It seems like even the most up-to-date anti-malware package isn't always enough. It's frustrating because you think that it would be.
That’s a very good question. Most people believe that they’re totally protected because they have an anti-malware program.
Unfortunately, that’s simply not true.
The answer is partly the nature of anti-malware software…
… and partly the nature of “the race.”
The race – and bad luck
I use that term – “the race” – on purpose. Combating viruses is a four-way race:
- In the lead are malware writers looking for vulnerabilities and writing malware to exploit them.
- Coming in second are the anti-malware software vendors looking for ways to detect new malware as it appears as well as figure out the correct way to eradicate it when found.
- Next are the software vendors looking to plug the security holes that the malware exploited in the first place.
- Lastly are folks like you and me, hopefully keeping our systems up-to-date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.
As you can see, virus writers are almost always in the lead. You and I? We’re dead last – hopefully close to the pack, but still – last.
As a result, the first answer boils down to simple bad luck. It’s possible to be doing everything as right as you can and still get infected if:
- Your anti-malware software has not yet been updated to know how to detect it.
- Your system or application software has not yet been patched to fix whatever vulnerability the virus exploits.
All anti-virus software is the same, only different
Sadly, as far as I can tell, there is simply no “best” anti-virus or anti-malware package. Almost all of the name brands are good, but I’ve not run into one that really stands out above the crowd at detecting absolutely positively everything.
In other words, no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there’s no single package that you can count on to catch everything. So it’s possible to still get infected even though your anti-malware tools are completely up-to-date.
The internet: Wear protection before touching it
One of the more frustrating scenarios that I’ve seen involves going to great lengths to clear a machine of viruses only to get infected again within seconds of connecting to the internet.
Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don’t even have time to download your operating system update, or anti-virus software, before your machine is once again a victim.
Firewalls help, particularly hardware firewalls such as routers. That’s one of the reasons why folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic and types that you’d never need. They block out the unwanted stuff before your computer ever really sees it or has a chance to be infected by it.
The good news here is that most operating systems now either come with a software firewall turned on by default or strongly encourage you to turn it on as you perform your initial install.
The harsh reality
All malware is not created equal, which is why there are so many different terms to describe the variations. Some exist merely to propagate. Others exist to do damage. Some exist to silently send spam. Still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email. Others travel by downloaded applications. As we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.
No anti-malware tool can protect you from yourself. For example, if you open an email attachment that you don’t recognize and run it, you may install a virus before your anti-virus software has a chance to act. When downloading a file, if you choose to ignore a warning that your anti-virus package or firewall displays, you’re telling the software that you know better than it does what is or is not safe.
If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up-to-date as possible … it’s on you to know what you’re doing.
Let’s hope you do.
Why is it like this? It’s hard to say. Ask 10 people and you’ll get 10 different answers: hackers with too much free time, operating systems that aren’t robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there’s more money to be made by infecting large numbers of machines with spam-sending bot software.
Of course, it shouldn’t be like this.
For whatever reason, it is like this and will be for the foreseeable future. That’s why you and I are each responsible for keeping our computers safe on the internet.