Antivirus software

Antivirus software, often called AV software or anti-malware, is a type of software that helps keep computers safe. Its main job is to stop, find, and get rid of harmful programs called malware.

At first, antivirus software was made just to fight computer viruses, which is why it is called “antivirus.” But as more kinds of harmful programs appeared, these tools grew to protect computers from many different threats. Some antivirus programs also guard against dangerous URLs, unwanted spam, and tricky messages that try to steal information, known as phishing.

Having antivirus software is important because it helps keep personal information safe and makes sure computers run smoothly.

History

Further information: History of computer viruses

1971–1980: Pre-antivirus

The first known computer virus appeared in 1971. It was called the "Creeper virus" and it infected Digital Equipment Corporation's (DEC) PDP-10 computers.

A program called "The Reaper" removed the Creeper virus. It was made by Ray Tomlinson. Some people think The Reaper was the first antivirus software. It deleted the Creeper virus.

More viruses came later, like "Elk Cloner" in 1981. This one infected Apple II computers.

1980–1990: Early days

People and companies began making antivirus programs. In 1985, Sophos started in the United Kingdom. In 1987, John McAfee created McAfee and released the first version of VirusScan.

In 1987, people wrote down the idea that there was no perfect way to find every virus.

The first two special programs to find and remove viruses came out at the end of 1987.

Many companies began making antivirus software in the late 1980s. This included Avira in Germany, Avast Software in Czechoslovakia, and AhnLab in South Korea.

1990–2000: Emergence of the antivirus industry

More companies started making antivirus programs. In 1991, Symantec released the first version of Norton AntiVirus. The same year, AVG Technologies began in the Czech Republic.

In 1996, Bitdefender started in Romania. In 1997, Kaspersky Lab began in Russia. It was started by Eugene Kaspersky and Natalya Kaspersky.

2000–2005

Open source antivirus projects began. In 2001, the first version of ClamAV was released.

2005–2014

Antivirus companies began using new ways to find threats. They checked emails and used online services.

In 2008, McAfee added a new online feature to its VirusScan.

2014–present: Rise of next-gen, market consolidation

New ways to protect computers appeared. These used learning and behavior detection. Traditional companies added these new methods to their products.

Since 2016, many companies have bought others. In 2024, Pango Group merged with Total Security to form Point Wild.

Today, many people use built-in antivirus protection. Some still use separate programs.

Identification methods

In 1987, a computer expert showed that it's impossible to create a program that can find every possible virus. But by using different ways to protect computers, we can still catch most viruses.

There are several ways that antivirus programs can find harmful software. One way is called sandbox detection. This method runs programs in a special fake environment to see what they do. If the program seems safe, it is then allowed to run on the real computer. Another method uses data mining and machine learning to look at features of a file and decide if it looks harmful.

Traditional antivirus software looks for known patterns, called signatures, of viruses. When a new virus is found, experts study it and add its pattern to the antivirus's list. However, some viruses change their appearance to avoid being caught.

Some antivirus programs also look for rootkits, which are a type of harmful software that tries to control a computer without being noticed.

Most antivirus programs offer real-time protection, which watches for suspicious activity as you use your computer. This includes checking files when you open them and scanning new apps as they are installed.

Modern antivirus software also uses machine learning, where the program learns from lots of examples to tell if something is harmful. This helps catch new viruses.

Issues of concern

Unexpected renewal costs

Some antivirus software will renew itself without asking. For example, McAfee makes users wait 60 days to cancel, while Bitdefender sends notices 30 days before renewal. Norton AntiVirus also renews itself by default.

Rogue security applications

Main article: Rogue security software

Some programs that look like antivirus tools are actually malware, such as WinFixer, MS Antivirus, and Mac Defender.

Problems caused by false positives

A "false positive" happens when antivirus software thinks a safe file is bad. This can cause big problems. For example, if an antivirus tool deletes a needed file, it can stop Microsoft Windows or some programs from working.

System and interoperability related issues

Running more than one antivirus tool at the same time can slow down the computer and cause problems. Sometimes, it is needed to turn off virus protection when installing big updates. Antivirus tools can also cause trouble when updating the operating system. Some programs, like TrueCrypt, can work slowly or not well with antivirus tools.

Effectiveness

Studies show that antivirus software does not always find all viruses. Some viruses are made to avoid being found. In 2008, a leader from Trend Micro said that antivirus tools may not be as good as they say.

New viruses

New viruses can be hard for antivirus tools to find, even ones that should find new viruses. Some new viruses change their shape to hide from antivirus tools.

Rootkits

Finding rootkits is very hard for antivirus tools. Rootkits can hide and change how the computer works.

Damaged files

If a file is infected by a virus, antivirus tools will try to clean it. But sometimes the file cannot be fixed and needs to be copied back from a backup.

Firmware infections

Bad code can infect parts of the computer that are hard to change. This can be very hard to fix, and antivirus tools cannot stop it. In 2014, it was found that some USB devices could carry this bad code, and antivirus tools could not find it.

Performance and other drawbacks

Antivirus software can sometimes slow down a computer because it uses a lot of power.

It can also make users feel too safe, thinking their computer can't get any problems. This might cause them to make mistakes when they see alerts from the software. Sometimes, the software might think something safe is dangerous (false positive), which can be confusing.

Because antivirus software works very closely with the operating system, it can sometimes be a weak spot that others might try to use to cause trouble. Experts have noted that other programs like web browsers or document readers are often harder to attack than many antivirus products.

Alternative solutions

Antivirus software is a common way to protect computers from harmful programs, but there are other methods too.

These include using Unified Threat Management (UTM), hardware and network firewalls, Cloud-based antivirus, online scanners, and Content Disarm & Reconstruction (CDR).

Network firewalls help by stopping unknown programs from reaching your computer. They can block harmful requests but won’t remove harmful programs already on your computer.

Cloud antivirus uses a small program on your computer and does most of its work online. It checks files in many ways to find threats quickly. Examples include Panda Cloud Antivirus and Immunet.

Online scanning lets you check your computer using websites from antivirus companies. This can find threats that your regular antivirus might miss.

CDR protects networks by rebuilding files to remove any parts that don’t follow normal rules. This helps stop new and unknown threats.

Special tools can help remove difficult infections. Examples include the Windows Malicious Software Removal Tool, Kaspersky Virus Removal Tool, and Sophos Scan & Clean. Sometimes, antivirus software might incorrectly say there is an infection when there isn’t.

A rescue disk, like a CD or USB, can run antivirus software when your computer can’t start normally or when harmful programs stop regular antivirus from working. Examples include the Kaspersky Rescue Disk, Trend Micro Rescue Disk, and Comodo Rescue Disk.

Usage and risks

Big businesses lose money each year because of virus problems. In 2009, a study showed that many smaller businesses did not have antivirus software to protect their computers. However, most people at home had some kind of antivirus installed on their devices. Another study in 2010 found that almost half of all women did not use any antivirus program at all.