How to Identify a Fake Antivirus Program

Antivirus software is not as straightforward as it may seem. Ever since it came out, new features have been added to each one to make it more competitive. In fact, some recent pieces of software also operate within the cloud to ensure compatibility with a variety of devices and operating systems. But with all the advances of antivirus software, they still fail to tell you if they’re fake or not. Obviously, a fake piece of software will do everything it can to convince you that it’s real. How can you detect this?

Antivirus programs are, in essence, those that detect malicious code on a computer. They do this by looking through common patterns expressed in application code. To put it simply, antivirus programs look for behaviors that are deemed suspicious in order to detect viruses that are not necessarily in their databases. Of course, every good antivirus also uses its own database of known viruses to scan files for them. However, the developers know that their software won’t have every single virus within its database. That’s why they employ behavioral analysis (called “heuristics”) to scan for what could be a virus.

Some people make the mistake of thinking that antivirus programs are fake when they come up with false alarms during their scans. This is simply not true because of what I stated above. So, how do we detect what constitutes a scammy or fake antivirus?

fakeav-EICAR

One of the best ways to test antivirus software back in the day was the simple EICAR test. It’s a 68-byte command-line file that antivirus programs detect as a virus to show that they’re authentic and working. You can download it here.

This test is fallible, though. Many modern antivirus programs do not bother to develop a sequence for the EICAR test, meaning they won’t detect it as a virus. Also, a fake antivirus can easily detect this. This test was valid back in a more innocent and simple time, but we’re in an era where tests based on good faith don’t work anymore.

Obviously, a fake program will take less effort to write than the “real deal.” For this reason, fake antivirus programs are often lightweight.

But what if the developer fills it with a whole bunch of junk data?

Does the software scan unusually fast? Since antivirus programs mostly rely on Windows’ input/output conventions to access the hard drive (and hard drives are generally very slow), they all operate on relatively similar speeds. If an antivirus software makes claims that it’s faster than others, that should be a red flag. It may well be a real piece of software, and it might really scan quickly, but no antivirus is going to scan a 500 GB repository of files in two minutes. None. Even if you have an SSD, this is not possible for the time being. If it’s scanning that fast, you should be very suspicious.

Also, fake antivirus programs tend to detect many problems in your computer, do not offer free trials, and offer to clean up the issues only if you pay a certain sum.

But, by far, the best way to find out whether an antivirus program is fake or not would be to look up its name on a search engine followed by the word “fake.” If the results show you removal instructions and sites that confirm that it’s fake, you have the answer to your question. The below image demonstrates how such search results would look.

fakeav-results

If you’ve got other useful hints for detecting fake AVs, let us know in the comments!

Image credit: Antivirus Definition Closeup Showing Computer System Security by BigStockPhoto