Jacobs Reply

      Malwarebytes is very good at removing a lot of these PUPs (Potentially Unwanted Programs.) They’re usually not so “Potential.” Most of them are absolutely unwanted.

  10. Bob Reply

    I recently changed from AVG to ZoneAlarm, and ZA found things AVG hadn’t, on it’s first scan.
    I also run MSE (or Windows Defender, depending on OS) just to keep an eye on things.
    If I’m really feeling paranoid, I go to Trend Micro and run their “Housecall”.

    No anti-malware is perfect. Paid services are ‘supposed’ to be better, but why pay for something you -know- you can’t trust completely when the free ones are “good enough”?
    And to quote Leo from a different article – if someone wants to see the ‘fluffy kitten pictures’, then no anti-malware software available will protect them from themselves.

  11. Jack Reacher Reply

    Along with James S., I don’t run an active anti-virus software and have never been infected in 13 years. Hardware firewall is mandatory though of course. There are thousands upon thousands of new virus variants created daily I’m told. Maybe so, but they only have a precious few vectors for ingress. I simply guard those; the usual, no messing with attachments, especially from friends until properly dunked in a virus acid bath, no messing with uninitiated popups of any kind, most especially from a browser, and careful vetting of every freeware install and any updates to flash player or browsers (I’ve seen both false updates for flash and for Chrome lately) and leave Java disabled altogether unless it’s really needed.

    Just that regimen defeats a far larger percentage of viruses than anti-virus does because that form of protection is based and predicated upon distinguishing between legitimate software and viruses and if there are thousands upon thousands every day to distinguish…you do the math; some are going to slip through if one suddenly presents a new and unaccounted for signature.

  12. Tim Reply

    Thank you for all the help and advise you provide for users, like myself, who are not so educated in the hazards that just seem to be lurking and waiting for an open opportunity to pounce! Please keep up the good work you do.

  13. Jake Reply

    Hi Leo! i got a virus but i have Avast antivirus and all? what shall i do? i got the virus 20 min ago, and im trying right now to track it down and hopefully delete it. Those who created Virus should die…

    • Mark Jacobs Reply

      That’s why it’s so important to do a daily or nightly image backup. When that happened to me, I just ran my backup recovery program and restored to a clean system. This isn’t an “I told you so” as much as a piece of advice to avoid this kind of thing in the future.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.