The Characteristics of Antivirus
Antivirus programs are, in essence, those that detect malicious code on a computer. They do this by looking through common patterns expressed in application code. To put it simply, antivirus programs look for behaviors that are deemed suspicious in order to detect viruses that are not necessarily in their databases. Of course, every good antivirus also uses its own database of known viruses to scan files for them. However, the developers know that their software won’t have every single virus within its database. That’s why they employ behavioral analysis (called “heuristics”) to scan for what could be a virus. Some people make the mistake of thinking that antivirus programs are fake when they come up with false alarms during their scans. This is simply not true because of what I stated above. So, how do we detect what constitutes a scammy or fake antivirus?
The EICAR Test
One of the best ways to test antivirus software back in the day was the simple EICAR test. It’s a 68-byte command-line file that antivirus programs detect as a virus to show that they’re authentic and working. You can download it here. This test is fallible, though. Many modern antivirus programs do not bother to develop a sequence for the EICAR test, meaning they won’t detect it as a virus. Also, a fake antivirus can easily detect this. This test was valid back in a more innocent and simple time, but we’re in an era where tests based on good faith don’t work anymore.
So, How do We Know if an Antivirus Program Is Phony?
Obviously, a fake program will take less effort to write than the “real deal.” For this reason, fake antivirus programs are often lightweight. But what if the developer fills it with a whole bunch of junk data? Does the software scan unusually fast? Since antivirus programs mostly rely on Windows’ input/output conventions to access the hard drive (and hard drives are generally very slow), they all operate on relatively similar speeds. If an antivirus software makes claims that it’s faster than others, that should be a red flag. It may well be a real piece of software, and it might really scan quickly, but no antivirus is going to scan a 500 GB repository of files in two minutes. None. Even if you have an SSD, this is not possible for the time being. If it’s scanning that fast, you should be very suspicious. Also, fake antivirus programs tend to detect many problems in your computer, do not offer free trials, and offer to clean up the issues only if you pay a certain sum. But, by far, the best way to find out whether an antivirus program is fake or not would be to look up its name on a search engine followed by the word “fake.” If the results show you removal instructions and sites that confirm that it’s fake, you have the answer to your question. The below image demonstrates how such search results would look.
Feel Like Playing Detective?
If you’ve got other useful hints for detecting fake AVs, let us know in the comments! Image credit: Antivirus Definition Closeup Showing Computer System Security by BigStockPhoto
