Antivirus

We all should realize what exactly to expect from all these antivirus and anti-spy products with cool names. Their creators and sellers promise you that these software products will "kill all viruses and spyware on your PC" (or something like that). First, is absolute protection possible? Second, what should we expect from a typical antivirus or anti-spy program and what it is simply unable to do? To answer these questions, we should understand how it works.

Generally speaking, most anti-spyware works like that: it scans the operating system in search for suspicious bits of code. Should the program find any, it compares these suspicious pieces with bits of code (they are called signatures), which belong to already detected and "caught" spy programs. Signatures are kept in so-called signature base - the inseparable part of any anti-spy program or antivirus. The more signatures it contains, the more viruses and spyware such program will detect, so your PC will be protected more effectively. As long as you update your software regularly and the system doesn't come across some unknown malicious program, everything is going to be all right.

This pattern looks pretty like police records and works like them, too. But… the problem is just like the one with police records – the fact that all people included there are criminals doesn't mean that all the criminals are included into these records.

Well, what about the criminals (malicious programs) that are not included into the records (signature bases)? There are lots of such programs - more than that - some of them will never be in any signature base. Just like with criminals - some of them haven't been caught yet, and some will never be caught – because of their "right of inviolability". Anti-spyware and antiviruses based on signature base analysis will never be able to protect against these spies. Don't expect them to.