Is Antivirus Relevant Anymore?

In the late ’90s, as Windows became a mature operating system and the home PC market was really taking off, a slew of viruses began to appear. It was during this time that most antivirus (AV) software developers like Norton, McAfee, and Avast came to prominence and did their best to eliminate threats and categorize them correctly.

A few decades have passed and most of these companies are continuing to sell their software, but less people are using them. Are they right to stop installing antivirus programs on their computers? And perhaps more importantly: Are AVs still able to protect you from threats as advertised?

One of the reasons that AV software was necessary in the first place is because no one else was really paying attention to the problem. Viruses were creeping in and exploiting the operating system with absolutely no obstacle in front of them except perhaps your own interference when you opened your task manager and realized that one process was using 100 percent of your CPU.

In the early 2000s there were a lot of ways in which these little buggers would propagate, including through email and instant messaging. There really was no other solution for the common user except installing an AV.

Fast-forward a decade or so, and in 2015 Google was scanning every single file it touched for viruses through Drive, Gmail, and Chrome. Services like Facebook actively fight against malware spread on their networks. Web, desktop, and mobile app developers alike are constantly hardening their own software to make sure their users are safe. Couple this with the fact that OS developers like Microsoft have more years of experience fighting viruses under their belt and you end up with systems that can do the job of an AV on their own. Windows had a rocky start with User Account Control in Vista but has since improved the system to become less intrusive while offering the same level of protection in later versions of the operating system.

relevantantivirus-detection

When a new virus appears, it has another signature, another file size, another MD5 hash … It wears another hat! This presents a dilemma for antivirus makers. When they scan a file for infection, they typically use heuristics to scan for code patterns and other things that could indicate that this file has that virus. With all its sophistication, an AV is nothing more than a glorified doorman.

If a hacker wants to write a new virus, the first thing he will think about is throwing off this heuristic algorithm. If he succeeds, such software will be useless against the virus at least for a few days (and often times longer than that) until a new update comes along.

relevantantivirus-update

Let’s return to the hacker writing a virus. He successfully made it undetectable to antivirus software (which isn’t exactly the hardest thing in the world to do). Now he needs it to be effective against the operating system. It needs to exploit something. Usually the most known exploits come from older versions that haven’t plugged all of their holes in awhile. “OK, so which old OS version are most people using these days?” This is the path of least resistance and the first question a hacker asks himself before planning his creation.

You can respond to this by making sure that you have the most updated operating system possible. Doing this is more likely to frustrate a hacker than keeping an updated AV. Virtually any “zero-day” virus can throw off updated antivirus software. On the other hand, it takes an extraordinary amount of skill and resources to exploit an up-to-date operating system that keeps all its ducks in a row.

relevantantivirus-bsod

Have you ever had a program crash constantly, only to discover that turning off your AV fixes the problem? If you thought that might just be a one-time phenomenon, think again. This actually happens very, very often. Because antivirus developers often make their programs hook forcibly into other software you run, there are often glitches that make your computer go haywire when this happens. In many cases, an AV can act more like a virus than anything else installed in your computer (not intentionally, of course, but it’s still annoying).

While I can’t wholeheartedly advocate entirely eliminating any antivirus software from your computer, it is kind of hard for me to justify its use in the modern computing era when so many developers are taking proactive steps to prevent their applications and operating systems from being compromised. In addition to this, there are very real threats out there (which I have written about extensively here and here) against which an AV would be useless in protecting you. To read what my colleagues here at MTE have to say about how useful antivirus is, you can do so right over here.

What do you think? Do you still use antivirus software? Tell us why or why not in a comment!

13 comments

  1. I use windows 10 updated always on an old machine using no extra av software, only theirs. i use it for old games. my new laptops run KDE Neon and if i am browsing new sites i run a VPN. I do financials on a chromebook with no AV. The last virus i got was on win 98 years ago from a University while taking an online course. Your article was very useful and reasuring.

  2. I think that it is more important than ever to protect information. I’d agree that an AV solution is typically not the right thing to use.

    Server-based protection is important, but I would not count on it alone. I’d consider a comprehensive malware detection and removal system and I’d also consider using platforms that are less likely to be attacked, such as a well engineered but not very well known Linux desktop system, such as MX-16, based on Debian systems packaging.

    Is that impervious? No, nothing on a network qualifies, but it’s less likely to be a hacker target because it’s not high volume software, but it is good software.

    • Well now Brian Masinick,

      Gosh, how odd to run across you from a random link I followed. Haven’t seen you since old Extremetech days, I’d say?

      Anyway, how does MX stand compared to Mint? Asking, as I’ve been solid Mint since about 2009.

      Cheers

      PS: do you run any AV on your Linux machines?

      • Mint is a “drop in and run” kind of distribution, and in this area it’s as useful as anything else.

        MX is pretty close to a “drop in and run” distribution as well. In this regard Mint includes more software in the base packages, but are otherwise similar.

        What I like about MX, antiX and that “family” of distributions is the tool chest for configuration and modifications to create a system that specifically suits me, and in that regard I prefer MX.

        Otherwise you can’t go wrong with either of these distributions.

  3. I cannot imagine a windows computer without antivirus software. But I have seen many Linux desktop PCs running fantastically without AV. Android tablets and phones work OK without AV if the user is properly cautious.

  4. Microsoft says that WIN 10 has been designed so well that anti-virus programs are no longer necessary and they are also confident that their WIN 10 OS is safe from Ransomeware also.

  5. I used to work in the security department of a large University, and our anti-virus would clean 10’s to 100’s of viruses daily over the large student population. On an individual basis, it might not seem that you see too many incidents of malware, but over a large population, anti-virus is doing a good job. Today, of course, “anti-virus” means more than just a signature scanner – those have been largely obsolete for years. When you say that anti-virus often prevents legitimate programs from running, it is often because the “legitimate” program is behaving much as a real virus would, so the AV product properly gets in the way. It is always a tough line to walk…

  6. Dear Friend ,

    I do not agree at all about this article because you and a lot of people , are missing the actual point. !!
    Well the secret lies in the AV companies. How are they going to sell their products and of course get stuck with customers on updating the same AV?? Of course all the viruses out in the wild are made at 95% of the same AV companies and the goal is the P R O F I T .! That is the only reason. Of course there are the freelance ( hackers or other military companies) who are making viruses which can target specific systems.
    So AV companies are in a constant race who will produce the best virus to sell their only antivirus which can kill this “virus” .!
    This is were the money are!!!
    We , the home users, are caught in the middle , spending so much money on a good antivirus program.
    Be advise that ….a good antivirus program is worth a lot of money but is never sold to the home-users, besides “someone” need to WATCH what you are doing everyday so that companies will know what are exactly your tastes on products.!
    That is a serious business with a lot of money…!!

    Have a nice day.

    • I have to agree with Arxaios. I have now logged 23 yrs as a PC support person, and used to joke with colleagues along these very lines some 10-15 yrs ago: ‘it wouldn’t surprise me if AV companies invent at night the viruses they find with such accuracy and ease the next day’.
      It was a joke with me back then – not so anymore. It appears that AV and AntiMalware companies (case in point: SpyHunter) are, more and more, a con game, and we are all all potential marks. A sham comparable to all the DriverUpdate ‘helpers’.
      I run MSE and, once in a while, MRT and that will have to be that.
      Greetz,
      Göran

  7. On windows 10 home single language (2016)…is built in win. defender/firewall not good enough? And for internet banking…IBM Security Trusteer Rapport (compulsory with some banks in SA)

  8. I don’t use an antivirus any longer due to the reasons stated by the authors on consuming resources, etc. I use the defender that comes with windows 10 OS. Great article and thank you for clarifying the topic for me.

  9. I have found ransomeware quarantined 3 times on a computer whose owner goes to normal sites like GMAIL, MSN.COM and Olympic and Amateur Athletic sites (run by professionals). So do I think a good AV is required? Absolutely necessary, without a shadow of a doubt.

    • Someone’s internet history doesn’t necessarily reflect the sites they’ve been to. I go to a myriad of dubious websites yet never encounter these problems.

      Quarantined ransomware doesn’t necessarily mean that the AV would be effective in stopping ransomware that is actually harmful. Perhaps what it quarantined could be a false positive. I cite an example from my own personal experience: The last time I ran an AV on my computer, it found more than 80 infected files, some of which I have created myself (and they weren’t part of my own virus library).

Comments are closed.

Sponsored Stories