Tl;dr: No, antivirus software no longer reliably protects against malware threats. To understand why, read below about the history of malware, what antivirus software does, and how you can protect your computer.
While computer science had theorized self-replicating computer programs since the late 1940s, it was only in 1971 that the first virus, called Creeper, was created.
Creeper did not do any particular harm; it could only display a message. The second computer virus in existence, dubbed Reaper, was created with the sole purpose of destroying Creeper.
It was another 15 years of mostly harmless and experimental viruses before Brain was born. Brain was a virus written by two Pakistani brothers in 1986, intended to track pirated copies of their heart-monitoring program. Things escalated quickly and Brain spread to many more machines than anticipated. The writers released the virus with no malicious intent. Indeed, they even included their names, address, and phone numbers in the software.
The Morris Worm was the first computer virus
Just two years later, in November 1988, the first virus spread across the internet. The writer, Robert Tappan Morris, did not intend harm either, but that didn’t protect him from being the first person convicted under the new 1986 Computer Fraud and Abuse Act.
Though the Morris Worm was not built to wreak damage, a few programming errors allowed it to disable over 6,000 computers in just a few hours—around 10% of the internet at the time. It’s estimated the worm caused between 100,000 USD and 10 million USD in damages. The irony is that we know the scale of the attack because the virus was created to calculate the size of the internet.
The Morris Worm was a wake-up call for many, and it helped kick-start the emerging antivirus industry. John McAfee founded the eponymous company that made him famous in 1987, and more antivirus companies emerged shortly after. In 1988, Avira was founded in Germany by Tjark Auerbach. Then, later the same year, Pavel Baudiš and Eduard Kučera created Avast in the Czech Republic. And in 1991, Norton Antivirus was founded in the United States.
How antivirus programs work
Antivirus programs typically work by maintaining a list of all known viruses. Every digital file can be identified by what is called a hash, and each hash uniquely represents a known virus.
Hashes are always only a few characters long, no matter how large the file is, and they can be calculated relatively easily. This makes it possible to store many such hashes in a downloadable database.
The hash approach worked particularly well when there were only a limited number of viruses. AV-Test, one of the popular maintainers of such databases, reported in 1994 to have just over 28,000 viruses on file. By 1999, that number was close to 100,000.
Despite slow beginnings, the number of viruses started growing exponentially. By 2014, there were 37 million virus hashes; just a year later there were 64 million. That’s an increase of over 70,000 per day.
Viruses have become largely polymorphic, which means they behave like a biological organism and will mutate slightly each time it replicates. While the essential function of the virus will stay intact, it can no longer be identified uniquely by its hash.
Because of these mutations, antivirus programs also monitor the behavior of software in general. Unfortunately, it becomes tough to separate the behavior of a legitimate application from an illegitimate one, as no programming functions can be uniquely attributed to viruses. As a result, antivirus programs either tend to miss threats or detect false positives.
Frequent false positives can easily train a user to quickly approve a potential threat found by the antivirus software, a bit like the boy who cried wolf.
‘Allow all’ antivirus became ‘deny all’ browsers
Modern operating systems and browsers are built with polymorphic viruses in mind. While the old security model often evolved around a philosophy of ‘allow all, then add exceptions,’ today’s applications and systems are built to deny everything until the user specifically allows it.
Threats such as viruses and hacking attempts have become so numerous that even antivirus dictionaries with millions of entries will likely miss some, and viruses evolve so quickly that no iterations are the same.
Today’s malware rarely spreads on its own, but instead relies on the user to install and spread it. You may be tricked to install malware from an email attachment purporting to be from your bank, or it may come bundled with pirated software you downloaded.
As such, antivirus rarely works in its current form. It is expensive, may slow down your computer, interfere with other software, and give you a false sense of security. Here is what you can do instead:
The best ways to keep your system safe
A backed-up and up-to-date operating system is the frontline of defense against unwanted code running on your computer.
1. Keep your system up to date
Any threat to your system will look to find little bugs and loopholes to exploit. While bugs are not particularly rare, they are usually patched fast enough to stop the vulnerabilities becoming a large-scale security issue.
It’s important to keep your phone, your computer, and all apps and programs up to date too, to defend against malware. This can sometimes be tiresome, but it is the most important thing to keep you safe.
2. Back up your files regularly
Even if you keep your system up to date, there is still a tiny chance that you will be infected with a virus. There are constant new threats that have yet to be analyzed and discovered and potentially even ones specifically targeting you. It is not likely that an antivirus will be able to defend you against all such threats.
Make regular backups of all your data and keep them on a separate drive, ideally unplugging the drive after you make the backup. This will allow you to start quickly again with a fresh installation of your operating system, often the only guaranteed way to get rid of a virus.
Does a VPN protect me against viruses?
While a VPN makes it impossible for your local internet service provider or Wi-FI provider to inject malicious code into your browsing sessions, a VPN alone does not protect you against viruses.
Even when using a VPN, you still need to be careful with email attachments and downloads. You should never open files with suspicious formats such as .exe, .jar or .js, and only open files from sources that you trust. When in doubt about an attachment from a trusted contact, try reaching out to them through a separate channel to verify the authenticity of their message.
Yes, you can still run antivirus software
There is no significant harm in running an antivirus program, as long as it is only one (two such programs will very likely interfere with each other). If you find your system to be slow or programs no longer running smoothly after installing antivirus software, consider switching providers.
Running an antivirus program largely helps protect those around you with unpatched and outdated systems, and it makes sure you do not inadvertently spread virus-corrupted files, even when they cannot infect your computer.
Antivirus can also help you identify threats that are buried deep in your backups or other files. Even if they cannot infect your updated computer, you probably don’t want them on your system.