I wonder the about the origins of viruses. I mean, are things detected as
viruses really viruses, or its just a way for anti-virus software to make us
feel good about running their products? Or perhaps the anti-virus companies
also make the viruses, so that we have a need for their product? And could the
scanners get confused by other problems that are mis-identified as viruses?
There’s a gut instinct to react to this question by saying “boy, you sure
are paranoid”. I mean, the question implies some heavy-duty conspiracy is at
The problem is that, as with any fear, there’s a grain of truth to it. That
means that if you ask me “is this ‘you’re infected’ message a hoax” the best I
can offer is “maybe”.
We need to check a few more things before we can really say one way or the
other with any certainty.
Let’s look at a few of those things…
Become a Patron of Ask Leo! and go ad-free!
First off, if you are running a legitimate, name brand, anti-virus program,
and it tells you that it has found a virus … then it’s not likely to be a
hoax, and you most likely do have that virus on your machine.
So, what’s a “legitimate, name brand, anti-virus program”? There are several
clues that you can use:
It’s recommended, or at least discussed, by more than one tech or
software recommendations resource. Obviously I make mention of several anti-virus programs,
but I’m not enough. You should be able to find similar mention or
recommendations other places as well. For example computer magazines are a
great place for periodic software reviews. Even Microsoft has a page listing
Anti-Virus Software partners. Any
of those can be considered “legitimate”.
It’s available in more than one place. If you see it on the shelves of your
local computer store, or you an purchase it on-line at places like Outpost.com
or Amazon.com, then you can consider it “legitimate”. You can buy it wherever
you like, but the fact that it’s available in multiple places gives it much
If you’ve never purchased it, and you suddenly get a pop-up that says “you
might be infected! Buy this software to protect yourself!” it’s probably
That last one is particularly important, and leads to my next point.
more software, don’t do it.”
Some less-than legitimate software vendors have taken the approach of trying
to scare you into purchasing their product. You might get that message “You
might be infected!”, or worse “You are infected!”, as a popup in your browser
or elsewhere. If the “solution” involves downloading or purchasing more
software, don’t do it. Especially if you are already
running anti-virus software, and especially if the message doesn’t look like
anything a message from your anti-virus software. That is a hoax.
It’s almost a form of phishing – the vendor is presenting a sales message
that looks like an error message, but it is not. Don’t click on the
message – even if it looks like it has an OK, or “No Thanks” or any other
kind of button in it. Why? Because those buttons are often fake and lead you
to the vendor’s website whether you want to go there or not. Click on the
little “x” in the upper right corner of the message window instead, to close
What’s important here is that you need to be able to tell the
difference between a legitimate alert popped up by your anti-virus software and
a fake warning showing up elsewhere. Two quick tests:
Your anti-virus software will include the name of the anti-virus software
(which you should recognize – you should know what package you’re running on
your machine). The fake will not, or will have the wrong name.
Your anti-virus software will not pop up a message in a browser window.
(ALT+TAB, and you’ll see the icon for your browser, say Internet Explorer or
Firefox, and not that of the anti-virus software.) Many hoaxes do, as you are
browsing the web.
So if there are some folks out there who are using these slimy marketing
tactics to scare us into buying their product, could they in fact also be
writing viruses that only their package can remove?
The answer is an emphatic “No” for all the legitimate
makers of anti-virus software listed above. They would instantly lose all
credibility once discovered.
The answer is also a reluctant “Yes” for the scam artists out there. There
have been cases of viruses written in order to sell the solution to the
specific virus. It’s occasionally referred to as “hostage-ware”. You are
infected, and your machine is held hostage until you purchase the specific
solution. The good news is that this never lasts very long. The legitimate
anti-virus vendors quickly add each new virus to the list of those that they
catch as well. If you’re already running a good anti-virus program, then you’ll
typically need do nothing but stay up-to-date with its database updates.
Can an anti-virus be fooled? Of course.
Occasionally an anti-virus program will alert to a virus that isn’t actually
present – it’s called a “false positive”. Legitimate anti-virus vendors move
quickly to update their definitions so as to remove these when they are
Similarly, viruses are constantly trying to hide, and slip through the
anti-virus scanners. And again, the vendors are constantly on the alert for
when this might happen, and update their definitions accordingly.
That’s one of the many reasons that keeping your anti-virus program’s
database of known viruses up to date is so critically important.
One last point I do want to make is this: anti-virus programs rarely say
“you are infected”, but rather something along the lines of “I found this
virus”. The difference is subtle, but important.
A virus can exist on your machine, but not be “installed” or activated. A
good example is an executable file that you’ve downloaded which contains a
virus. It exists on your machine, and the anti-virus software will catch it,
but you are not actually infected.
Once you run the executable, and the virus also has a chance to run, that’s
when the infection actually occurs.