Can you get Infected by a Virus Even with Antivirus Software Installed?
Many of us install antivirus software on our home computers to protect them against malware lurking around on the Internet. A lot of people would be forgiven for thinking that because we have antivirus software installed on our systems, it means we are safe from all that horrible malicious software lurking around the web. However, this isn’t the case. Granted, our antiviruses will protect against the majority of malware out there, but there is new malicious software being created every day by hackers that antiviruses won’t be able to detect.
An antivirus’ main way of detecting malware is by a technique called “signature detection”. Antiviruses have a database containing the signature code of all currently known malware. When a file is downloaded, its code is scanned by your antivirus and checked to see if any of its code is in this database. If it is, the file is quarantined. If it isn’t, then no actions are taken on the file as it isn’t seen as malicious.
Although this might sound good enough, what about newly coded malware? Cyber criminals release new malware every day. Millions of new malwares emerge every year. Malware that is unknown to vendors, or is known to vendors but not yet added into their signature databases, is known as zero-day malware. Because signature detection relies on checking a database for known signature code, antiviruses are always one step behind in this method as they must wait until an attack is discovered, then add the code to the signature database afterwards. Because of this, an antivirus would be unable to detect zero-day malware by signature detection.
Antiviruses also have two other main methods of detecting viruses: heuristic analysis and sandboxing. Of course, different vendors may also include their own unique protection modules, but signature detection, heuristic analysis and sandboxing are the main features in most antiviruses. Heuristic analysis looks at the types of commands in the code of files and determines whether they are typical of malware. For example, if some commands within a file try to overwrite or modify some key system files, the program is likely to be malicious.
Sandboxing takes the file and executes it in a virtual environment, isolated from the rest of the machine, known as a sandbox. It then monitors to see what the program does in this virtual environment when it is executed. If it starts trying to do malicious things, such as encrypt a bunch of files like ransomware does, the file would be deemed as malware and blocked. This method is the most likely to detect zero-day malware.
While these methods higher the likelihood of an antivirus detecting zero-day malware, they still have their shortcomings: heuristic analysis, like signature detection, also relies on previously known code. It compares the commands within the code of files and compares it to commands seen in previously seen within the code of older malware. Sandbox detection, although effective at detecting zero-day malware, can be avoided as many hackers nowadays code their malware to be sandbox-aware. This means that the malware is coded to know when it’s inside of a sandbox. Sandbox-aware malware does not execute any of its malicious code when it’s inside a sandbox (meaning while it’s being monitored it doesn’t do anything malicious) and therefore evades sandbox detection.
So how do we protect ourselves from viruses? The simplest thing to do is keep your antivirus software, and the rest of your software for that matter, up-to-date. Having all the latest antivirus patches will ensure you have the latest signatures for malware, and having the latest patches for your other software will ensure that known exploits are patched. Other than that, it’s all about being aware of what you’re doing when you’re using your computer. Don’t click on suspicious links, be wary of phishing emails, and don’t download or open untrusted software.