We use antivirus software in the hope of having a secure system. Though any virus detecting software can detect viruses, we need to know that there are instances when viruses and malware remain undetected. The post aims to give you a brief idea on the situation when your antivirus may fail to detect the presence of malware in your computer.
Most of the virus detection software depends on virus definition stored in the virus definition file. Each virus is written with specific a set code which is also called signature or fingerprint. The virus definition file contains that signature (a code snippet).
When the antivirus software starts scanning it look for specific signature in the files and applications. If there it does not find any known signature in the file, it declares it safe.
So, it appears that antivirus software may fail to detect viruses when:
- It does not have an updated database and antivirus engine.
- If there is a zero-day malware( a vulnerability or malware that is not known to us)
- When you do not allow automatic update to your virus signature files and engine.
- User can manually set action on threat detection and the location of scan.
- Heuristic settings such as users are allowed to set security level of antivirus software. When you set security level to high, you get maximum protection against malware.
- Most AV struggle to detect new virus. When it encounters new malware behaviour, it takes heuristic action based on the rule-set. If the rule-sets determine the new behaviour as safe, then the virus will remain undetected.
- Modern day antivirus signature-database misses many new virus signatures. Moreover, not all vendors have same signature database. So, it is impossible to know which vendor has the most up-to-date database.
- If you accidentally allow a well-known application already infected with malware to continue to run by putting it in the whitelisted application in your AV program, your system will always remain unsecure.
- Malware creators encrypt their executable files in such a way that it remains unintelligible to the virus scanners.
Users need to know:
- When you update virus software you need to make sure that your scanning engine (the piece of software that you use to scan the scan) are updated along with new virus definition files. Failure to update both the software may result in may new viruses slipping by your scanner undetected, thus making your system vulnerable to be being compromised.
- Most of the modern day antivirus does not show any visible sign of infected unlike old days’ viruses. So, if you find that your scanner is not detecting any virus and your system running normal, it does not mean that your system is secure.
- Many virus users do not understand the difference between the antivirus and paid antivirus. When their free antivirus shows that the system is virus free they feel a false sense of security. But in reality, their computers are already infected and the free antivirus fails to detect it.
- It is almost certain that nearly 100% of the zero-day malware will not be detected by the scanner.