Without looking, can you remember what anti-virus software you’re running? You are running anti-virus, right?

I ask, because it’s important to know. Simply having anti-virus is fundamental, but knowing what you’re actually using on a given system serves a necessary purpose. If you don’t know what anti-virus you’re system is running, how will you know if it’s a fake one that’s giving you prompts?


Known as rogue anti-virus, rogue software, or scareware, this little piece of malware was almost ubiquitous in the late 00’s. Going under a staggeringly vast variety of monikers, such as ANTIVIRUS PC 2009, Antivirus Live, or Alpha Antivirus, they presented the fairly convincing façade of a legitimate anti-virus program. There’s often an impressive amount of graphic design concept applied to the fake software, frequently based off the user interface of legitimate programs that were popular at the time, such as AVG, Avast!, Microsoft Security Essentials, and Spybot. Rounding out the illusion, they often simulated a working scanner when you interacted with them; filling a progress bar before presenting you a list of “infections.”

None of these infections are real, obviously, since by running the scan, you’re interacting directly with a symptom of the infection itself. Depending on the sophistication of the rogue software, it’ll either display a bunch of temp files or benign registry errors, and other times it’ll just give a list of made up files and detections. It’s automated social engineering to trick you into trusting it. Regardless, its falsehood is undetectable to the undiscerning eye.

There were a lot of variations as well, and over the years, they became more and more aggressive and difficult to remove, often serving as the mere visible symptom of a more insidious infection. Frequently, they’d come packaged with trojans, rootkits, additional unwanted programs, or, most vexingly, bootkit infections. These would do things ranging from disabling the system’s legitimate anti-virus to forcing the system to reinstall the infection after every reboot. Few of them remain surface infections, instead digging their roots deep into the system files and making it a pain to get rid of them.


So what is the point? Well, after you run the fake scan and are assured that your computer is jammed to the rafters with viruses, it will tell you that you need to upgrade to the pro version to remove all those infections. You’re then asked to enter your credit card information and, well, I’m sure you can see where this is going. If you do pay up for the pro version, nothing happens aside from your bank account becoming lighter. The program isn’t designed to clean your system or even remove itself once payment is received. You’re just left with an infected machine and a sense of betrayal.

A variation of this infection is rogue tune-up software, and the game remains essentially the same. While you can wind up with this particular brand of scareware through a virus infection, it’s also sometimes legitimately installed by clicking through an online advertisement. The software itself often lets you run a “scan” for free, but then asks you to pay up before it will do any actualy clean-up.

The difference between this and rogue anti-virus is that these software suites often perform a few actual clean-up tasks, but nothing that isn’t already built into Windows or available through more reputable free software like CCleaner. That very difference gives this dubious software a claim to legitimacy to the point that some retailers actually carry them in store, displaying them on clipstrips and other impulse buy hotspots. On other occasions, they’re included within the installer for a less sketchy software, like Flash or Java, or pre-installed by some hardware vendors. Regardless of their origin, they’re sometimes benign, but always a pointless waste of money and system resources.


The heyday of rogue software was way back in the later 2000’s, early 10’s. Most mention of the tactic dries up around 2011 following a series of lawsuits. Wrangling particularly tenacious variations of the virus tactic was once a frequent problem, but their prevalence has dropped off in favour of the more damaging and profitable ransomware viruses. That said, they’re still out there, and it’s important to know how to recognize the fakes from the real ones. The best way to tell? Look at what anti-virus you have running and remember it. Then, if you get a notification from PC ANTI-SPYWARE 2017, you’ll know it can’t be trusted. When that happens, it’s time to disinfect.