Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is anti-virus dead?

Question: Hi, Leo. Do you have any observations, comments or advice about the recent Symantec talk given to Wall Street Journal? They seem to say that only 45% of computer viruses are caught. Are we as home users more prone to attack nowadays, or is this comment mainly directed to companies as an earnings increase tactic? I’m sure we’ll be interested in their falling profits.

Yeah, this actually made the headlines a couple of weeks ago. The headline that was being generated of course, was “Antivirus is dead”.

No.

Antivirus is not dead.

In my opinion this is just another case where somebody chooses an exceptionally sensational headline or position in the hopes that it will get people talking. Apparently they succeeded, because here I am, talking about it.

Become a Patron of Ask Leo! and go ad-free!

Effectiveness

I actually have no idea where the 45% figure comes from. I have a hard time believing it’s a reflection of anti-malware tool effectiveness (or ineffectiveness). What I could believe is that it’s the result of some kind of combination of people not keeping those tools up to date, intentionally ignoring their warnings, or perhaps not even not running them at all. So exactly what it means is unclear.

But if it’s a global statement of overall effectiveness of the tools, I disagree.

But let’s say, just for a moment that this figure is correct. Let’s say that you really only have about a 50/50 chance of malware getting caught by your anti-malware tool. And again, to be clear, I do not believe this is the case; I’m just letting it slide so I can make my next point.

If there’s any point to really take away from the discussion then, it’s this: anti-malware tools are only a part of the solution anyway. One thing I agree with is that you cannot rely 100% on anti-malware tools to protect you from everything.

Only a part of the solution

Virus in a Picture?First, not all tools catch everything. I’ve said this before. There is no perfect anti-malware tool.

Second, not everything that we might call malware is in fact, malware. Consider the recent rise of what we’ve come to call “foistware”. These are the toolbars and other things that get installed surreptitiously as you install something else. Technically, they’re not malware, but to most people, they are. Anti-malware tools may or may not even try to catch these so-called “potentially unwanted programs” or PUPs.

Third, no anti-malware tool can stop a user from doing something that that user is intent on doing. It’s been referred to as the “dancing bunnies” problem. If you get something that promises you a video of cute, dancing bunnies, you’re going to do everything in your power to see the dancing bunnies you’ve been promised, even if that means circumventing the security systems on your computer, and even if the promise of dancing bunnies turns out to be a lie. I’ve seen many, many kinds of posts and scams on Facebook that really leverage this dancing bunnies problem.

It’s really nothing new

The fact is not much has changed. Anti-malware tools were never 100% solutions, though I’ll certainly claim that they offer more than a 45% solution.

The real solution is, and has always been, a combination of things that I mention here fairly regularly and that you already know. Yes, use anti-malware tools and keep them up to date; but also use a firewall; and keep all your software, especially your system software, as up to date as possible. Don’t open email attachments that you aren’t absolutely sure of. Secure your network, back up.

But above all, be skeptical because by far, the single most important anti-malware tool in your arsenal is you.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

9 comments on “Is anti-virus dead?”

  1. Leo, I don’t believe the 45% assertion either. Using Norton Internet Security, the Norton Firewall and Antimalwarebytes I have had one intrusion on my Alenware computer in the four years I have had it. That intrusion was pretty drastic but I managed to restore my Windows 7 operating system after a few hours of intense efforts without having to use my Macrium clone or reinstalling Windows 7. Funny, that intrusion occurred on a Tuesday, just a half hour before windows updates issued eight important security updates.

    I go places on the web where no man has ever gone before. And I bring ’em back alive. Norton, Norton’s rootkit program, Malwarebytes and Malwarebytes rootkit program do the trick. I’m sure other reputable anti-virus programs do equally well, though I advise my friends to purchase the for-pay anti-virus programs, not the free versions. Free anti-virus programs couldn’t have the financial resources to maintain and update virus definitions as well as for-pay programs. That only stands to reason.

    Reply
    • “Free anti-virus programs couldn’t have the financial resources to maintain and update virus definitions as well as for-pay programs. That only stands to reason.”

      Not true at all. I use Avast! Free and my virus definitions get updated daily. Also, Avast! warns me when software needs to be updated, which I consider to be a nice bonus. All for free.

      Reply
      • I also use Avast with good results. Avast nags you a lot to get their paid version which I don’t mind as this is my payment for using their “free” software. The people who respond to those ads finance their R&D.

        Reply
  2. The 45% comment comes from a Symantec release (could not locate link) about a month ago, where they said that they were moving from antivirus to full system protection.

    Personally, I’m not surprised that Symantec only catches 45% of viruses…

    Reply
  3. I haven’t read the article, but it occurred to me that what he might mean by only catching 45%, he is including ad-ware/foistware in the mix. Those aren’t normally caught by AVs and seem to be the majority of malware problems people are asking about at Ask Leo!

    Reply
  4. Other useful layers of protection in addition to those mentioned in the article are:

    – The uBlock Origin browser add-on (blocks ads including malicious ads, trackers and dodgy sites (auto-updates regularly); can block JavaScript globally, can block third-party scripts and third-party frames so preventing malware infections)

    – OSArmor by NoVirusThanks to block dodgy scripts from running and to block dodgy downloads, among many other things; can also prevent Internet Explorer and Edge from running and can block TeamViewer and LogMeIn from running so people don’t fall prey to fake tech support scams; can block email attachments that end in .pdf.exe for example; can block malicious use of PowerShell, among many other things

    – SysHardener by NoVirusThanks: adds many more useful features to harden the OS

    – Create a standard user account and set UAC to its highest setting. That way users will have to enter their password to install software or make any changes to their computer.

    – On Windows 10 enable ransomware protection in Defender. Anti-exploit protection is enabled by default.

    Reply
  5. Forgot to say that DNS solutions like OpenDNS add another useful layer of protection. OpenDNS blocks phishing sites that it’s aware of. I’m currently trying out Quad9 which blocks sites it knows to be dodgy such as phishing sites and other dodgy sites that contain malware or exploit kits. There are several different DNS services which can protect your security or privacy.
    A few are listed here:
    https://www.computerworld.com/article/3427013/best-free-dns-services-2019.html

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.