When you think a virus has hit your computer, the solution seems simple enough; just run a virus scan and see if it finds anything. If the antivirus doesn’t pick anything up, that must mean there are no viruses, guaranteed… right?

Unfortunately, it’s not as simple as that. While modern-day antivirus programs have become highly effective at stopping viruses, there are times where malware can go undetected. Let’s explore the ways how.

Before We Start: A Primer on Virus Definitions

As we cover this topic, we’re going to talk about “virus definitions” a lot. As such, it’s best that we square away what a virus definition is first, and why it’s important here.

When your antivirus looks for malware, it needs a guide on what’s a virus and what’s not. To do this, it needs virus definitions that tell it what’s bad and what's good. Antivirus programs usually receive definition updates from the developer on a regular basis, so that it knows all the newly-discovered viruses and what they look like.

You can imagine these definitions as the antivirus equivalent of a criminal mugshot. The definitions tell the antivirus what the virus looks like and how to defend against it. As such, the strength of an antivirus is in its virus definition library and how it uses it.

How Can a Virus Dodge an Antivirus?

Because virus definitions are so essential for an antivirus, malware developers strive to find ways to dodge these definitions by one method or another. So, what are these methods?

1. Viruses Can Sneak Past an Unupdated Antivirus Program

First off, if you don’t allow your antivirus to update itself, it doesn’t know all the latest virus definitions. This, in turn, means that new viruses will slip past your defenses without getting caught.

That’s why it’s really important to keep your antivirus updated. If it wants to download new definitions, don’t put it off for another day. Grab them ASAP and let it do its work. By doing so, you allow your antivirus to do its job properly when protecting your PC.

2. Zero-Day Viruses Can Get Through Scott Free

...but even if you do keep your antivirus up-to-date, it’s not perfect. After all, there are viruses out there that the antivirus companies have yet to encounter yet. And because of that, there are no published virus definitions to combat it. This kind of malware is what’s known as a “zero-day virus.”

Related: What Is a Zero Day Exploit and How Do Attacks Work?

Zero-day viruses spread across the internet on the “zeroth day” of their release. The term describes a virus that is brand-new and has just begun its siege on the internet.

Going back to our criminal mugshot example, a zero-day virus is like a criminal who has committed a crime that hasn’t been reported yet. In the window between committing a crime and the police issuing a search for them, the criminal can walk around like a regular citizen without getting arrested.

In a similar vein, a brand-new virus doesn’t have any definitions set for it, because the antivirus companies don’t even know it exists yet. And before it’s caught, the virus can slip onto PCs without alerting the antivirus.

This is why you may see your antivirus updating its definitions very frequently. As researchers spot these viruses in the wild, it's essential to create a definition and push it to people's antiviruses as quickly as possible to negate the zero-day threat.

3. Obfuscation Can Make Things Complicated

If a malware developer knows that an antivirus will identify their code, they still have a few tactics up their sleeves to prevent detection.

One of them is a trick called “obfuscation.” This is when a malware developer cleverly hides their malicious code so an antivirus won’t find it. For example, they may deploy a program that automatically encrypts and decrypts the bad parts, or change the code of the virus itself so it looks different every time it infects someone.

By changing how it looks, it keeps the antivirus on its toes. An antivirus is looking for a specific "signature" that identifies a specific strain of malware for what it is, so if the malware developer can hide this signature, it can dodge an antivirus scan better.

4. Malware... Without Malicious Code

The sneakiest kind of malware is the kind that isn’t actually malware whatsoever. It’s a program that acts as a staging ground for future virus infections and attacks, but it itself is completely innocent-looking.

For example, a malware developer can make a program that can download files from a remote server. Perhaps the developer explains this away as an update service or a way for the user to download more files for their program.

The program itself doesn’t have any malicious code in it, so the antivirus allows it in. However, the malware developer can then use that remote server connection to sneak in malware through the backdoor. And because the program was innocuous to begin with, there's a greater chance that your antivirus won't catch it downloading viruses onto your PC.

How to Stay Safe From Undetectable Viruses

Fortunately, despite the threat that these undetectable attacks pose, it doesn't mean your computer is just a sitting duck waiting to get attacked. The absolute best antivirus on the market right now is your common sense, and if you use it well, you can avoid an attack.

If you're taking care to download files from legitimate sources, and you're not opening suspicious attachments in weird-looking emails, you're already doing a lot to protect yourself. We've covered a huge list of security tips to protect yourself online, but even if you apply the bare basics, you should be okay. Don't forget; an antivirus-dodging malware can only do its work if you let it!

The Importance of AI in Antivirus Programs

The above exploits are all huge problems that antivirus developers have to work around daily. However, they all share one thing in common: they exploit weaknesses in the virus definition model.

Right now, an antivirus program can’t tell what’s a virus and what isn’t by just watching it. It needs a definition given to it to identify what’s bad and what’s not. However, advances in machine learning and AI will change that in the future.

Related: These Antivirus Tools Are Using AI to Protect Your System

Eventually, we may have antivirus systems that don’t wholly depend on virus definitions. Sure, it may still use them as a quick and convenient way to identify a virus in the wild, but it would also be equipped with AI that can look at a file or program and identify that it’s a virus based on what it’s trying to do.

Smart Malware Requires Smarter Users

While threats such as zero-day attacks and obfuscation sound terrifying, they're not internet-breaking by any means. The best way to avoid antivirus-dodging malware is to ensure it never gets onto your PC in the first place, so be sure to stay vigilant and don't fall prey to the huge number of threats on the internet.

AI-based cybersecurity is a really interesting topic, and it's well worth exploring if you have a passion for how an antivirus works. Who knows; perhaps one day the humble virus definition will make way for an intelligent system that can catch a virus purely on what it's doing, and not how it's coded.