Antivirus software facts for kids

"Antivirus" redirects here. For the medication, see Antiviral drug.

Antivirus software (also called anti-malware) is a special computer program. It helps to stop, find, and remove harmful software called malware.

Antivirus software was first made to find and remove computer viruses. That's why it's called "antivirus." But now, there are many other types of malware. So, antivirus programs also protect against other threats. Some even help protect you from bad websites, unwanted emails (spam), and online scams (phishing).

How Antivirus Software Started

Computer viruses have been around for a long time. The first known computer virus appeared in 1971. It was called the "Creeper virus." This virus infected large computers used by a company called DEC.

A program called "The Reaper" was made to get rid of the Creeper virus. Some people think "The Reaper" was the first antivirus software. But it was actually a virus itself, designed to remove another virus!

In 1981, the first virus that spread widely was "Elk Cloner." It infected Apple II computers. In 1983, a researcher named Fred Cohen first used the term "computer virus." He described it as a program that changes other programs to make copies of itself.

The first widespread virus for IBM computers was "Brain" in 1986. After that, the number of viruses grew very quickly. Many early viruses just copied themselves. But soon, viruses started to damage or destroy data on computers.

Before the internet was common, viruses usually spread through infected floppy disks. Antivirus software was used, but it wasn't updated very often. It mainly checked files and disks. When the internet became popular, viruses started spreading online much faster.

Early Antivirus Programs

Many people claim to have made the first antivirus product. In 1987, Bernd Fix was one of the first to publicly remove a real computer virus.

Also in 1987, companies like G Data Software, McAfee, and NOD released their first antivirus products. A researcher named Fred Cohen said in 1987 that it's impossible to make a program that can find every single computer virus.

Later in 1987, the first antivirus tools that used "heuristics" came out. Heuristics means they looked for suspicious behaviors, not just exact virus codes. This was a new way to find viruses.

In 1988, more antivirus companies started, like Avira, Avast Software, and AhnLab. Many of these early companies are still big names in antivirus today.

By 1989, F-PROT Anti-Virus and Symantec (with its Symantec antivirus for Macintosh) were also on the market. These early programs helped users update their software to catch new viruses.

The Antivirus Industry Grows

In the 1990s, the antivirus industry really took off. Panda Security was founded in Spain in 1990. In 1991, the Computer Antivirus Research Organization (CARO) was formed to help name and understand viruses.

Symantec released its first Norton AntiVirus in 1991. Other companies like AVG Technologies and F-Secure also released their first antivirus products around this time. F-Secure was one of the first antivirus companies to have a website.

The European Institute for Computer Antivirus Research (EICAR) was also started in 1991 to help with antivirus research. By 1994, there were almost 30,000 different types of malware. This number grew to nearly 100,000 by 1999.

New companies like Bitdefender and Kaspersky Lab were founded in the mid-1990s.

Antivirus in the 2000s

In the early 2000s, the first open-source antivirus programs appeared. OpenAntivirus Project started in 2000, and ClamAV was released in 2001. ClamAV later became a commercial product and was bought by Cisco Systems in 2013.

By 2005, the number of unique malware samples had grown to over 330,000. This number exploded even more in the following years. In 2007 alone, there were over 5 million new malware samples. By 2012-2013, antivirus companies were reporting 300,000 to 500,000 new malware samples every day!

This huge increase meant antivirus software needed new ways to protect computers.

Viruses started hiding in documents using powerful macros (small programs).
Harmful code could be hidden inside files that didn't seem dangerous.
Email programs became vulnerable, allowing viruses to infect computers just by opening or previewing a message.

In 2005, F-Secure created the first "Anti-Rootkit" technology. Rootkits are very sneaky malware that hide deep in a computer's system.

Cloud Antivirus and New Technologies

Around 2008, the idea of "Cloud-based" antivirus started. This means that instead of your computer doing all the work, some of the scanning and analysis happens on powerful servers on the internet (the "cloud"). This makes antivirus faster and lighter on your computer. McAfee and AVG were early to use this technology.

Since 2014, a new type of antivirus, called "next-generation" antivirus, has become popular. These programs use advanced methods like artificial intelligence and machine learning. They can detect new threats that traditional antivirus might miss, even "zero-day attacks" (attacks that no one knows about yet). Companies like Carbon Black, Cylance, and Crowdstrike are leaders in this new area.

Traditional antivirus companies like Trend Micro, Symantec, and Sophos have also added these new technologies to their products. Experts now say that old signature-based antivirus is "ineffective" on its own.

Since Windows 8, Microsoft has included its own free antivirus called Windows Defender. While it wasn't great at first, it's now considered a top product. This has changed how many people search for and buy antivirus software.

The antivirus industry has seen many companies join together. For example, Avast bought AVG in 2016. Then, Gen Digital (which owns Norton) bought Avira in 2020 and BullGuard in 2021. In 2022, Gen Digital also bought Avast. This means many big antivirus brands are now owned by one company.

As of 2024, more than half of Americans use built-in antivirus like Microsoft Defender or Apple's XProtect. However, about 121 million adults still use other antivirus software. Most of these users are on desktop computers, especially those aged 35-45. Younger users (18-25) often use ad blockers instead.

How Antivirus Finds Malware

Antivirus programs use different ways to find malware. No single method can find every single virus, but using many methods together helps a lot.

Sandbox detection: This method runs suspicious programs in a safe, fake computer environment (a "virtual machine"). The antivirus watches what the program does. If it acts like malware, the antivirus stops it. This method is good but can be slow.
Data mining techniques: This is a newer method. It uses smart computer programs (machine learning) to look at many features of a file. It then decides if the file is good or bad based on what it has learned from other files.

Signature-Based Detection

The most common way antivirus software finds malware is by using "signatures." When an antivirus company finds a new piece of malware, they study it. Then, they create a unique "signature" for it. This signature is like a digital fingerprint. The antivirus program keeps a huge database of these signatures. When it scans your computer, it compares files to these signatures. If a file matches a signature, it's identified as malware.

However, malware creators try to trick this method. They make "polymorphic" or "metamorphic" viruses. These viruses change their code slightly each time they copy themselves. This makes it harder for them to match a known signature.

Heuristics

Many viruses are part of a "family." They might have small differences, but they share common traits. Heuristics is a smart way to find these virus families. Instead of looking for an exact match, it looks for common patterns or behaviors that are typical of a virus family.

For example, if a virus family always tries to do a certain suspicious action, the antivirus can flag it. This method can find new versions of viruses even if they don't have an exact signature yet.

Rootkit Detection

Rootkits are a very tricky type of malware. They are designed to take control of your computer without being seen. Rootkits can even hide from antivirus programs and change how your operating system works. Antivirus software tries to find rootkits, but they are very hard to remove. Sometimes, you might even need to reinstall your entire operating system to get rid of them.

Real-Time Protection

Most antivirus programs offer "real-time protection." This means they are always running in the background, watching your computer. They check files as you open them, programs as you install them, and even emails as they arrive. If they find anything suspicious, they alert you or stop the threat immediately.

Things to Know About Antivirus

Unexpected Costs

Some antivirus programs automatically renew your subscription and charge your credit card. You might need to cancel many days before your subscription ends if you don't want it to renew.

Fake Antivirus Programs

Be careful! Some programs that look like antivirus software are actually malware themselves. They try to trick you into paying for fake protection. These are called "rogue security applications."

False Alarms

A "false positive" happens when antivirus software mistakenly identifies a safe file as malware. This can cause big problems. If the antivirus deletes an important system file, your computer or other programs might stop working. Fixing this can be costly and take a lot of time.

There have been many examples of serious false positives:

In 2007, a faulty update from Symantec made thousands of computers unable to start.
In 2010, McAfee mistakenly identified a normal Windows file as a virus, causing computers to get stuck in a restart loop.
Also in 2010, an AVG update damaged 64-bit Windows 7 computers, making them unable to start.
In 2011, Microsoft Security Essentials removed the Google Chrome web browser, thinking it was a banking virus.
In 2022, Microsoft Defender flagged many popular apps like WhatsApp and Spotify as serious threats.

Performance Issues

Running multiple antivirus programs at the same time can slow down your computer. It can also cause conflicts between the programs. Sometimes, you might need to temporarily turn off your antivirus when installing big updates for your operating system or other software. This helps prevent problems during installation.

Antivirus software can also sometimes interfere with other programs, like disk encryption tools or games.

How Effective Is It?

Antivirus software is very helpful, but it's not perfect. Studies have shown that antivirus programs are not always 100% effective, especially against brand-new viruses. This is because virus creators often test their viruses against major antivirus programs to make sure they aren't detected before releasing them.

Modern viruses are often made by professionals and can be very sneaky. They might use "polymorphic code" to change themselves and avoid detection. If a file is infected, antivirus software tries to clean it. But sometimes, the file is too damaged to be fully restored. In those cases, you might need to use a backup or reinstall the software.

Antivirus programs also struggle to detect rootkits, which hide deep in the computer's system. They are also not very good at protecting against infections in the computer's firmware (like the BIOS), which is a serious concern.

Other Ways to Stay Safe

While antivirus software on your computer is common, there are other ways to protect yourself:

Firewalls

Firewalls are like a security guard for your computer's network connection. They stop unknown programs from accessing your system from the internet. Firewalls are good for general network threats, but they don't find or remove viruses themselves.

Cloud Antivirus

Cloud antivirus uses the internet to do most of the heavy work. A small program on your computer sends suspicious files to powerful servers in the cloud. These servers use many different antivirus engines to scan the files quickly. This is great for devices that don't have a lot of computing power.

Online Scanners

Many antivirus companies offer free online scanning tools on their websites. You can use these to scan your computer, specific folders, or files. It's a good idea to do an online scan sometimes, even if you have antivirus installed. This is because malware sometimes tries to disable your installed antivirus. An online scanner can help you find threats that your regular antivirus might have missed.

Special Tools

There are also special tools designed to remove very stubborn infections or specific types of malware. Examples include the Windows Malicious Software Removal Tool or Kaspersky Virus Removal Tool.

You can also use a "rescue disk." This is a special CD or USB drive that you can use to start your computer. It runs antivirus software outside of your normal operating system. This is helpful if your computer won't start because of malware, or if the malware is too strong for your installed antivirus to remove.

Why Antivirus Matters

Computer viruses can cause big problems for businesses and individuals. They can lead to financial losses and data damage. While many people use built-in antivirus today, a large number of adults still use other antivirus software for extra protection. It's important to use some form of protection on your devices to stay safe online.