Here at My Wire Guy, we commonly have computers come in that are heavily infected with viruses. However, the odd thing about this is, the majority have major name Anti-Virus products running on them at the same time as the infections. So, why exactly aren’t these programs catching these?

Now, lets ask, what exactly is an Anti-Virus product? Well, its a program designed simply to look for what it already knows. What this means is, the program can only attack what its programmed to attack, and therefore any new infection that the makers have not come across, it will consider a normal program (Unless it is very similar to another infection, in which case it would find it)

This works well if someone else’s computer has already been infected, diagnosed, and added to the list of known infections. However, if a person writes a new one that is unlike any other infection (Such as the TDL infections when they first broke out), the majority of Anti-Virus programs will be powerless against it until the makers analyze it, and add it to the database. This is the reason why we see a machine being brought in that’s infected, yet has an Anti-Virus program on it.

For us, this means that we must make sure we are not in the first wave of a new infection. By enabling features such as the NX-bit on CPUs (Also known as Data Execution Prevention) on Windows, GNU/Linux and UNIX-Like Operating Systems (Mac OS X’s DEP is enabled by default), as well being careful on non-major websites and other general safety procedures, we can help to mitigate these initial waves. So even if you do get an infection, the program will already know what it is and kill it before it even runs.