Why doesn't anti-virus software work?

Anti-virus software is something you pay for and have installed, but it is not fully protecting your devices and it is slowing down your computer.

Anti-virus software is based on a flawed concept called "computer security," rather than "secured computing."  The first being a reaction to an already established environment and the second a prerequisite. 

The creators of semi-conductors and motherboards did not forecast the concept of the internet, and as such, they didn't forecast the dangers that would come from it.

With anti-virus you have a 65% chance of being hacked and a 100% chance of a slower computer:

To sum it up, why anti-virus doesn't work, let's hear from an insider:

In interview with The Wall Street Journal, Brian Dye, SVP Information Security at Symantec, estimated traditional anti-virus detects a mere 45%  of all attacks. "Antivirus is dead," he said. 

Anti-Virus' Look For Signatures

virus signature is a continuous sequence of bytes that is common for a certain malware sample. That means it's contained within the malware or the infected file and not in unaffected files, a characteristic sequence of bytes.

Today, signatures are far from sufficient to detect malicious files. When the anti-virus software starts scanning, it looks for a specific signature in the files and applications.

Anti-virus software fails to detect viruses 65% of the time. This is because it relies on a database of known, or derivation of known, threats and an anti-virus engine is able to scan for them. If there is a new kind of threat that is unknown, it is called a zero-day attack. This is a vulnerability or malware that is not known.

What About AI?

Artificial intelligence is when hardware technology and software technology work together to mimic human behavior.  Today it can only mimic specific human behavior.  In order to do that, it must machine learn those behaviors.

Computer viruses are written by humans.  One human can write thousands of permutations in the code for their virus.  People who create these viruses often buy anti-virus software first to test their code.  With millions of cybercriminals, the permutations are endless.

As anti-virus software updates, viruses are altered and updated to thwart the software. Hackers must use innovative techniques to bypass software, a popular one being "crypting". Crypting involves the virus developer transforming pieces of the code and testing against anti-virus software to ensure it is undetectable.

Additionally, developers can use programs that run in several forms and variations.  This advanced programming by hackers allows for routines to use variables of different types at different times.

This transforms the malware into an undetectable chameleon, capable of changing its appearance every time it runs, making it more difficult to detect.

Greater than 80% of malware disappears after an hour, and 70% of malware only exists once. This short lifespan means just a small percentage of anti-virus detection signatures catch active threats.

Today, the best line of defense we have is to use machine learning to fight viruses.  

How Does Machine Learning Work?

Machine learning uses algorithms to analyze available data from two manually created data sets; one of these sets contain only malicious files and the other includes only non-malicious files, The purpose of this is the build models to predict whether a file is "good" or "bad".

The predictions made are based on available data it can learn from. The problem is, if hackers write code that changes and because of all the other information in your device, machine learning is guessing on only .034% of the known viruses.

Again, you are paying for anti-virus but it is not defeating viruses.

Machine Learning Can Help Detect New Malware

Machine learning assists anti-virus software in the detection of new threats without the reliance on signatures. Historically, anti-virus software needed to use fingerprinting (cross-referencing files against the known malware database), this is flawed in that only the known viruses are detectable. With hundreds of thousands of variants created daily, this is not a scalable solution.

Machine learning can be trained to recognize the signs of good and bad files, thus enabling malicious patterns and malware to be detected – even if it has not been seen before.

While machine learning can be a very effective tool, the technology does have its limitations.


An important drawback of machine learning is that it doesn’t understand the implications of the model it creates – it just completes the task at hand. Meaning, machine learning doesn't know that it doesn't know and doesn't know what questions to ask.

Additionally, machine learning systems are only as good as the data they analyze. Developing an effective machine learning  model requires an enormous number of data inputs, each of which needs to be correctly labeled. These labels help the model understand certain characteristics about the data (for example, if a file is safe, malicious or spam).

The best way to protect your Privacy with Cybersecurity technology is to build a defense-in-depth with a failsafe.

To win the global war on privacy, we need to think differently. Join us to protect your  right to privacy with CrowdPoint's NoWare™ technology and privacy services,