Be careful how you remote desktop
January 17, 2011
Ransomware Threats Growing
March 25, 2011

Why didnt my anti-virus protect me

This is the number 1 question asked by customers when they have paid for anti-virus software, and they still find themselves infected somehow. It is usually a hard question to answer, and nobody likes the answer. Anti-virus software works in a certain way, and it is not at all fool-proof.

I will attempt to answer this question for the benefit of our customers and readers.

To begin to answer this question, we have to understand exactly how anti-virus software works. Most current anti-virus programs have 4 separate components. They have a comprehensive scanner, a “real-time” scanner, a virus encyclopedia, and a heuristic scanner.

  • Comprehensive scanners scans on a schedule and inspects each file for threats. The comprehensive scanners scans on a schedule. It does a full system scan each night, or morning, and it compares the contents of the file to the virus definition list. It marks things as infected if it finds a match.
  • Virus encyclopedia contains the list of known viruses, and other bad stuff. The virus encyclopedia is often called “virus definitions”. The company you purchased your anti-virus software from provides your computer with daily updates on new viruses, spyware, and other threats. This repository of information contains all the forensic tools your computer needs to detect and remove viruses.
  • Real time scanner attempts to scans things as you open or access them, using the same encyclopedia as the comprehensive scanner.
  • Heuristic scanner is a tool that looks for things that could be bad, but are not necessarily in the encyclopedia. it compares how a program or file acts, and tries to find things not on the known bad list.

As your computer scans and inspects each file, it compares the contents with it’s list and either says the file is OK,  or marks it infected. This is similar to a guest list at a popular night club. If you are on the list you get in, if not, they wont let you in. The anti-virus software works opposite, if you are on the list, your probably a virus, and if you are not, then you are good (or good as far as it knows).

These 4 aspects work in conjunction with each other to provide the most protection possible. To date, this has been the most effective for finding and removing viruses. Now, let me tell you what goes wrong and why even this elaborate setup doesn’t always work.

A file in it’s entirety is easy to scan. The program opens it, takes a peek, closes it and moves on. When things are downloaded from the internet, is it very hard to scan before it finishes downloading. You don’t have a complete file yet. The anti-virus program actually has to wait until the virus finishes downloading before it can scan it.

The makers of viruses and other bad crap, also have access to the popular virus definitions and repositories. They use this info to come out with viruses that will not be easily detected. This makes it difficult to stay ahead of the viruses, because they are always getting “smarter” at hiding them.

If the anti-virus program does too much scanning and checking, the computer would move at a snails pace. It has been proven that people will choose faster service over more security. Airport lines are too long, passwords are too complex to remember, and anti-virus programs slow my computer down too much. The anti-virus program makers try to balance security with speed, and that makes the programs less effective. There are also people with newer faster computers, and those with dinosaurs.

The anti-virus program makers release new and updated virus definitions as they learn of new threats. Usually, that means someone got infected first. They then study, the virus, learn, and try to release updated definitions for their customers. This delay between infection and release means that someone will get infected. They don;t know there is some new threat on the prowl, until someone gets it first.

The anti-virus program will not stop you from using your computer. If it told you no for everything you click on, then you would just turn it off. What is the point of the computer if I cant use it? There is no way for the anti-virus program to know something is bad BEFORE you click on it. How could it? It hasn’t scanned it, and doesn’t even know you will click on it until you do.

The biggest problem with anti-virus programs are in the name. The name makes you think it is more protection that it delivers. Anti-virus is taken to mean no viruses. Or protection against viruses. Neither of which the anti-virus program offers.

So how do you reconcile the fact that you purchased anti-virus software, and still got a virus? You had to pay for the software and then pay to get a virus clean anyway? It can be a hard pill to swallow. It can make you think “I don’t need to buy the software if i will need to pay to get it fixed at some point in the future”

As a company, we considered not selling anti-virus software. We found customers were growing considerably more irate over the fact that they bought something that doesn’t protect them like they think it should. We then found out that people would just go buy it elsewhere because most people know they need it, even if it doesn’t provide 100% protection.

That just leaves the portion of the populous that feels anything labeled anti-virus, should do just that. Protect me from viruses. I sympathize and apologize. The name is misleading. We try to inform people that nothing provides 100% protection. I’m sure we could do a better job at it. We have a few signs to the effect in all our stores, they could probably be bigger.

The honest truth is, you are far better off having anti-virus software that not having any. Compare it to staying fit and being healthy. That is much better than being unhealthy and having chronic health issues. You will still get sick from time to time, no matter how many fruits and vegetables you eat.


We considered changing what we sell to “Virus scanner” Or “Virus finder” None of which sounded like a winner. Maybe we’ll come up with a name for the product that more closely matches what it does.