One of the more common questions we get, typically while cleaning an infected PC, is how the infection came to be. This is a very good question, and we would like to take some time to clear up a few misunderstandings and explain a bit of how infections work. In our next entry, we will elaborate on the steps that can be taken to reduce the risk of infection.
The first concept to understand, and this is very important, is that no antivirus or security software is foolproof. Antivirus helps to mitigate risk and good quality antivirus software is very beneficial, but it does not render the PC invulnerable to infection.
The second important concept is that, even if an infection does not get stopped by antivirus software, that does not mean the antivirus did nothing. In most cases, the antivirus will have stopped the infection from doing any serious harm, and makes our job cleaning up quite a bit easier.
Lastly, even if the PC appears to be infected, it may not necessarily be a virus. The infection could be malware, which does not attack a PC in the interest of doing damage, but instead attempts to render the PC useless enough to extort monetary gain from the owner of the PC. We will expand on that a bit later, but the relevant piece of information here is that, because malware does not attempt to damage the PC, it does not always trigger the security mechanisms that antivirus is designed to look for, so many forms of malware will fly under the radar of most antivirus software.
We mentioned that malware attempts to extort monetary gain from the owner of the PC. This is a type of digital extortion that has surfaced over the last few years and, unfortunately, has caused quite a headache for many in our industry. Generally, a PC infected with malware will pop up a fake antivirus program that claims to scan the PC and "finds" infections, which it offers to "clean" when the user choosed to "activate" the software by putting in a credit card number. This is annoying in and of itself, but these programs make themselves impossible to close or remove, and sometimes even lock the user out of Internet access or other capabilities, which makes the malware even more difficult to remove. Importantly, as we mentioned above, it does not actually attempt to the damage the PC, it simply attempts to exploit the user for monetary gain.
There is another method by which infections can take hold, and that is by loopholes in common software. Microsoft , Adobe, and Oracle, are three companies whose software is almost ubiquitous among computer users, and thus, the folks who write infections will attempt to locate weaknesses in their software. Antivirus software is trained to recognize these programs as "safe" and thus, will allow these programs to run. Unfortunately, if an infection is exploiting a loophole in one of them, the antivirus is fooled into thinking it is one of those programs and may allow it to run.
Keep watching for our next entry, in which we will outline some basic concepts of how to lower the risk of infection.