Is Anti-Virus Software Foolproof?

The term Anti-Virus is a well-known word from toddlers to seniors, and almost every computer around the globe has an anti-virus program installed in it. These programs locate themselves in the task bar and make us feel safe. Actually, it projects security so we can surf-the-web without a worry.

Most people believe that if they have an anti-virus program installed that they cannot be infected by a virus. But are the anti-virus programs really foolproof? The answer is no. So do we need these programs? That answer is yes. They are far from foolproof but they add much needed protection. Yes, even with the best anti-virus program on the market, you can still obtain a virus.

First, we must eliminate the use of “free” anti-virus programs up-front. These “freeware” programs do not give you the best protection. The term free does not include virus protection that you may receive for free from your cable company, financial institution or some other-like source. Some companies do provide these products for “free” because it is in their best interest to do so. By “free” we mean software that you are downloading from the web.

Anti-virus programs use a couple of strategies when looking for worms, viruses, malware, spyware and other malicious programs. The most common way is the dictionary approach, or signature-based method.

Every anti-virus program contains enormous volumes of virus signatures, and they categorize these based on the threat level they pose. Think of this as a library working with the Dewey-Decimal System.

A virus library works in a similar fashion. When you download a program, your anti-virus program analyzes the code and cross-references it with the known signatures in its library. If a piece of code matches the file, it is immediately flagged so appropriate action can be performed. The first action is to stop the virus from replicating itself. Depending on the threat level your anti-virus may repair the file, quarantine it, or delete it. Anti-virus software patrols the computer, just like librarians police the library.

Naturally, there are problems with this type of protection. The signature-based method is only as good as its library of defined code.

As many computer users find computer jargon confusing, lets look at a real life situation. There is an outbreak in Northern Africa with several fatalities. The Center for Disease Control (CDC) is called. The CDC sends out field doctors to assess the threat level and collect samples. Those samples are sent to the lab in Atlanta. A team of technicians diagnoses the organism, they find out how it works, then figure out the solution to eliminate the virus and repair the damage it caused. Once this is done, the results are logged and sent off to help fight the virus.

The anti-virus software works the same way. A threat takes place, the threat is investigated, a solution is created and its findings are filed for future reference.

But there is a problem. In our real life scenario there were fatalities. There is also casualties in the virtual world. Someone needs to be infected in order for the virus library to work, just as a person needs to catch the flu in order for a vaccine to be made.

The next common method is called the Heuristic-based detection. This type of detection works on a program that is acting suspiciously which might indicate a potential threat.

If you were in a crowded airport in Miami, Florida and saw a man walking toward you wearing an overcoat and carrying a black briefcase, your mind would automatically indicate a possible threat as this person is acting suspiciously.

The anti-virus is doing the same thing. It is policing all the programs running in your computer and is looking for something that is trying to write itself to an executable (.exe) program. Once it tries to do this it can be contained and dealt with.

In some instances the anti-virus software may capture the virus and move it to a secure “virtual” environment and study what the virus does. Does it have malicious intentions, or is its behavior legitimate. Perhaps that person in the overcoat isn’t a suicide bomber, he might have a reason for dressing so warmly.

The developers of anti-virus software have to constantly update their systems in order to offer their customers a safe level of security. Their biggest problem is fighting these viruses as quickly as possible, and that is no easy feat!

Born is the term Zero Day, or Zero Hour. These terms were coined because a newly released virus or malware or any malicious program will cause havoc and there will be casualties before the new program is captured and categorized. There must be guinea pigs in order for the masses to survive these attacks. It is inevitable, at some point someone, somewhere, will contract the virus. Malicious software is being created every day with the sole job of bypassing your security system.

Zero day threats damage thousands of computers before they can be identified and categorized. Once its signature is filed the anti-virus developers have to create an update for its customers. This may take up to several days. In this time millions of computers are vulnerable to attack.

That is why you, the computer user, must always be alert for suspicious behavior. You have to be careful when downloading programs, opening emails and opening pop-ups. It is important to pay attention.

We all look both ways before crossing a busy intersection, so think twice and read the disclaimers before downloading a file. It really is the same thing, if you don’t look both ways before crossing the road, you may be potentially hurt or even killed. A virus computer virus can hurt you financially, personally and can even kill your computer.

Protect yourself as much as possible. Many anti-virus programs have a scheduled day and time they scan for new updates, this can also be done manually. You should run an update and quick scan of your computer every day before you access the internet. It may take ten minutes, but you have added another level of protection to your computer.

Again, this will not protect you 100%, but will help increase your odds of remaining safe. As more and more people purchase computers, there are more and more bad hackers being born every day. They have to become more creative than their competition and the anti-virus companies.

Behold the new era of viruses that can mutate themselves. These metamorphic viruses disguise themselves so they do not match any of the signatures in the library. Once in your computer they will mate with other files, just like human children, these offspring are slightly different from the parent, and so they can continue to avoid the pattern recognition of the anti-virus software.

Or how about viruses that enter your computer in thousands of harmless code. Once the pieces are in your computer they begin to find one another and assemble into several slightly different viruses with the same intent.

So now you know a bit more about how anti-virus programs and how viruses themselves work. Stay alert and always do a manual virus update before accessing the web. It does help.