I wonder the about the origins of viruses. I mean, are things detected as
viruses really viruses, or its just a way for anti-virus software to make us
feel good about running their products? Or perhaps the anti-virus companies
also make the viruses, so that we have a need for their product? And could the
scanners get confused by other problems that are mis-identified as viruses?
Thereâs a gut instinct to react to this question by saying âboy, you sure
are paranoidâ. I mean, the question implies some heavy-duty conspiracy is at
play.
The problem is that, as with any fear, thereâs a grain of truth to it. That
means that if you ask me âis this âyouâre infectedâ message a hoaxâ the best I
can offer is âmaybeâ.
We need to check a few more things before we can really say one way or the
other with any certainty.
Letâs look at a few of those thingsâŠ
Become a Patron of Ask Leo! and go ad-free!
First off, if you are running a legitimate, name brand, anti-virus program,
and it tells you that it has found a virus ⊠then itâs not likely to be a
hoax, and you most likely do have that virus on your machine.
So, whatâs a âlegitimate, name brand, anti-virus programâ? There are several
clues that you can use:
-
Itâs recommended, or at least discussed, by more than one tech or
software recommendations resource. Obviously I make mention of several anti-virus programs,
but Iâm not enough. You should be able to find similar mention or
recommendations other places as well. For example computer magazines are a
great place for periodic software reviews. Even Microsoft has a page listing
Anti-Virus Software partners. Any
of those can be considered âlegitimateâ. -
Itâs available in more than one place. If you see it on the shelves of your
local computer store, or you an purchase it on-line at places like Outpost.com
or Amazon.com, then you can consider it âlegitimateâ. You can buy it wherever
you like, but the fact that itâs available in multiple places gives it much
more legitimacy. -
If youâve never purchased it, and you suddenly get a pop-up that says âyou
might be infected! Buy this software to protect yourself!â itâs probably
not legitimate.
That last one is particularly important, and leads to my next point.
âą
more software, donât do it.â
Some less-than legitimate software vendors have taken the approach of trying
to scare you into purchasing their product. You might get that message âYou
might be infected!â, or worse âYou are infected!â, as a popup in your browser
or elsewhere. If the âsolutionâ involves downloading or purchasing more
software, donât do it. Especially if you are already
running anti-virus software, and especially if the message doesnât look like
anything a message from your anti-virus software. That is a hoax.
Itâs almost a form of phishing â the vendor is presenting a sales message
that looks like an error message, but it is not. Donât click on the
message â even if it looks like it has an OK, or âNo Thanksâ or any other
kind of button in it. Why? Because those buttons are often fake and lead you
to the vendorâs website whether you want to go there or not. Click on the
little âxâ in the upper right corner of the message window instead, to close
it.
Whatâs important here is that you need to be able to tell the
difference between a legitimate alert popped up by your anti-virus software and
a fake warning showing up elsewhere. Two quick tests:
-
Your anti-virus software will include the name of the anti-virus software
(which you should recognize â you should know what package youâre running on
your machine). The fake will not, or will have the wrong name. -
Your anti-virus software will not pop up a message in a browser window.
(ALT+TAB, and youâll see the icon for your browser, say Internet Explorer or
Firefox, and not that of the anti-virus software.) Many hoaxes do, as you are
browsing the web.
âą
So if there are some folks out there who are using these slimy marketing
tactics to scare us into buying their product, could they in fact also be
writing viruses that only their package can remove?
The answer is an emphatic âNoâ for all the legitimate
makers of anti-virus software listed above. They would instantly lose all
credibility once discovered.
The answer is also a reluctant âYesâ for the scam artists out there. There
have been cases of viruses written in order to sell the solution to the
specific virus. Itâs occasionally referred to as âhostage-wareâ. You are
infected, and your machine is held hostage until you purchase the specific
solution. The good news is that this never lasts very long. The legitimate
anti-virus vendors quickly add each new virus to the list of those that they
catch as well. If youâre already running a good anti-virus program, then youâll
typically need do nothing but stay up-to-date with its database updates.
âą
Can an anti-virus be fooled? Of course.
Occasionally an anti-virus program will alert to a virus that isnât actually
present â itâs called a âfalse positiveâ. Legitimate anti-virus vendors move
quickly to update their definitions so as to remove these when they are
detected.
Similarly, viruses are constantly trying to hide, and slip through the
anti-virus scanners. And again, the vendors are constantly on the alert for
when this might happen, and update their definitions accordingly.
Thatâs one of the many reasons that keeping your anti-virus programâs
database of known viruses up to date is so critically important.
âą
One last point I do want to make is this: anti-virus programs rarely say
âyou are infectedâ, but rather something along the lines of âI found this
virusâ. The difference is subtle, but important.
A virus can exist on your machine, but not be âinstalledâ or activated. A
good example is an executable file that youâve downloaded which contains a
virus. It exists on your machine, and the anti-virus software will catch it,
but you are not actually infected.
Once you run the executable, and the virus also has a chance to run, thatâs
when the infection actually occurs.
your comments are always so helpful to me