It’s a race.
In other words, why don’t anti-malware tools work better? Why don’t they work the way we expect them to?
I fault AVG for the phrase “traditional viruses”. I think that puts an unrealistic spin on your expectations. Malware is malware, and that includes viruses, spyware, ransomware, rootkits, zombies, and gosh knows what else. What they mean by “traditional” is unknown, and I have no idea where the 3% figure comes from.
But there’s a kernel of truth in AVG’s statement. No matter what program you run, there’s still a chance your computer will get infected.
Anti-malware tools don’t always stop threats because it’s a race. Malware writers create new tricks every day, and security software is always catching up. Updates take time, tools vary, and sometimes users ignore warnings. The best defense is still you staying alert and making smart choices.
Security software
In the past, we categorized security software by the type of malware being targeted.
We had anti-virus programs looking for files containing data patterns matching those of known viruses. Anti-spyware tools monitored for known spyware behavior. Anti-rootkit tools specifically countered advanced techniques used by rootkits to hide files.
In recent years, the lines have become so blurred as to be meaningless. As a result, we now talk in more general terms about security software and malware.
Help keep it going by becoming a Patron.
Related
Internet Safety: 7 Steps to Staying Safe Online
Staying safe online doesn’t have to be overwhelming. I'll show you seven practical steps anyone can follow to protect themselves from malware, scams, hackers, and everyday digital dangers.#2374
Different vendors, different techniques
Different security software vendors use different techniques to detect malware. This is one of the biggest reasons one tool might detect malware another does not.
New malware is found daily. Almost all security programs use a database of information updated daily (or even more frequently) so they can identify the latest malware by its behavior or appearance.
Another way different tools differ is in how quickly they update their database — including the research required to identify new malware strains as well as the mechanics of updating and pushing out that new malware database. Some companies are better or faster than others.
Sometimes, new malware’s behavior can’t be addressed by a simple database update. The security software itself must be updated in some way. Some companies are better at effective, rapid deployment than others.
How fast vendors can address these issues varies depending on everything from the day of the week to the perceived priority of the issue at hand (not always agreed on) to the technological details of the new malware and how the security software’s architecture can be changed to catch it.
Related
Are the Bad Guys Winning?
Media hype makes it seem like the bad guys are winning. They're always in the lead – but don’t believe the hype.#78360
It’s a race, and security software is always behind
Combating malware is a four-way race.
- In the lead are malware writers looking for vulnerabilities and writing malware to exploit them.
- Coming in second are the security software vendors finding ways to detect and eradicate new malware as it appears.
- Next are the application and system software vendors trying to plug the security holes.
- Last are folks like you and me, keeping our systems up to date with the latest updates to both our security software and the software that might have vulnerabilities.
Malware writers are always in the lead. You and me? We’re dead last. Hopefully close to the pack, but even so, last.
That means it’s possible to be doing security as well as you can and still get infected, if:
- Your anti-malware software has not yet been updated to detect a new threat.
- Your system or application software has not yet been patched to fix whatever vulnerability the virus exploits.
Related
Resist Those Dancing Bunnies
Scammers and malware authors often make fantastic promises to try to get you to drop your guard. I'll discuss why it's important to stay skeptical.#16432
Dancing bunnies?
I’ve written about The Dancing Bunnies Problem before. People will explicitly ignore, disable, and bypass all security measures to access something they’ve been led to believe is particularly desirable.
If an email you get says “Download the attachment to see dancing bunnies,” some percentage of users will do exactly that and more, if necessary, because they want to see dancing bunnies, dammit.
Put in more relevant terms, you can have the best anti-malware and security software that could exist, and it’ll do you no good if you ignore its warnings or bypass its restrictions.
Your security software “allowed” you to get malware because you told it to against its warnings and advice. It didn’t matter what security software you were running or how good it might be.
Related
What Security Software Do You Recommend? (2025 Q3 update)
My updated guide cuts through the hype with four no-nonsense steps to keep your PC safe. Learn what works, what to avoid, and how to stay secure without overspending or overcomplicating.#3517
What does it all mean?
There is no single best anti-malware tool or security software.
Security tool A may catch this newly released virus today, but program B might address tomorrow’s new virus more effectively. Vendors know this, so they’re continually working to improve the coverage of their products.
The techniques used by program C may work with little to no impact on my system yet be a major resource hog on yours. The best vendors test across a wide variety of systems and configurations, but by definition, doing so is in direct conflict with getting important updates out as quickly as possible.
And, of course, there’s still the race between malware authors and anti-malware vendors. There’s always a hole in the coverage, and something might slip through.
I don’t mean to imply that any of this is or even should be easy. We’ve seen major security vendors push out updates that have failed or even crashed some customers’ machines. It should never happen, but, given the rush to get updates tested and out quickly, I’m surprised these problems don’t happen more often. It’s difficult to get it right 100% of the time, especially when we expect anti-malware tools not to affect the performance or functionality of our computers.
Do this
You are the most important anti-malware tool your computer has.
- Your ability to recognize and skip malware is far superior to that of most anti-malware tools.
- You can recognize spam and bogus attachments.
- You know you shouldn’t have visited that website.
- You knew that too-good-to-be-true offer was, indeed, too good to be true.
- You knew that the dancing bunnies were never real.
That knowledge, and what you do with it, is what keeps your machine safest.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
It is my opinion that anti-malware tools don’t work better because they are always playing catch-up. Every piece of malware that they have to respond to is already in the wild for a while until they can identify it and develop, test, and deploy their response to it, therefore the bad guys have those windows of opportunity where even the most diligent person is unprotected from, and especially unaware of, the threats against them.
The thing about virus and antivirus is that, (antivirus comes with virus) anti-virus developer are also the cause of virus. Think about it,how will they earn if it’s only virus thing right? soo they work out virus and develop anti-virus to earn. Anti-virus won’t make your pc 100 % safe they can detect major problems but can’t keep up with manor thing such as malware and etc.
That’s a bit of a conspiracy theory for sure.
People keep saying this and there’s been zero proof. None. Period. It’s nothing more than a conspiracy theory – one that I don’t believe.
There is always one thing that EVERY anti-malware cannot protect against. The User.
The malicious few have been getting better and better at disguising their true intentions, while the average User has gotten less and less savvy about what their PC ‘should’ be doing. If we were all as thorough and as careful as Leo, viruses would become a thing of the past – and these huge companies couldn’t charge us for their ‘protection’.
I truly believe people who create and spread all types of malware should be prosecuted to the full extent of the law. There is absolutely no possible legitimate reason for releasing this havoc on the world community. Battling malware has to be at the top of my list of things that upset me most. I would like to recommend Microsoft Security Essentials which is free. I had repeated problems battling the dreaded “Google redirect” malware and since going to MSE I’ve had no problems with any type of Malware. Get it here: http://www.microsoft.com/security_essentials/
Until sometime around 2012, I used to think the same. I remember when MSE was launched, around the same time as Windows 7 & it beat one of the best free solutions around in Avast. MSE was racking up awards left & right in it’s first two years, then there came sudden change.
As Microsoft was preparing to release Windows 8, MSE was neglected. This, I know first hand. Back when we could install Safari with Google Safe Search enabled, I installed the browser & was browsing around, had 20+ tabs open, then all of a sudden, came the UAC for an ‘urgent security update’. Once I applied it, the OS went bezerk (thank goodness for full disk image software in Macrium Reflect).
I removed the drive, placed in a docking station, using a testbed OS which was also imaged. Then scanned using various tools, first with MSE, which caught a few things. Then Malwarebytes caught more, as did Kaspersky Internet Security & Emsisoft free ‘A2 Malware scanner. Finally, all looked to be clean & I placed the drive back into the PC.
Then I done the most dumb thing I had in years, having been up all night cleaning the drive, that UAC popup appeared again to update MSE & once I did, it was the same. At that point, use DBAN (Darin’s Boot & Nuke) on the drive & recovered from my Macrium image taken just 2-3 days prior & finally was able to get some much needed rest.
From that point on, was stocking up at Newegg on the Malwarebytes Lifetime licenses, at $15 each, sometimes a freebie such as a Flash drive would be included. Sometimes, would purchase the limit of 5 for the price, as I have many computers. No more infections since, other than adware cookies that SuperAntiSpyware catches & search engines which AdwCleaner (now a Malwarebytes product) catches.
Plus now as a member of a prominent Tech forum Staff member, we get other software which requires yearly renewal at no charge (ESET Internet Security or Emsisoft Anti Malware). No more infections.
While MSE or Windows Defender included with Windows 8 onwards are OK for a student doing their homework or research, it’s NOT good for those whose travels the Internet across the globe. Note that I dump suspicious emails in a heartbeat, can recognize these easily, yet it’s much harder to catch every bad link. Nor do I click OK to unknown UAC prompts any longer.
No more free security solutions for me!
It sounds like that MSSE security update notice was a scam. Updates to MSSE and Windows Defender come with Windows updates and don’t ask for UAC confirmation.
When Is It Safe to Say “Yes” to User Account Control (UAC) Notifications?
” – and these huge companies couldn’t charge us for their ‘protection’.”
What ‘huge companies’, Bob? I use Avast! for virus detection, ThreatFire for malware/spyware and WinPatrol for everything else. Doesn’t cost me a penny and my computer is virus and other malware free.
I’m also careful about where I poke around on the Internet.
Most users don’t read what they are agreeing to when installing software. Everyone is in a hurry to get it installed and set up to run. I’ve found almost everything is bundled with something we don’t want installed, its not always malicious but it can be and sometimes the price is malware and spyware. So remember this “CUSTOMER BE WARE”!!!
I’m also a computer tech.
Part of the question was “we then must rely on free software downloaded from the internet”
I also wonder why the “paid” security solution cannot beat the free/donation ComboFix (please donate, they will save your computer better than anybody else) for extracting malwares, including the hard to kill Rootkit.
Maybe a list of “free” tools would be useful because searching the internet after an infection is very confusing and stressful. This will bring you to numerous sites where they sell solutions not so good. Even searching for the free tools by name can bring you to a dangerous site.
I use mainly MalwareBytes for a quick clean up and ComboFix which is not for the fainted of heart, I recommend that you hire a technician to run it and recuperate your computer if a bigger problem happen during the cleaning.
Also first thing to do after (or before) an infection: backup backup backup.
Michel G.
I had the misfortune of catching a virus in the wild once. Fortunately it was more just an annoyance than anything that did any real damage. But, once in as many years and I leave my PCs on 24/7 isn’t bad. A lesson learned I like to remind XP and any other OS user that has a system restore- an infected file can well end up in your system restore files and, once -I don’t know about now- by default anti virus programs did not scan the restore files! After my infection was removed i would get an alert that a virus was on my computer. I would run a scan and it came up clean. I ran one from Symantec’s site and it DID scan the restore files and found it. I do sit behind a router and use both a firewall and antivirus plus a malware tool. As an aside, I tried Microsoft Security Essentials for a week running it alongside my NIS, I know it’s not recommended but I have this curious streak inside me and wanted to see how they acted. Besides, I hadn’t crashed my computer in 5+ years. Anyway, they did not conflict with each other but one day while I was on the PC I got two alerts within a few minutes of each other for a blocked hack attempt from two different former Soviet Bloc countries. The alerts came from NIS which made me wonder just how or if MSE was going to handle them. Since it apparently did nothing and left me uneasy about it, I spent the next few days reading everything I could find on comparisons between MSE and the various security suites. After all my research I removed MSE and went back to NIS, especially since my ISP offers it free to subscribers. My reading showed MSE to be only marginally better at a few things than other products -emphasis on marginally-, but it was worse at doing other things. One place on a 15 point scale rated it a 6.5 while there were many more well known products that rated twice that in overall performance. Its biggest advantage is it’s free. Still, good sense is the best add on to whatever protection you use. Lately the most frequent thing I personally see is fake friend requests from Facebook. If you are on FB and get such requests I strongly suggest opening a browser window and entering FB in the address bar. Once you get to your home page check under the notices icon at the top. If the friend request isn’t there, it isn’t genuine. To steal a quote from a long ago cop show: be careful out there!
I use varied and assorted ‘anti-malware’ programs. They overlap, which is good, IMHO, and I update them religiously and use then when I feel a need.
The best anti-bad guys stuff is paying attention.
YOU are your best defense.
95% of the malware that I get to remove, consists of the rogue anti virus variety. The writers of these are getting better at what they do. AntiVirus System 2011 in particular, which hid behind a fake AVG 2011 icon, took me a long time to track down. Not one of the Anti Virus programmes I have seen can stop these from coming in, and only a few anti malware programmes will remove them.
One publication that periodically compares anti-malware programs (sorry forgot name), said that most of them will snare 95% of known malware (it doesn’t go in depth however of the overlap/intersection of who catches/misses what). Are these the “traditional” viruses? I agree with Leo; lousy marketing.
It also went on to say that only 35% of new viruses are caught in the first month in the wild.
I recall (fuzzy on this too) that there is a anti-virus sharing site but that still leaves time to acquire (if it’s been submitted), test, package, and distribute a new datafiles with the new anti-virus solution. And, then you’ll need auto-download to integrate it into your system; you do this everyday right?
You do pay your subscription right? The Free viruses are, ah well, free; what’s their incentive to do this pronto. You get what you pay for. Paid programs download many times per day.
Microsoft’s Security Essentials comes out very well in these head-to-head comparisons and it is “free”. But then again you did have to purchase Microsoft Windows.
Just a comment or a few on this topic..
I do have to say i do 1000% agree ( if that even a figure i can use here) with everything that has been said..
Your best defnense .. is COMMON SENSE .. you can have all the software you want ( ive been working with systems for close to 15 years .. ) ive seen all sorts of infections on systems .. even with having SOME OF the best scanners that are out now..
NOTHING .. and i mean NOTHING replaces common sense..
I have had to redo systems where this crap SHOULD NOT have gotten thru .. even after teling and showing the owner of the system how to go about things and what not to do ….
what you have to remeber as well .. is ( yes this is documented secertly) some A/V A/M companies .. DO contract things out to se what can breach their security ( THink BLack Hat ) MOST a/v’s and A/M WILL catch a majority of things .. but the “hackers” always sem to be one step ahead of the a/v, a/m companies..
But agian the ULTIMATE PROTECTION is the user..
BUt also think about this .. if it wernt for the virus /malware creators.. some of us .. that are independant workers on systems .. we would not realy have our side jobs.. that some of us have..
In a weird way .. its a bit of a symbyotic relationship.. if it werent for them we wonldnt have to redo computers .. ( yeah a pain in the back side) but we wouldnt make an income…
NO I AM NOT CONDONING what the Viris or malware creators do .. it sucks cot he “novice user” but just think about it …
Just my thoughts.
~LoneWolf
Compare the situation with the Medical World.
The Vaccines for protection against Virus Infections such as Flu/Influenza, are no good against Bacterial Infections.
The Anti-Biotics for Bacterial Infections are no good against Viral Infections.
But you generally need both simultaneously, because of side effecrs, eg Flu weakening the general resistance leading to Pneumonia.
As regards producing the Anti-Viral Vaccine, the Medical world has to wait and see how the many Flu Viruses are developing, to decide on which one is the greatest threat, obtain samples after it has been identified – and then set about developing tha specific Vaccine.
Similarly, Bacteria are developing resistance to the many Antibiotics on the market, so the long-term research to develop new ones.
It is “survival of the fittest” on all sides of the story.
I remember the day when a virus was a virus. Avoiding email attachments from unknown senders was your best defense. As the internet has successfully ingrained itself into our everyday lives, and especially with the advent of broadband, there are so many new ways to get into trouble. As a twelve year bench tech, the majority of “infections” that I see now are self inflicted, many by our customers who still believe that you can get something for nothing. We carry a laundry list of utilities, all freely available, to perform our cleanup and repair, but the most important tool in our arsenal is still education. No anti-virus/malware tool out there can defend against bad judgment.
I worked 7 years for a major AV company. All AV firms rely on customers sending them samples of malware/infected programs. And ALL the major players first develop the ‘fix’ for that item – then within a day or two, swap their sample malware/infected sample with each other. So there is minimal delay for adding detection to their products. A month or more is far out of line, and I don’t believe it for a second.
Major firm’s anti-virus ‘hunters’ meet yearly for conferences and exchange information and papers. Though their companies are competitors, the better ones encourage their AV people to cooperate with each other. So going with a minor ‘freeware’ program where the developer isn’t involved with this group is not a ‘cheap’ solution, but an ‘iffy’ one.
Some of the sneakiest malware being devolped today is web pages with Java script allowing that web page to ‘steal’ all sorts of information from your computer. I.E. cookies (containing useful information), your Contact list, to annoy your contacts with apparent requests from your ID, and who knows what else can easily be lifted off your computer.
You’ve seen those “Click here to send your friends a request to join XXXXXX”. I was stung myself by LinkedIn due to an accidental click on their ‘tiny’ “click me” box!!
As so many of the comments state, YOU are the best defense. In addition to the inane action of downloading an unexpected attachement from anyone. – DO NOT go to ‘suggested’ websites from ‘strangers’ (and be cynical about those from your friends, they could’ve had their contact list stolen too)
Best judgement always # 1. I admit I have found humor in the folley of others through various forums (best judgement not used). One case: a user wanted money back due to a virus filled download of an open source program from e-bay. Another case: a user was at the proper download site, but chose to click a sidebar ad and received the program, but with…..a virus. User failure indeed. Always do research, go to the actual true download site, never deviate from the direct path. Otherwise, I’ll be chuckling at your folley in a forum. Sorry.
i have never used an av on my laptop all i use is firewall and defender and occasionally run anti malware to check system i have never had a virus in 2 years
On a trip to New York, I noticed that restaurants, even the hole-in-the-wall type (where I found the tastiest food) prominently displayed a sign with a large, upper-case letter in the window. I was told that this was a rating by the health department (A, obviously being the highest rating). You wouldn’t want to eat at a restaurant with a low rating (or NO rating). Similarly, you wouldn’t just pick up food that was lying on the sidewalk and put it in your mouth. A lot of people, apparently, would do just that with their computers and unknown software.
Before installing software, check out its rating with trusted sources. This site is one of them. Leo has several articles that discuss other trusted sites.
“There is no single best anti-malware tool.”
A statement you made, but I truly believe that there is a single tool built into most Microsoft OS’ which is
Windows Defender….
I’ve been using it for several years now after AVG and a few others and I am extremely happy with it and it does
work if you keep it updated ON A REGULAR BASIS. With that being said, now I’ll probably get hit…hope not tho!