Real Antivirus Software vs Rogue Security Software
How to tell a legitimate antivirus installation from rogue security software that pretends to protect your device while charging for fake virus removal.
Last reviewed: 1 June 2026
Real security software is unremarkable to live with. It updates in the background, occasionally reports something it has quarantined, and mostly you forget it is there. Rogue security software is designed to feel like the opposite, and that difference is the tell. It usually arrives without you choosing it, bundled with another download or triggered by a page that fills the screen with warnings, then presents a scan that finds an alarming number of critical infections on a machine that may be only days old. The panic is manufactured in order to sell a licence to remove problems that were never there. It convinces people because infections are genuinely real and almost nobody can judge a threat name. The distinction that matters most is who decided to install it.
Side-by-side comparison
| Legitimate antivirus software | Rogue security software (scareware) | |
|---|---|---|
| Installation source | Downloaded from the official developer website or a major app store | Installed automatically after visiting a website, clicking a popup, or from a bundled installer |
| Scan results | Reports genuine threats accurately; no infection found on a clean system | Always finds dozens of 'critical' threats, even on a brand-new machine just set up |
| Free vs paid scope | Free version provides real detection; paid version adds features such as real-time protection | Free scan is only cosmetic; 'removal' requires immediate purchase of a licence to fix invented threats |
| Developer reputation | Named developer with a verifiable company, years of independent lab testing results, and press coverage | Unknown developer; company website created recently; no independent lab test results |
| System impact | Runs in the background quietly; does not open full-screen windows or play alarms | Generates persistent popups, alarms, and full-screen warnings to create urgency |
| Uninstallation | Can be uninstalled through standard Add / Remove Programs without difficulty | Difficult or impossible to uninstall normally; may reinstall itself or resist removal |
Common red flags
- Software installed without your deliberate action
- Scan on a clean or new machine returns dozens of critical threats
- Removal requires immediate payment to unlock the full version
- Persistent popups and alarm sounds when the software runs
- Developer name is unknown and cannot be found in independent security reviews
Verification steps
- Check the developer name against independent security-software review sites and AV-TEST or AV-Comparatives
- Search the product name plus 'rogue' or 'scam' to see if security researchers have flagged it
- Run a scan with a second, well-known antivirus to cross-check results
- If installed without consent, use a reputable malware-removal tool from a verified source
What not to do
- Do not pay for any security software that installed itself without your deliberate action
- Do not enter card details on a payment page reached from a software popup
- Do not trust scan results from software you cannot independently verify
A safe response
Do not pay for the removal, and do not ring any number the programme displays. Close the window, and if it will not close, shut the machine down and restart it. Uninstall the programme through Add / Remove Programs, then scan with security software you sourced yourself from the developer own site, downloading it on a different device if the affected one is unusable. Change your email and banking passwords afterwards from a clean device. If you have already paid, contact your card provider to dispute the charge, and if you allowed remote access, treat every password on that machine as exposed and report it to your national fraud reporting service.
Frequently asked questions
A full-screen warning says my computer is infected and gives a support number. Is that real?
No. Genuine security software does not take over your screen and does not ask you to ring anyone, because removing threats is what it does by itself. Warnings like that are usually just a browser window styled to imitate a system alert, and the number connects to someone who will ask for remote access to your machine. Close the browser, or shut down and restart if the window resists, then scan using software you installed yourself.
Can rogue security software steal my data?
Some rogue programmes are purely fee-collection tools; others contain genuine malware that harvests credentials or banking details. Either way, they should be removed immediately.
How do I safely remove rogue security software?
Use a well-known malware-removal tool from a source you trust — downloaded from the developer official website on a different, clean device if possible. Running a Windows Defender scan offline is a good first step on Windows machines.