Why Antivirus Is Not Your Friend

in #writing2 years ago

The title is a little provocative (again), but the antivirus can actually have negative sides.

Let's start with the benefits of antivirus:

The antivirus starts as soon as you start your computer, it starts before other programs through "filter drivers" which choose the boot order. For example it allows the start of keyboard and mouse processes before others.

It protects your PC from the start until you turn it off

How does it protect your PC?

Antivirus can scan files on your computer when they are created, renamed, executed or when you want to launch a global scan. It creates and compare a unique signature to each files with its database containing infected files signatures.

You understand it if the signature is in the database it launches the alert.

From there we know that the files do not escape the antivirus and it remains only to hope that it contains a maximum of signatures in its database.

One can also scan a file directly with several antiviruses on VirusTotal

Antiviruses also use other methods such as heuristic detection: to determine suspicious signatures without having them in the database. Thus if a program tries to delete files from the system or replicates itself 100 times it is considered suspicious and the antivirus launches the alert.

I quickly pass the other benefits of antivirus such as integrated firewal, real-time web scans, secure runtime environment etc ... In short you are protected with an antivirus and an update firewall. It is absolutely necessary to install one. It's like going out in the snow at -15 ° C all naked so do not worry about getting sick afterwards. Antivirus plays the role of the coat and drugs of last resort.


Why don’t they protect you 100%?

You should know that is possible to make a program undetectable while it was before.

From that moment on the whole part on the scans collapses. Indeed it’s possible to modify a part of the source or binary code of a program to change its signature without changing its behavior. There are even programs called Crypters which allow this code to change automatically to make it undetectable.

Proof of the limits of heuristic detection: Avast blocks a page which contains a flash animation and two javascript alerts. Nothing malicious.

The heuristic detection part also has car limits: you can pass off a malicious program as a legitimate program if you rename it, change the icon (by copying an icon of an existing program) etc ... Moreover the opposite direction may arrive, it’s possible that a legitimate program is detected as suspicious. Therefore the antivirus publisher must properly set this type of detection. Whatever it is, it's easier to pass of a suspicious program as a legitimate one. And so the heuristic part collapses...

The famous programs POTENTIALLY undesirable

This is a big point that I want to mention now.

Too much antivirus software, antispyware, etc, have decided to detect a maximum of "problems" (by detecting them by "mistake") attempting to frighten users off to make them pay for a "premium" version which they don’t need. Far from me the idea to blame an individual software in particular or to affirm that absolutely all the problems detected are wrong, but there are still limits ...

Saying for example (real case) that a program is an adware while he doesn’t have any publicity is gross...

Also say (other real box) that program is a Trojan while the program is healthy and published from Microsoft is even more gross.

In other words, the antivirus (in general) is sometimes wrong (often?) and it’s appropriate for everyone to properly study the scan results.

The reason for these "overdetections" is simple: the user naturally goes to the antivirus that "finds the most virus" without thinking about the quality and accuracy of the results.


So we’ve seen that an antivirus is essential because it stops the classic threats. That said do not give blind trust to your antivirus because someone who specifically targets you will go through the net of the antivirus even if you naively believe to be protected.

This is why antivirus is not your friend at least not really because they shouldn’t make you reduce your attention. Never.

If you are interest to see the best hacking software or how an adware works or if your phone is hacked you know were to click ;-)



Nice post !
Indeed anti virus Programms can be tricked pretty easy. But for malware which is already known it is a good security. Don’t forget to keep in mind that when a AV is vulnerable every Code can be executed because of the high privileges.
AV can be a good basic protection but beeing aware is the most important.

Antivirus is not a be-all, end-all, but a stop-gap. It still requires the end user be vigilant. And while it can be bypassed, it's better than nothing at all. Your antivirus just has to be better than someone else's. They'll go for the lowest hanging fruit.

I seem to explain this every few months to people that come to me for computer advice. Its amazing how many people think they are fine as long as they use AV software. I enjoyed the read.

The marketing managers of AV software are doing well their job.. Thank you for your interested!

Thanks for the post, and yeah I always check the results of my antivirus and try to move to quarantine when possible. As for adwares and malwares, I know which ones to remove so I don't do full system scan.

I'd say Antivirus is more of a business companion than a friend.

You are doing good and you are totally right! Thx for your comment!