The Anti-virus Times

Tuesday, July 4, 2017

…if I use the trial version and it expires, will the anti-virus continue to protect
my computer, or will it stop working? I mean, will I have to buy a new license right
away or can I use the outdated database until I make a purchase?

A support request in June 2017

The Anti-virus Times issue about how Dr.Web behaves after a license expires triggered a heated discussion (we thank all our readers who expressed their opinion). Many people genuinely didn't understand why an anti-virus shouldn’t work after a license expires.

Technically it is possible. Moreover, some users ask for distributions of earlier versions because they think “they work faster”. And if our programs go on working forever for users who’ve purchased at least one license in the past, those users will only be glad. At the same time, many know from first-hand experience that organisations can have financial woes that end up leaving their computers with no protection at all. These entities may be willing to purchase an anti-virus but only when sufficient funds become available.

The first problem is that users forget about their anti-virus once it’s been installed. Often in companies and organisations, there’s a “set it and forget it” mindset. When this happens, nobody controls the operation of the anti-virus; it displays no messages so as not to irritate users, and no one reads the emails that land in the system administrator inbox. And if a company has just hired a new administrator…

Our experience shows that even large organisations may fail to renew their anti-virus licenses for years. "It's a good thing you’re here. Your anti-virus is displaying some messages". No wonder! The license expired a year ago; forget the fact that the installed version is so outdated that no anti-virus databases are available for it.

And there are those who don't want to pay to renew their licenses. They believe the myth that their anti-virus and its current databases can protect their machines. Yet again our experience shows that the vast majority of users and administrators think that new malicious programs do not appear very often. Dozens or perhaps (well, are you serious?) hundreds per month. Few people are aware of the fact that samples appear in the millions. Ну, может считанные сотни. Virtually nobody knows that encryption ransomware alone accounts for about 20 new database entries per day.

And if, as people think, new malicious programs don’t appear very often, it’s logical to believe that an anti-virus can operate long term with its old databases. It’s like in the 90s when it was common for updates to be released every two weeks.

But things haven’t been like that for a long time. As a matter of fact, a Trojan's lifespan hardly exceeds several minutes. When a new day begins, yesterday's threats are often already irrelevant. They constitute the dead weight in an anti-virus database, and getting rid of it can be extremely difficult.

Yesterday's anti-virus will protect a computer against new threats, too, but the probability for success will be 50%-70%. Will you be happy if just one of the two Trojans you got in an email doesn't start? And whom will you blame? A well-configured anti-virus surely provides better security, but how many people bother to change the firewall and preventive protection settings?

Having covered the technical aspects, let's now consider the mercantile side of the matter. Why do other applications continue to operate after their licenses have expired, but an anti-virus doesn't?

Other programs operate with files, and their updates are unlikely to cause any serious damage to the system. Meanwhile, an anti-virus operates alongside system drives, and after it receives updates, can easily render half the OS non-operational. That's why the cost per hour of anti-virus testing can't be compared to what the cost is for other applications. In the case of an anti-virus, it's not just about upgrading some knowledge base—an anti-virus interacts with a huge number of programs and mustn't conflict with any of them.

Unlike other software developers that use standard well-established routines, anti-virus companies have to maintain a huge infrastructure in order to obtain new malware samples.

We always say honestly: every update costs a lot of money. Every single one of them. We can't take a break so that the whole company can join a celebration or go on holiday. We work 24/7/365.