Malware is MALicious softWARE. It's a blanket term that covers a wide range, including viruses, worms, Trojans, spyware, and adware. In general, it's software you don't want on your computer and that may be doing harm.
There is a whole variety of techniques that malware authors use to try to get their software onto your computer. Some comes in emails that try to trick you to click on attachments or links. Some can spread across networks by exploiting security holes. Some comes from "drive-by downloads" in which the malware tries to install itself on the computer of anyone who visits an infected Web site. Some of it pretends to be something useful, so that you will voluntarily install it, but it isn't what you thought it was.
There are a lot of things you can do that help keep you safer. Some of them are longstanding best practices that not everyone follows, while others are newer or more specific. Here are some suggestions.
Be suspicious of unexpected email attachments or links. If it appears to be from a person you know, it could actually be from malware running on their computer, or a hacked email account, that's counting on your trust in that person to get you to open it. If it appears to be from your bank, telling you that your account has been locked and you have to click a link to unlock it, it's a scam that will probably try to get you to divulge your bank card number, PIN, online banking password, and enough other information to allow identity theft.
If you get an unexpected pop-up while browsing, be suspicious. If it tells you that you have an infection or have been caught surfing bad sites or something like that, and offers to fix the problem for you, it's no more legitimate than those Nigerian generals' widows emailing you for assistance in moving millions of dollars out of the country.
So if you get something unexpected, check to make sure it's legitimate before clicking or opening it.
You should have a reputable anti-malware (the successor to anti-virus) program on your computer. None of them are perfect, and each has its strengths and weaknesses, but it's more important that you have one than which one you have. Microsoft, Norton, McAfee, AVG, and Kaspersky are among the reputable names (and there are others). If you haven't heard of it, or are in doubt, search the Web for reviews. And here's one solid rule: if you're surfing and a blinking pop-up appears advertising it, it's bogus.
You also need to keep it up to date. In the old days, that meant manually checking for updates; these days, they all check automatically as long as you have a working Internet connection. But a lot of these programs work on a subscription model: you buy (say) a one-year subscription, and they protect you for a year. If you don't renew, the software's still installed, but it's not downloading new updates, and may even stop working entirely; either way, you're vulnerable. If you're using a program that requires a subscription, ensure your subscription stays current.
On a related note, if you bought a new PC, chances are it included such a program, so you may think you're OK. But most of these are only time-limited free trials, which expire after a few weeks or months unless you pay to renew the subscription.
There are cases of legitimate sites accidentally hosting malware, often due to the malware author tricking an advertising broker into placing their "ads" on real sites. But your chances of getting infected definitely increase if you're on the shady side of the Web, such as porn or illegal download sites. In the real world, you'd either not go into bad parts of town at all, or you'd keep your guard up. Do the same online.
Windows users are all familiar with the big bursts of patches that Microsoft releases at least once a month. Those who use browsers other than Internet Explorer are also familiar with the occasional new versions and updates released by their authors. As annoying as it is to be prompted to update things so frequently, there's a good reason: a lot of these fix known security holes. In many cases, these are security holes that are actively being exploited by the bad guys, and if you fail to stay up to date, you're leaving the door open.
It's not just Windows and your browser, though. Anything else that can open from your browser, either as a separate program or as a browser add-in, can be exploited. Some examples include Acrobat/Adobe Reader, Flash, Word, and Excel; all of these can be and have been exploited, and need to be kept up to date to reduce the risk.
Java is another program that has been a major opening for malware in recent years, to the point where many security authorities are recommending completely uninstalling it, and we sent out a mass email to clients a few months ago about it. Here are some quick tips:
For Java and for Web browsers, there's one potential caveat: not everything is compatible with the latest version. Online banking and trading sites, for instance, often have specific lists of what browsers, browser versions, and (if applicable) Java versions they support, and there could be compatibility issues if you upgrade before they support the new version. If in doubt, check their list of supported software to make sure, and use the latest version they support. If their latest supported version is not the very latest that's available, check back with them from time to time to find out when it's safe to upgrade.
Back to list of newsletters