Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

I Run Anti-virus Software. Why Do I Still Sometimes Get Infected?

//
I have AVG virus protection always on and have the Windows firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up-to-date.

That’s a very good question. Most people believe they’re totally protected because they have an anti-malware program.

Unfortunately, that’s not true.

The answer is partly the nature of anti-malware software …

… and partly the nature of the race.

Become a Patron of Ask Leo! and go ad-free!

The race

I use that term — “the race” — on purpose. Combating viruses is a four-way race:

  • In the lead are malware writers, looking for vulnerabilities and writing malware to exploit them.
  • Coming in second are the anti-malware software vendors, looking for ways to detect new malware as it appears and eradicate it when found.
  • Next are the software vendors, looking to plug the security holes that the malware exploited in the first place.
  • Lastly are folks like you and me, hopefully keeping our systems up to date with the latest updates to both our anti-malware products as well as the systems and software that have vulnerabilities.

As you can see, virus writers are always in the lead. You and me? We’re dead last. Hopefully close to the pack, but still, last.

As a result, the first answer boils down to simple bad luck. It’s possible to be doing everything as well as you can and still get infected, if:

  • Your anti-malware software has not yet been updated to detect a new threat
  • Your system or application software has not yet been patched to fix whatever vulnerability the virus exploits

All anti-virus software is the same… only different

Sadly, as far as I can tell, there is no “best” anti-virus or anti-malware package. Almost all of the name brands are good, but I’ve not run into one that detects absolutely, positively everything.

In other words, no matter what anti-virus package you run, it may miss something. Different packages may miss different things, but there’s no single package you can count on to catch everything. So it’s possible to still get infected even though your anti-malware tools are completely up to date.

The internet: wear protection before touching it

One of the more frustrating scenarios that I’ve seen involves going to great lengths to clear a machine of viruses only to get infected again within seconds of connecting to the internet.

Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don’t even have time to download your operating system update or anti-virus software before your machine is once again a victim.

Firewalls help — particularly hardware firewalls such as routers. That’s one of the reasons why folks like me harp on putting your computer behind some sort of a firewall. Firewalls understand the difference between certain types of legitimate internet traffic and types that you’d never need. They block out the unwanted stuff before your computer ever really sees it or has a chance to be infected by it.

The good news here is that most operating systems now either come with a software firewall turned on by default or strongly encourage you to turn it on as you perform your initial install.

Infected!The harsh reality

All malware is not created equal, which is why there are so many different terms to describe the variations. Some exist merely to propagate. Others exist to do damage. Some exist to silently send spam. Still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email. Others travel by downloaded applications. As we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.

No anti-malware tool can protect you from yourself. For example, if you open an email attachment that you don’t recognize and run it, you may install a virus before your anti-virus software has a chance to act. When downloading a file, if you choose to ignore a warning that your anti-virus package or firewall displays, you’re telling the software that you know better than it does what is or is not safe.

If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up to date as possible, it’s on you to know what you’re doing.

Why?

Why is it like this? It’s hard to say. Ask 10 people and you’ll get 10 different answers: hackers with too much free time, operating systems that aren’t robust enough, success in the marketplace that makes for a bigger target, and more. Of late, there’s more money to be made by infecting large numbers of machines with spam-sending bot software.

Of course it shouldn’t be like this.

For whatever reason, it is like this and will be for the foreseeable future. That’s why you and I are each responsible for keeping our computers safe on the internet.

31 comments on “I Run Anti-virus Software. Why Do I Still Sometimes Get Infected?”

  1. I had to turn off my Firewall because my Dell said that AOL was being blocked by it. I was asked to remove it so I could go online. Is this neccessary? Can I run thae Privacy wall instead? Help. Yhank-You.

  2. I firmly believe that those Anti-Virus companies are indeed conspiring to place viruses on the net. Think about it! It’s a very big money maker!

  3. I have OpenOffice 3.3, it keeps crashing everytime I want to open a file or type a new letter. What is the problem? Thank you

  4. I am ur big follower LEO….a BIG thank you for all the help & ur advices!!!!!! hope fully u will continue all this good work…..cheers

  5. I have never, in over 20 years of increasing internet use, installed any security software. I have suffered two viruses: the first was on a floppy given me by someone I trusted; the second was while updating Windows immediately after installing it, before Windows firewall was enabled by default. Now Shields Up tells me I’m invisible, except for Ping, which doesn’t bother me.

    Vigilance is all it takes – there’s no substitute for it.

  6. avg became the malware. I tried it once, but it did nothing for me, so I uninstaled it, but it then got into everything and just kept getting worse. It even took money out of one of my accounts. No mater how many solutions I tried, it just multiplied and blocked my firewall, so I had more viruses. I finally had to get a new complete install. That sort of worked but blocked any programs until I sent money to another secuurity program, which I later learned was another scam. So far I have been unable to get a refund, but i think my computer is now working with microsoft security.

  7. The stuff that ‘infects’ many computers these days are unwanted browser extension ,add ons. toolbars, browser hijackers which change home page and search engine. These can slow the computer down to a crawl.
    Most antivirus packages do not remove these as they come bundled with wanted software programs and are not detected as malware.
    Getting rid of this scourge is easy enough when you know how. Most removals have to be done one by one,but often it just comes straight back unless thoroughly removed.
    The best fix is a Windows reinstall …this usually takes less time overall and is the most effective.
    jp

    • Malwarebytes is very good at removing a lot of these PUPs (Potentially Unwanted Programs.) They’re usually not so “Potential.” Most of them are absolutely unwanted.

  8. I recently changed from AVG to ZoneAlarm, and ZA found things AVG hadn’t, on it’s first scan.
    I also run MSE (or Windows Defender, depending on OS) just to keep an eye on things.
    If I’m really feeling paranoid, I go to Trend Micro and run their “Housecall”.

    No anti-malware is perfect. Paid services are ‘supposed’ to be better, but why pay for something you -know- you can’t trust completely when the free ones are “good enough”?
    And to quote Leo from a different article – if someone wants to see the ‘fluffy kitten pictures’, then no anti-malware software available will protect them from themselves.

  9. Along with James S., I don’t run an active anti-virus software and have never been infected in 13 years. Hardware firewall is mandatory though of course. There are thousands upon thousands of new virus variants created daily I’m told. Maybe so, but they only have a precious few vectors for ingress. I simply guard those; the usual, no messing with attachments, especially from friends until properly dunked in a virus acid bath, no messing with uninitiated popups of any kind, most especially from a browser, and careful vetting of every freeware install and any updates to flash player or browsers (I’ve seen both false updates for flash and for Chrome lately) and leave Java disabled altogether unless it’s really needed.

    Just that regimen defeats a far larger percentage of viruses than anti-virus does because that form of protection is based and predicated upon distinguishing between legitimate software and viruses and if there are thousands upon thousands every day to distinguish…you do the math; some are going to slip through if one suddenly presents a new and unaccounted for signature.

  10. Thank you for all the help and advise you provide for users, like myself, who are not so educated in the hazards that just seem to be lurking and waiting for an open opportunity to pounce! Please keep up the good work you do.

  11. Hi Leo! i got a virus but i have Avast antivirus and all? what shall i do? i got the virus 20 min ago, and im trying right now to track it down and hopefully delete it. Those who created Virus should die…

    • That’s why it’s so important to do a daily or nightly image backup. When that happened to me, I just ran my backup recovery program and restored to a clean system. This isn’t an “I told you so” as much as a piece of advice to avoid this kind of thing in the future.

  12. I h a ve AVG and something was on my screen saying to call them. Which I did. It turned out I spent 199.99. That turned out I had to pay $460.00 to get it fixed. I think one virus protection knocked out another and then I have to pay them. Sort of a rip off.

    • That pop-up wasn’t from AVG, it was a fake pop-up ad from some website you visited. You have to be very careful about pop-ups and rogue ads disguising themselves as useful information. The web can be a dangerous jungle sometimes.

  13. I have an AVG anti virus protector, had it for years and all was well until yesterday. The email window is too large and I can not get it to be smaller.
    It can not be shifted vertically, or horizontally some times. so I can not use my emails.
    As I can not fix it, I presume it is a virus. I need urgent help.

  14. We all respect to you an others, I cannot believe that a program to locate and destroy or delete the virus can/t be written.
    If we can write a program, to place a probe on the farther regions of the Universe, writing an antivirus program that works
    should be child’s play.

    • Sending a probe to the farthest regions of the Universe is a matter of using scientific principles of Newtonian physics. Fighting viruses is an infinite no rules chess game between two groups of equally intelligent human beings.

    • Nope. When it comes to malware the target is constantly moving, and in ways that cannot be predicted. Right now the only viable approach for general-purpose operating systems is to target malware after it’s been identified once.

  15. A number of years ago, I had a trojan that kept popping up on a Windows XP computer. I finally realized that it was a computer that rarely connected to the network, but everytime it did, it was spreading the trojan to other computers on the network. And since the computer was rarely used, it wasn’t updated to include this trojan.

    Bottom line, is it may not be your computer, but someone else who gets on your network.

  16. I should also add, that I’ve found that some programs don’t enable scanning removable media by default. This to me is bad practice, as sharing USB memory sticks is the easiest way to transfer malware. It’s the equivalent of getting a virus from sharing floppy drives back in the 80s and 90s. Check your security software to ensure that it is also checking removable media, particularly those USB memory sticks.

  17. For my company / home laptop i use Kaspersky, it rarely lets me down and has a very low false positive %, for our company network i use Sophos , both are great AV’s , Sophos has better management interface for networks and Kaspersky gives me a second AV to run through shared company drives as a “second opinion”.

    However i believe Windows Defender that is packaged with Windows 10 is very good, so good i don’t bother with anything else on the family’s computers.

    The New boy on the block that purports to be “different” to the rest is Cylance they make some big claims, Carbon Black and Morphisec also claim to be Next Gen (whatever that is).

    I would just point out that detection rate is only one aspect of a good Antivirus, i believe false positives are equally important, if you are continually being nagged by the AV people tend either ignore or turn it off negating any benefit. As a programmer i hate waking up in the morning to find all my Binaries have been eaten by the Antivirus.

  18. “One of the more frustrating scenarios that I’ve seen involves going to great lengths to clear a machine of viruses only to get infected again within seconds of connecting to the internet. Some classes of viruses exploit operating system vulnerabilities that are present simply by connecting to the internet. You don’t even have time to download your operating system update or anti-virus software before your machine is once again a victim.”

    Man, some of these old articles could use a refresh.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Typically that's off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.