When computers work well, life becomes easier and more connected. However, as much as the industry has flourished in the last few decades, computers still break down—and more often than not, that is because of viruses. New viruses emerge regularly, coinciding with the global rise in cyberattacks and other threats. While some viruses can cost consumers millions of dollars and cause permanent damage to networks, others don’t cause as many problems anymore because of advances in computer architecture and software development.
But what is a computer virus, exactly? And what are the best antivirus programs for computers? The following sections will address these questions and more. Readers will also learn about the additional benefits of using security applications on any device that can connect to the internet.
Mydoom is generally considered to be one of the worst computer viruses of all time, causing close to $40 billion worth of damage in 2004, according to some estimates. Adjusting for inflation would take that figure higher.
Mydoom was also known as Novarg in the beginning. Technically, though, Mydoom was more of a worm rather than a computer virus. Hackers infected messages with the Mydoom virus and then sent the messages to millions of users. Some reports mention that at Mydoom’s peak, one in every four email messages sent had been infected with the virus.
The working principle behind Mydoom was simple enough as well. The virus first infected user devices and then extracted email addresses from the victim’s contact lists. Once the list was obtained, the Mydoom virus moved to send copies to everyone on the contact list. After infecting the devices of those contacts, the virus continued the process on the next group of devices. Mydoom was also able to enlist infected machines into a botnet (a giant web of infected devices). When enough computing devices became part of the botnet, hackers launched more advanced attacks such as distributed denial-of-service attacks. So in effect, the Mydoom virus didn’t just infect via email but also helped to launch cyber attacks that shut down internet services and apps. The Mydoom virus (or worm) is still not completely gone. Cybersecurity experts estimate that 1% of all phishing emails contain Mydoom. By that account, close to 30 million phishing emails sent each day carry the virus.
Sobig was another computer virus that caused massive damage to internet infrastructure. By some estimates, the Sobig computer virus caused damage in excess of $37 billion while infecting over 2 million computing devices. Unlike the usual computer viruses at the time, Sobig acted not only as a worm (meaning fast self-replication) but also as a Trojan (which means advanced stealth abilities). Similar to most computer viruses (and malware in general), the Sobig virus spread via infected email messages. Most of the emails that were sent (along with Sobig) had catchy (but malicious headlines such as “Re: Details” and “Your Details,” along with other variations.
Hackers behind the Sobig virus had built up an infrastructure so big and efficient that millions of emails were sent to unsuspecting users throughout the world. At one point, Sobig brought down a major portion of network traffic in Washington, D.C. The worm also forced Air Canada to ground flights and brought computer systems belonging to corporations down to a halt. Sobig affected computer networks in the U.S., Europe, Asia, Canada and the U.K. Hackers also managed to evolve Sobig into more effective versions, such as Sobig.A and Sobig.F.
Some consider Klez to be one of the most destructive computer viruses. The virus’s creator wrote the code in Microsoft Visual C++. Klez was particularly damaging to most computer networks because of advanced stealth capabilities. Around 2001, common security applications such as antivirus software and anti-spyware could not detect Klez, making infecting many machines easier for the original Klez worm and all the variants that came after.
Similar to other computer viruses at the time, Klez infected email messages first and then found a way to the victim’s computer system. Once on a given computer system, Klez moved to replicate, spread, steal the victim’s contacts list and then send an email message (along with Klez, of course) to all the contacts for rapid infection. Later variations of Klez gained the ability to carry additional harmful programs that essentially shut down the infected devices.
Klez could not only act as a standard computer virus but also as a worm and a Trojan sample. At Klez’s peak, the virus could disable security applications, virus scans and virus removal tools. The later versions of Klez were probably the first computer viruses that could steal targets’ address books and exploit contact lists. For example, Klez could compose an email with a name copied from the address book and then send the infected message to other contacts. Today, this technique is known as email spoofing. In email spoofing, an infected email may appear to come from a known source, but the real source doesn’t appear in front of the “From” field.
Modifications such as those mentioned above made Klez particularly troublesome as the virus became very efficient at sending spam, getting around various blocking tools and clogging email inboxes quickly. Since Klez made knowing the source of the spam email messages hard, individual users and email programs could not effectively ignore or block spam messages. Moreover, since Klez was able to launch email spoofing attacks, internet users were more likely to open spam messages (as the “From” field had a name from the “Contacts” list).
The ILOVEYOU computer virus is one of the most popular computer viruses of all time, continuing the series of potent computer viruses that came before and wreaked havoc worldwide. ILOVEYOU is considered to have originated in the Philippines from a developer named Ondel De Guzman, who created the virus to steal credentials and access premium content. Like other computer viruses on this list, the ILOVEYOU virus could also act as a worm. As a standalone program, ILOVEYOU could easily replicate quickly once on a given system.
ILOVEYOU primarily spread through email messages, like many existing computer viruses. The infected messages appeared in the user’s email inbox as love letters, all with ILOVEYOU as an attachment. Users who made the mistake of opening the attachment without proper precautions would allow the virus to infect the system and create several problems. As is the case with any computer virus that acts as a worm, ILOVEYOU quickly made several copies of itself and then hid all the files that contained the virus. Moreover, the ILOVEYOU virus replaced genuine files with the copies made earlier. That would make the infected system more unstable because of missing files (as some got replaced by the copies). This way, the ILOVEYOU virus kept replicating to create even bigger problems, such as the system slowing down or getting locked.
WannaCry is arguably the biggest modern computer virus that managed to escape even the best antivirus solutions. WannaCry initially appeared in 2017 and quickly morphed into ransomware. Ransomware is just like an ordinary virus, but instead of stealing data or slowing down the infected device, ransomware locks down the target machine, encrypts the data and then holds the data hostage. The owner of the infected device has to pay a predetermined ransom amount before the files are unlocked, and the machine is made operable again.
Despite significant developments in the field of cybersecurity and software development, the WannaCry ransomware managed to infect computers in more than 150 countries. Individual users have always suffered at the hands of new computer viruses, but WannaCry also caused government organizations, hospitals and corporations massive damages from lost productivity and other costs. Moreover, the organizations and individuals who didn’t pay the ransom had to rebuild all the affected systems from zero, further increasing losses.
The Zeus computer virus could be most accurately classified as a Trojan. Zeus infected computers running the Windows operating system and then used the infected devices to engage in further criminal activities. Mostly, Zeus used hacking techniques such as form grabbing and man-in-the-browser keylogging to steal credentials and cause financial/personal losses. As always, the Zeus computer virus only infected machines via phishing links and drive-by downloads.
Zeus was first discovered by cybersecurity researchers in early 2009, and over the years, the virus managed to infect thousands of computers. Since security applications still had not developed to contain every new threat, Zeus could infect not just individual computers but also FTP accounts and networks belonging to banks, technology companies and other big corporations. Hackers actually launched the Zeus virus along with a botnet that was used to quickly steal sensitive information from bank accounts, emails and social media accounts.
In total, Zeus managed to infect close to a million computers in the U.S. alone. Zeus likely had the biggest network of criminals working together to generate revenue. The virus campaign involved not just hackers who developed the virus but also people who could move money anonymously. For transferring cash across the continent into Europe, hackers had another team. One operation managed to steal over $70 million over a short period. When law enforcement agents busted the ring, over 100 people went to jail. The overall damage caused by the Zeus virus is estimated to be between $3 billion to $4 billion.
7. Code Red
Code Red is a member of a long line of computer viruses that acts as a worm. This virus mainly infected machines with Windows 2000 and Windows NT running, exploiting a security vulnerability most readily available in these operating systems. More specifically, Code Red targeted devices that ran the Microsoft IIS web server, which had a buffer overflow issue at the time. Once Code Red infected a device running Windows NT or 2000, the virus would coerce the hardware to take new instructions from the worm and overwrite the memory. Once the infected device accepted the new malicious instructions, everything would either crash or hackers would use the now-compromised device to launch cyberattacks on organizations’ websites. Similar to any standard worm, Code Red was able to make copies of the original virus quickly. Unlike some of the other viruses previously mentioned, Code Red didn’t try to hide the fact that the device in question was infected. Instead, Code Red left a message on local server pages that said, “Hacked by Chinese.”
In total, Code Red caused damages amounting to $2.6 million and infected close to a million computers.
The SQL Slammer virus, also known as Sapphire, was launched in 2003. Given the limited infrastructure of the internet in 2003, the computer virus took less than 30 minutes to infect a major portion of servers that formed the backbone of the internet. As a result of the Slammer infection, internet bandwidth became restricted worldwide, which also caused a massive slowdown. Slammer managed to crash the ATM Service offered by Bank of America, various 911 services and airlines (which had to cancel flights).
Unlike some of the computer viruses mentioned so far, Slammer didn’t need a user to open an infected email to compromise a device. Instead, the computer virus ran a fake version of SQL Server 2000, a database package from Microsoft, and installed itself on the device. Slammer concentrated more on servers rather than individual users. Hence, the most vulnerable targets were system administrators and the related machines. Once a computer was infected, Slammer started to generate massive amounts of network packets. Over time, the packets overloaded network servers and routers and thus slowed down communications and caused damage.
The most affected country was South Korea, where almost the entire population could not access the internet for some time. In terms of damages, estimates have Slammer causing at least $1 billion worth of productivity loss.
Note:Eventually, though, security patches allowed servers to better prepare for Slammer and antivirus applications started to block the virus.
CryptoLocker is one of the more recent computer viruses that took advantage of some of the latest attack techniques. CryptoLocker represented a new class of cyber threat called ransomware, which essentially locks all the files on the target system and takes the data hostage.
The CryptoLocker computer virus first gained attention in 2013. Once on a system, CryptoLocker encrypted all the important files and displayed a red ransom note to the owner of the device. The note informed the owners of the technology used to lock up all the sensitive data and showed the victims a method to send payments to specific accounts to get the encrypted data back.
Like most viruses, the CryptoLocker ransomware mainly spread via malicious email attachments. After encrypting a device’s files and preventing the owner from accessing any data, hackers only sent the decryption key once the owner sent a fixed amount of money. The amount of money varied depending on the importance of the encrypted data and thus could be anywhere from $100 to thousands of dollars. If users or organizations decided not to pay the ransom, hackers would get rid of the data for good. The interesting bit about CryptoLocker is how hackers used a two-staged process to attack vulnerable devices and encrypt data. Essentially, hackers first created a botnet called Gameover Zeus, which was then used to send millions of CryptoLocker virus copies.
The Sasser and Netsky viruses came on the scene in 2004. The developer is considered to be Sven Jaschan, who was a 17-year-old teenager living in Germany. In the beginning, cybersecurity researchers had a hard time recognizing that the two viruses had a common developer. Instead, the idea was that both Sasser and Netsky used similar code to infect devices and cause damage.
Note:In most cases, Sasser would look for vulnerable computer systems via IP address scanning. After picking candidates, Sasser would instruct target devices to download a file that contained the virus. Sasser was dangerous because the virus could make modifications to the operating system, allowing the virus to block the default methods of shutting down the computer. The only way to shut down the infected machine was to unplug the power cord.
In terms of the working principle, Sasser targeted the then-somewhat common LSASS (Local Security Authority System Service) overflow vulnerability. The service, as the name suggests, manages any local account’s security policy. Once modified, Sasser crashed accounts and thus the computer. Sasser also had the ability to propagate quickly using the available sources and even infect other devices on the same network.
Similar to Slammer, Sasser gained traction very quickly and infected close to 1.5 million computers within two days of release. The virus affected rail services in Australia (leading to many canceled flights) and banks (over 130 branches) in Finland.
Like almost all other computer viruses, old and new, Sasser began the process of infecting devices by attaching a copy to an email. If the user opened the email and clicked on the attachment, Sasser infected the device. Once infected, Sasser would move to send the same malicious email (along with the attachment) to all the contacts of the current victim. The Sasser program repeated the process for each infected machine. Sasser/Netsky kept on infecting machines even through 2004 and caused damages amounting to $1–$2 billion.
What is a Computer Virus?
A computer virus is any length of code or a full program that is built from the ground up to cause harm to other computers. Computer viruses typically corrupt an infected device’s system files, steal data and consume resources, thus slowing down the machine to a great degree. Some computer viruses can encrypt, delete and modify data; others just hide on the infected device while monitoring user activities.
This is important:Computer viruses can be considered a type of malware but with important unique characteristics, such as the ability to self-replicate, spread from one device to another without any user input and advanced stealth capabilities.
How Can You Tell If Your Computer Is Infected with a Virus?
There are many signs that give away if the computer is infected with a virus. The simplest and most obvious sign is a notification from an antivirus application (if the user has one installed). Most antivirus programs run scans in the background periodically to look for malware infections. Often, antivirus apps will remove malware without any user input and only present a notification once the malware has been removed. Better antivirus programs are able to block/delete/quarantine malware (such as computer viruses) before the viruses can harm the device.
Note:If the computer crashes often, that is a strong sign a computer virus could be hiding somewhere in the system. One of the classic signs of computer virus infection is crashing, when the device automatically reboots without user input or becomes unresponsive shortly after a restart. With that said, sometimes overheating issues can cause the device to restart and/or become stuck. But if that is not the case (temperature sensor apps can be used to check), then unplanned restarts and crashes (outside of newly installed apps with bugs) are a sign of a virus.
Pop-ups and ads showing up in unexpected places are signs of a computer virus. Older computer viruses only showed ads in the form of full-screen pop-ups, but modern iterations can automatically play and replay video apps not just on the full screen but also in web browsers. Sometimes the user may see tabs opening automatically and showing advertisements randomly. Whatever the content of such pages, seeing advertisements in new tabs without any input is a sign of a computer virus infection. Most of the content presented in such ads is not only false but designed to trick users into giving up sensitive information. Moreover, these pop-up ads can download additional malware on the user’s device.
Another sign of virus infection is the device running hot for no reason. Whenever the user is engaging in resource-heavy activities such as video games, streaming or editing, the machine is bound to run hot. But when the machine runs hot even when there are no obvious activities being engaged, that is a sign of virus infection. Computer viruses can sometimes consume a lot of resources trying to receive and send data to the hacker’s command and control operation. That can drive the temperature upwards. Modern mobile devices such as smartphones and tablets can notify the user if the device is getting hot. Users should check for any suspicious background activity.
The computer suddenly becoming slow to the point of being inoperable is another sign of virus infection. Viruses tend to slow down computers. That is especially the case with worms, botnets and crypto miners. Such viruses overload system resources and launch other cyberattacks via the infected device. Of course, computers naturally do slow down as apps get more complex and images get heavier to load. That’s why a computer slowing down is only a sign of virus infection, not a guarantee.
Finally, unusual error messages may be another sign of virus infection. Error messages usually pop up when there is a bug in the system or an issue that needs user attention. But sometimes, unexpected notifications can indicate that a virus is trying to change something. Usually, such error messages inform the user of corrupted files or missing folders. Depending on the content of the error message, the PC could be compromised.
How Do You Prevent Computer Viruses?
The steps users can take to prevent computer viruses from causing harm are given below.
- Back up Important Information: Backing up all critical information can help internet users sidestep almost all of the damage any computer virus can cause. There are many good cloud backup options available as well (some free). A virus can only contaminate files on a target device. Cloud files are always safe from such attacks. Once an infection happens, users who regularly backup files only need to wipe the device and restore the data. After that PC gets cleaned, the user can get all the important files back from the cloud.
- Never Download Pirated Software from Any Website: Downloading and installing pirate applications are some of the best channels to get a computer infected with a host of viruses. As tempting as downloading free movies, applications and games may seem, the risk is not worth the download, especially if the device contains a lot of sensitive information. Illegal versions of software and media contain viruses that can take over a user’s device very quickly, and that’s because of the system. Websites that offer pirated content (of all types) usually have two kinds of users: One wants to download free content and programs, while the other aims to inject malware and viruses into the free content/programs. Hence, there is no way to avoid viruses if the user is not going to stop pirating software.
- Do Not Visit Untrustworthy Websites. There are close to 2 billion websites online right now, many of which would not respect the user’s right to privacy and safe browsing. Websites with shady owners and administrators are actively trying to trick users into downloading computer viruses. The most common ways such websites dupe users is via drive-by downloads, misleading links and malicious advertisements. Users can guard against such threats by sticking to official and well-reputed websites.
- Keep Applications and Operating Systems Updated: Even users who agree that patching applications and keeping the operating system up-to-date is important don’t know the best time to update. The general rule is to apply software updates as soon as a new version becomes available. Whether there is some work left or the movie is about to reach the climax scene, updating all devices and apps ASAP is the best defense against viruses. Without updates, hackers can exploit security flaws that exist in almost all applications. Then, hackers can take control of the device and download a virus to cause further damage. Even users who are careful about clicking on things online cannot guard against software vulnerabilities. Only regular updates can prevent hackers from entering the device this way. Most operating systems and apps today can download and install updates automatically if the user allows.
- Do Not Click on Email Attachments from Unknown Addresses: No matter how genuine the message sounds or how good the deal is, avoiding clicking on email attachments from strangers is among the best ways to prevent computer viruses. The best free email services (such as Outlook, Gmail and ProtonMail) always ask users for permission before downloading anything from an email message because email attachments are the main route for hackers to compromise a device. Most email services today have built-in virus protection mechanisms, but hackers can bypass those as well. Almost all spam emails rely on the user to click on the malicious attachment and download the virus. From there, the virus can spread to other people on the first victim’s contacts list. Opening an attachment gives viruses the chance to execute the malicious code and begin compromising the device in the background. On that note, disabling image previews is also effective.
- Install a Good Antivirus Program: The best antivirus programs usually have a free tier that is almost as effective as the paid version. Antivirus programs run scans in the background, keep a check on the system’s daily activities and guard against all types of online threats while the user is browsing, shopping or banking.
Pro Tip:As readers can see, learning how to prevent computer virus infection is less about installing the latest and greatest tools and more about following proper safety procedures while online and keeping everything updated.
What is the Best Antivirus for Computers?
The products that are considered the best anti-virus for computers are given below.
- Bitdefender Antivirus Plus (Best Overall): Bitdefender Antivirus is the best antivirus protection for computers overall, checking all the boxes needed to become the top in the business. Bitdefender has stellar independent lab test results, a plethora of features and is light on resources. With features such as a VPN, banking protection, a “Do Not Track” function, ransomware protection and intuitive apps, any internet user can benefit from this antivirus program.
- McAfee Antivirus Plus (Best for Multiple Devices): McAfee Antivirus Plus is perhaps the most improved of all antivirus options. With affordable packages, support for multiple devices and platforms and bonus features such as a firewall and file shredder, McAfee Antivirus is a complete antivirus solution. More expensive packages also offer a password manager, parental controls and gamer security.
- Norton AntiVirus (Best for Ransomware Protection): Norton AntiVirus offers the most variation in packages to fit consumers’ needs. The general protection features are solid and score reasonably well in independent testing labs. Norton AntiVirus shows class with features such as browsing protection, a backup service, support for multiple devices, an intelligent firewall and maintenance options.
What are the Benefits of Antivirus Software for Computers?
The most important benefits of antivirus software for computers are given below.
- Convenient Protection: This is the biggest advantage of antivirus programs for modern internet users with busy schedules. Internet users only need to go to the antivirus product’s website and download and install the app to get protection. There is no time to waste or manually check data for malware infection. The best antivirus products use cloud analysis, file behavior analysis, machine learning, DLL injection prevention and heuristics to keep malware out of the user’s system. Most of all, the user doesn’t need to know how any of the features work to get full protection.
- Identity Theft Protection: With identity theft attempts increasing exponentially every year, a lesser-discussed benefit of antivirus software is identity theft protection. Antivirus applications are now able to handle spyware attacks that steal personal information. Antivirus products can also secure social security numbers, credit card information, bank data, passwords and other items of data.
- Enhanced Performance: Antivirus products make the user’s computer run faster. That’s because of the advances in the way antivirus applications are developed and how such programs run scans in the background. Most good antivirus products protect the computer without consuming too many resources. Antivirus products also speed up computers by deleting any unwanted folder or file, which frees up HDD space and saves important CPU resources.
- Ad Blocking and Spam Filtering: As indicated earlier, ads and pop-ups are used very commonly to slip malware into the user’s device. Antivirus products can stop such pop-up notifications and advertisements from ever interacting with the user. In cases where the user does click on malicious ads or links, the antivirus product can stop malware from downloading.
- Firewalls: Antivirus applications monitor all the data that enters and exits the user’s device via the internet. Upon detecting any suspicious behavior or data, the antivirus app is able to block the transmission of data, which inevitably saves the device from downloading malware.
- Protection from All Viruses: Antivirus products provide protection from all viruses, including those that have just been released in the wild by hacker groups. The primary benefit of using antivirus applications for computers is protection against viruses.
- Removable Device Protection: Though not as important as before, antivirus products can protect removable devices from viruses and stop removable devices from infecting the user’s main device. Removable devices are most used when the user wants to transfer data either to or from a computer or a laptop using USBs. Sometimes, if the USB is infected, the computer that connects to the USB either slows down or crashes. One way to get rid of the problem is to never use USBs to transfer anything. The other more practical solution is to get an antivirus application that scans all removable devices before anything is transferred.
- Keep Children Safe on the Internet: Some of the things on the internet are not suitable for kids. Since there is no way for a parent to keep an eye on a child at all times, an antivirus offers parental controls to make the job easier. Parental controls allow parents to monitor everything that the child does on a given device. To keep tabs on the child’s activities, antivirus products also offer control tools and logs.
- Password Protection: Almost all good antivirus protection applications offer password managers so that users do not have to reuse passwords or worry about how to keep passwords safe.
- Virtual Spaces: Antivirus products offer virtual desktops for new apps that the user wants to try but isn’t sure about. Any new app that displays malicious behavior when run inside a virtual desktop will only affect the virtual space and not the user’s actual device.
Can a VPN Keep your Computer Safe from Viruses?
Generally speaking, VPNs do not keep computers safe from viruses. With that said, readers should know that because of the way VPNs work, a user is less likely to get infected with a virus. That’s because VPN services secure user data via encryption. Since the data is unreadable, even if the hacker uses malware to steal user data, there would be no way to gain anything.
Note:VPNs sometimes also restrict ports that can be used to establish connections for transmitting data. This makes a virus infection very hard. The VPN market now has VPN services that offer ad blockers that protect against viruses by blocking malware-ridden ads and pop-ups.
Finally, many modern VPNs have antivirus components built into the apps, along with safe browsers and search engines. Hence, VPNs may not protect against all types of computer viruses, but the extra features that come with VPNs definitely help guard against cyber threats like computer viruses.