Real Antivirus Software vs Rogue Security Software
How to tell a legitimate antivirus installation from rogue security software that pretends to protect your device while charging for fake virus removal.
Last reviewed: 1 June 2026
Rogue security software mimics the interface of real antivirus products, reports exaggerated or fabricated infection counts, and charges a 'full version' fee to remove threats it invented. Understanding what genuine security software looks like makes rogue programmes easy to identify.
Side-by-side comparison
| Legitimate antivirus software | Rogue security software (scareware) | |
|---|---|---|
| Installation source | Downloaded from the official developer website or a major app store | Installed automatically after visiting a website, clicking a popup, or from a bundled installer |
| Scan results | Reports genuine threats accurately; no infection found on a clean system | Always finds dozens of 'critical' threats, even on a brand-new machine just set up |
| Free vs paid scope | Free version provides real detection; paid version adds features such as real-time protection | Free scan is only cosmetic; 'removal' requires immediate purchase of a licence to fix invented threats |
| Developer reputation | Named developer with a verifiable company, years of independent lab testing results, and press coverage | Unknown developer; company website created recently; no independent lab test results |
| System impact | Runs in the background quietly; does not open full-screen windows or play alarms | Generates persistent popups, alarms, and full-screen warnings to create urgency |
| Uninstallation | Can be uninstalled through standard Add / Remove Programs without difficulty | Difficult or impossible to uninstall normally; may reinstall itself or resist removal |
Common red flags
- Software installed without your deliberate action
- Scan on a clean or new machine returns dozens of critical threats
- Removal requires immediate payment to unlock the full version
- Persistent popups and alarm sounds when the software runs
- Developer name is unknown and cannot be found in independent security reviews
Verification steps
- Check the developer name against independent security-software review sites and AV-TEST or AV-Comparatives
- Search the product name plus 'rogue' or 'scam' to see if security researchers have flagged it
- Run a scan with a second, well-known antivirus to cross-check results
- If installed without consent, use a reputable malware-removal tool from a verified source
What not to do
- Do not pay for any security software that installed itself without your deliberate action
- Do not enter card details on a payment page reached from a software popup
- Do not trust scan results from software you cannot independently verify
A safe response
Do not purchase the 'upgrade'. Instead, uninstall the programme through Add / Remove Programs, run a scan with a reputable antivirus you sourced yourself, and change any passwords that may have been exposed.
Frequently asked questions
Can rogue security software steal my data?
Some rogue programmes are purely fee-collection tools; others contain genuine malware that harvests credentials or banking details. Either way, they should be removed immediately.
How do I safely remove rogue security software?
Use a well-known malware-removal tool from a source you trust — downloaded from the developer official website on a different, clean device if possible. Running a Windows Defender scan offline is a good first step on Windows machines.