You spend hundreds or thousands of dollars each year on anti-virus and threat prevention software for all the computers in your organization. As a result, you expect those devices are safe from viruses, ransomware, and other malware. But now you’re missing files, software programs are acting strange, or your entire system is frozen and you’ve received a ransom message. You’re frustrated, and maybe feel a little taken by your anti-virus vendor. Why have you been spending all this money on an anti-virus solution if you still have to deal with the ramifications of a virus or other malware?
Business owners have been asking us that question for years.
Innovative has been helping businesses deal with viruses and other malware issues for the past 19 years. In that time we’ve seen it all. We’ve seen threats, the implications of threats, and threat defense strategies change and evolve since the early 2000s.
We now pretty much insist our clients adopt a solid cyberthreat prevention strategy. As a result, we rarely see major, site-wide infections (please knock on the nearest piece of wood for me). But despite those threat prevention efforts, we still deal with some sort of minor virus, adware, or other malware issues no less than once a week for one or more of our clients.
In this article, we’ll walk through how anti-virus software works, and why it’s possible to still get a computer virus or other malware despite a working anti-virus solution.
What is a computer virus?
A computer virus is a type of malicious program that has the following characteristics:
- It can copy itself to other systems or devices.
- It intends to do harm.
- It edits, deletes, encrypts, or disables systems, functions, or data.
- It attaches itself to existing programs on a disk or drive.
Malware is a broader term that means any type of malicious program or script. Malware is often considered synonymous with virus. But malware also includes programs like worms, adware, spyware, and ransomware.
What is anti-virus software?
Anti-virus software is any program designed to:
- Identify malicious programs.
- Remediate their actions.
Anti-virus software typically addresses viruses as well as other types of malware.
To help explain how you can still get a virus with this software, we’ll dive into how anti-virus software works.
How does anti-virus software work?
Anti-virus software is pattern matching software. This means it scans your computer searching for strings of code that match known malicious programs.
The basic anti-virus process is:
- Humans identify computer programs with malicious intent.
- Software analyzes those programs to identify shared patterns in the program code.
- Software scans your computer for matches to those patterns.
- Software alerts you of a suspicious program and takes one or more of the following remediation steps.
- Lock critical files and folders so they cannot be further compromised.
- Restore the system to a previous, uninfected state.
- Remove the malicious program.
Let’s dive deeper into the two functional areas of anti-virus software: identification and remediation.
Virus Identification
Computers speak in binary/digital language. Everything you experience on your computer is a pattern of 0s and 1s. Anti-virus software identifies the pattern of 0s and 1s associated with malicious programs. Since computers can’t judge intent (yet), humans identify programs with a bad intent. Then, the anti-virus software analyzes those patterns of 0s and 1s to identify programs with similar patterns. Anti-virus companies identify bad programs and code (viruses) and put them on the “bad list,” known as the signature list.
Virus Remediation
Remediation begins by alerting the end-user or network administrator that something is awry. After the anti-virus software alerts you of the problem, it performs one or more remediation actions.
1. System Lock Down
The anti-virus software tries to prevent the virus from doing damage. It locks down your system and critical files so that they cannot be overwritten.
2. System Restoration
Some anti-virus software attempts to revert critical files and system settings to the state they were in before the virus entered into your system.
4. Virus Removal
Sometimes the best and only thing that anti-virus software can do is alert you that you have a virus. Then it removes the bad 0s and 1s that entered your system, regardless of what condition it may leave your computer when it is done.
Reasons You Can Get a Virus or Virus Symptoms Despite Having Anti-Virus Software
With a better understanding of how anti-virus software works, you can see some possible reasons why it can’t prevent or remediate all possible viruses. Here are the most common reasons you get a computer virus, despite having anti-virus software.
1. Outdated Signature Lists
Anti-virus software is only as good as its signature lists (aka the “bad list” of programs identified as “bad”). The problem is that for every virus reported, there is an ill-intentioned programmer somewhere in the world working on the next virus. It’s a cat-and-mouse game that has been going on in our world well before the computer age. For every weapon developed, someone has worked on better armor and fortification to thwart those attacks. That works for some period until new weapons get developed then new armor, and the cycle goes on and on.
Viruses are no different. Sometimes you get a computer virus because your anti-virus software doesn’t have the most recent signature list update. Other times it is a new, undiscovered virus. Either way, you can get a virus even if you have anti-virus software.
2. Malfunctioning Anti-Virus Software
You can also get a virus if your anti-virus software is malfunctioning. Sometimes the process of updating signature lists stops working, or the software itself has problems. License and subscription management is another common reason software malfunctions.
This is especially common if you have a variety of different software packages on your computers and no centralized licensing or management. I can’t tell you how many times we’ve seen computers that have expired signature lists or software simply because the subscriptions weren’t renewed. A network monitoring and management solution can address this common issue.
3. Residual Virus Symptoms
You have an up-to-date, working anti-virus software. It identifies a virus and takes remediation steps, but you continue to experience symptoms of the virus. Sometimes it isn’t the virus that is causing the problem. Instead, it is the damage done by the virus. After the virus is removed you are left with collateral damage that needs to be remedied.
This causes people to question the point in anti-virus software, but the anti-virus software technically did its job. It identified and removed the virus. If you are left with continued problems, you may have to restore your system from a backup. This is exactly why a solid cyberthreat prevention strategy includes BOTH anti-virus software and an appropriate backup solution.
What’s the Best Way to Protect My Business?
To wrap it all up, computer viruses are pretty similar to human viruses. Computer viruses make your computer sick, just like human viruses make you sick. Sometimes when we get sick, the best a doctor can do is give you medicine that fixes the original problem. This is common with an infection and corresponding antibiotics. But that doesn’t mean you still don’t have a problem to deal with. Sometimes after getting sick, you have to recover, but that isn’t the antibiotic’s job; there are therapies and strategies involved with your recovery, such as fluids, chicken noodle soup, and rest.
So, what is the point in having anti-virus software if it can’t always catch a virus - and even if it does, there still could be collateral damage?
Because even with its limitations, you would have an even bigger virus and malware problem without anti-virus software. Depending on your industry-specific compliance regulations, you may even be required by law to adopt some sort of anti-virus software.
Plus, as the world of artificial intelligence and computer learning is advancing, anti-virus software is getting more sophisticated and smarter in ways that specifically address some of its current limitations.
The point is that you’re much better off with anti-virus software than without it. But it is not a foolproof method for protecting your network. Anti-virus is just one component of an overall cyberthreat prevention strategy, which is just one element of your overall IT strategy.
Get A Head Start on Your IT Strategy
Download a free Business Technology Inventory & Assessment template.
