PCs came loaded with trial versions of the software that could be purchased for about $40. You bought it without thinking much about it because no rational person would surf the Web without it.
But improvements in the Windows operating system and Apple and Linux's long-standing built-in defenses have some wondering if consumers still need to add an anti-virus program to their computers. The answer differs, depending on who you talk to.
An anti-virus program resides on your computer and monitors your system when it's connected to the Internet. It's supposed to stop viruses from downloading onto your computer and it runs routine scans to search for bugs that may have slipped through.
Plenty did in the early days of the Windows operating system, which was famous for its vulnerabilities. But beginning with the much-maligned Vista operating system, some IT experts say Windows' built-in defenses are adequate to provide protection.
Beginning with Vista, Microsoft added something called User Account Control (UAC), which remains alert to suspicious changes in your system and will temporarily stop running programs when it detects malware is involved.
But its not foolproof. We recently discovered a dangerous Trojan on one of our laptops running Vista. We found it running a scan with Webroot Anti-Virus. Yes, it slipped past Vista's defenses, but the anti-virus program also failed to block it from downloading. However, we probably would not have found it without the anti-virus scan.
Other Windows tools include Defender and Firewall, both of which are designed to increase the security of your computer and the integrity of your Internet connection, and both are part of Vista and Windows 7.
The debate over the effectiveness of stand-alone anti-virus programs heated up over the summer with the publication of a report by NSS Labs, an independent testing firm that analyzed 10 off-the-shelf anti-virus programs. The researchers tested the programs' effectiveness at detecting 123 common computer exploits software designed to exploit vulnerabilities in the system.
In many cases, the exploits were old versions. Hackers normally modify and improve them once security companies start producing patches for them. None of the exploits in the test employed advanced anti-detection features that are common today.
In other words, the test used computer exploits that weren't very sophisticated. In that light, the results were a bit disappointing.
The 10 programs had a combined average detection rate of 76 percent, meaning 24 percent of the exploits escaped detection. Only three of the 10 anti-virus programs had a 100 percent detection rate.
When youre talking about exploits that have been published on a government funded web site for months on end, theres really no good excuse as to why youre not covering that, said NNS President Rick Moy. Since there are far fewer exploits than malware, it is imperative that attacks be defeated in the earliest possible stage.
But plenty of computer security experts say running a stand-alone anti-virus program makes sense. They point to tests performed by Webroot's Threat Research team that discovered Windows Defender failed to block 84 percent of a testing sample-set that included 15 of the most common variations of existing spyware and malware.
The threat level is only going to increase in the years ahead, they say, and buying extra protection for $40 a year just makes sense. It might, but the debate is likely to continue.
New threats for Mac and Linux
Even Macintosh and Linux users may need protection eventually. A 2007 study found that out of 236,000 known malware programs, only seven of them targeted the Mac operating system. Three years later, there are a lot more, due in part, perhaps, to Mac's recent sales successes. There are more tempting targets out there, and every hacker loves a challenge.
For that same reason Linux systems could soon become more vulnerable as well. Hackers haven't bothered in the past because Linux users tended to be more computer savvy and there weren't that many of them. There still aren't many Linux viruses, but experts say that could change as the operating system gets wider use.
Linux-based systems, however, tend to have a much higher level of built-in security, as most Web servers run on Linux.
As for anti-virus software makers, they aren't going out of business anytime soon. They are setting their sights set on the burgeoning field of smartphones, designing software to protect mobile systems from the growing number of threats. These products, however, are not likely to be something consumers will buy for their individual phones, but provided to cellular carriers to block threats at the main gateway.
See what our readers have to say about popular anti-virus programs.