Sun
Jan 25
2009

Anti-Virus Software is Useless

Over the holidays I was infected with multiple viruses. One them was Trojan.Vundo.GCY. It’s job is to download other viruses and malware. I had over a dozen files infected with various viruses causing popups and network slowdown.

I tried 6 or 7 anti-virus / anti-malware products and found they had abysmally low detection rates. The best only finding 30% of infected files. This included software from Symantec Online Security Scan, Eset Nod32 Online Scanner, BitDefender Free Edition, AVG Free Edition, Spyware Doctor from the Google Pack, Malware Byte’s Anti-Malware and Ad-Aware Free.

Perhaps using installed, retail versions would have given better results but I doubt it. All of the companies claim the free/online scanners use the same core engine and virus definitions as their retail products. I suspect this is true as it looks like these companies are competing on features like email integration, phishing protection and real-time scanning. I ran these scans from a fresh, uninfected install so its unlikely that any viruses were actively attempting to hide from a scan.

As a result, I won’t be purchasing anti-virus software in the near future. I will keep AVG Free for quick scanning of files I believe are already clean. That statement shows how little confidence I have in these scanners. Despite this I think they are still good for catching the older viruses propagating among completely unprotected machines.

I did find a useful website: VirusTotal.com lets you upload a file and scan it with almost 50 scanners. Here is an here is an example report). They also have a small utility you can install to get a right-click -> Send To target. You are limited to scanning one file at a time though can you can upload a zip archive to scan several. There are a number of similar websites, but VirusTotal appears to be the best.

My anti-virus/malware strategy:

  • Use AVG Free for quick scanning of files I believe are already clean.
  • Turn off real-time scanning – it’s not worth the performance hit for such low detection rates.
  • Use VirusTotal for scanning suspicious files.
  • Use Chrome and respect the malware warnings.

To recover from an infection:

  • Unplug infected drive.
  • Reinstall Windows on a new drive.
  • Reattached infected drive.
  • Install a virus/malware scanner. Run full/deep scan. Repeat a minimum of 3 times or until you stop finding infections.
  • Copy data from old drive and reformat.

How do you prevent infections?

Comment on this post (1 comment)

1 Comment so far

  1. Barfieldmv May 19th, 2010 2:38 am

    Don’t forget to update your new installation before plugging it on to the internet or attaching the infected drive. Autorun, visiting a wrong site or even a ‘drive by’ virus attack can hurt your machine right after installation.

Leave a reply

© 2009 Brian Low. All rights reserved.