How can I avoid malware?

Updated:July 2016

The internet is increasingly becoming a battleground in which malware, spyware and computer viruses are the weapons. With some planning and understanding, you can make sure you're not compromised.

Malware (sometimes called spyware) can disrupt your computer, gather sensitive information and gain access to private data. Some malware can activate a device’s hardware, such as cameras and microphones, and send recordings to the attacker.  This page is aimed at helping you keep your devices clean and safe.

GET STARTED:

 

Avoid infecting your computer or mobile by being cautious

People most frequently infect their own computers in one of two ways - downloading and opening disguised file from the internet or from an email message; or clicking on links which will secretly open malware without their knowledge. The short answer here: BE CAREFUL WHAT YOU CLICK! In practice, that's not always as easy as it sounds, though.

Make sure that your computer and mobile has good firewall and anti-virus software. Windows and Mac operating systems both come with firewalls and anti-virus software built in (these must be enabled), but third party software can sometimes work better. These aren’t fool-proof measures. Not all computer viruses have been identified, and more are being created all the time.

Some options include Kasperksy, SophosAvast!, or AVG. These can help common, already identified malware, but also be aware that new kinds are always being developed. Keep them up to date, but be wary.

How can I avoid malware?Some programs only run when the smart phone has been "Jail broken"  or when a computer has been “rooted.” This allows a user to install software not officially endorsed by platform developers. This should be done with extreme caution. If you don't know what you're doing here, it's best to avoid it.

For a malware-resistant mobile, consider using a basic phone that doesn't include smartphone features. This will limit (but not eliminate) many potential problems. Additionally, if you think there is a chance that your computer may be infected, do not synchronise it with your phone or other devices.
 


Various attack methods and how to deal with them

PHISHING (OR "SPEAR PHISHING")  In this one, someone targets you with links, either in an email, or through social media or via an internet chat session, such as on Skype. They're hoping you'll click on it while they chat with you. It could look like a photo or document or video file, and may even open as one, but it's also installing software that turns your machine over to the hacker. Sometimes this happens when a hacker has stolen an account of someone you actually know, and is using that profile to talk with you over the internet. You can find out more about these kinds of attacks in our social engineering resource.

How to counter it: If you've never met this person offline, you don't really know them online.
 
  • Avoid clicking a link or downloading an attached file sent by someone you don’t know or trust.
  • If you think you should be getting the file, but are not sure that the one you're being offered is legitimate, You can right-click on it and select to save it without opening it. Do this with caution to avoid opening it by mistake! This will store the file but not activate any of the contents. You can then check it out more carefully. Services like VirusTotal, ScanThis or MetaScan can help, but these will only identify already known viruses or malware, so still be cautious.
  • Instead of clicking the link, highlight it and copy it. Check it on a service like ScanURL.net or McAfee's Trusted Source. Use URLchecker to scan multiple website addresses at once.
  • You might receive a link that's been shortened using bit.ly or another service. These will hide the true destination of a link. You can check these safely using unFurlr.
  • Avoid "friending" people you don't know on sites like Facebook, LinkedIn and others, or adding them to your contacts in Skype or other services. Make sure your privacy settings keep people you don't know from seeing whether your online or not. Most phishing attempts are started because a hacker sees an opportunity.
  • Be wary of people you don't recognise who claim to have met you. Don't be afraid to simply say "I don't remember you."
  • When you're offered a link or a download without warning by someone you know, take a couple of minutes to read the message they sent and see if it looks like something they'd say. If you're suspicious, ask them about some details that someone trying to impersonate them wouldn't know. Call their phone or start an online video call, or just wait to talk with them in person before continuing the conversation.
FAKE DOMAINS  These are malicious websites created to look like authentic ones. You may think your visiting the real website, but really a hacker has copied its content, design and files and created a realistic URL for it. Clicking on links here will install malware on your computer, access information on your computer or try to trick you with contact forms or pop-up questions into giving away personal information that can be used against you.

How to counter it: Before you start entering information, logging in or clicking on links, make sure you're on the right website and using a secure connection.
 
  • Take some time to look at the link. Does the website address look suspicious? Is the URL long or using unusual characters. Have you ever heard of the site before, and if so, does this URL look like the right one? Could you use a search engine to find the site without using the address? When the search results show up, do they match what you've been sent?
  • https-ssl.pngOnly trust sites using HTTPS connections when entering your data or verifying a website's authenticity. A site with HTTPS is offering you two things:  encryption between your device and the site, and a certificate of verified site ownership that a hacker won't be able to fake. Using HTTPS Everywhere or ForceTLS can help ensure you're establishing a secure connection whenever the option is available.
  • Use Google's Safe Site report and see if the site's been flagged for malware or attacks. Or, scan the site using Web Inspector before visiting it.
  • Check how long the website's address has existed with a "whois" search. Check the date the domain was created on and see if it's more recent than it should be. You can also find other useful information here that should show if it's a legitimate website or not.

FAKE SOFTWARE  When you're looking for a program online, you'll often get a lot of different search results. You may click on a site that contains all the right looking information and includes a download button, but when you click it, the program you get is doing more than you expected. Sometimes pages offering legitimate looking software are published on otherwise trustworthy filesharing or download websites. The software may even be doing what it claims, but could also be installing access to your computer to others while it's doing that.

How to counter it: Whenever downloading new software, research and skepticism are the most helpful tactics available.
 
  • Never let your browser automatically open a file when downloading it. Often times you can right-click to select the file and save only. This is helpful for inspecting it later.
  • Check the size of the file being downloaded. Does it seem too big or small for what it's claiming to do?
  • Does the file name and extension match what you'd expect? Software for Windows, Mac and other operating systems need certain file extensions to install. Make sure this is like one of those. Compare it to other official software installation files you may have.
  • Does the file come from an official source? If it doesn't you should be very cautious about opening it or using it. Sometimes pirated software can include malware inside it. Other times it's not the software at all but something malicious.
  • Can you find warnings about this file by entering its name in a search engine? Type the exact filename into Google or other search engines and see if warnings pop up. Most likely you're not the first person to download it.
  • Generally avoid unofficial downloads promising to be updates to operating systems, patches, printer drivers, etc. Check your computer's settings to make sure it's only using official libraries.
MAN-IN-THE-MIDDLE (MitM)  In this situation, you've connected to the internet through what you think is a public WiFi hotspot, at a local coffee shop for example. In fact, someone sitting nearby has configured a wireless router to also act like an open internet connection, and has given it a name that sounds legitimate. When you connect to it, the person on the other end can capture all the data you send through, or divert your web surfing to fake sites that could install malware onto your computer or send your computer instructions to download files you didn't know you were getting.

How to counter it: Be careful about what networks you connect to and take a look at them before logging on. Many of the same precautions you'd use when visiting unknown websites apply here, since one of the ways a MitM works is by tricking you into visiting dangerous sites.
 
  • Don't let your computer or mobile automatically connect to wireless networks. You should do this manually so you can see the name of the network and possibly click on its properties to find out more information about it before connecting.
  • Make sure you're on the network you meant to be on. Ask for the network name and other information, and compare this to the one you're going to connect to. If it's an open network, or one in which everyone is using a common password, you should be cautious about using personal accounts.
  • If you're subjected to a Man in the Middle Attack, the hacker could try to trick you by faking a website you wanted to visit, or diverting you to a site that looks legitimate. In this situation, see the advice above.about fake domains.
  • You could also simply decide never connect to open WiFi routers directly. Use your own internet connection that has strong password protection.
PHYSICAL ACCESS — You may think this is the easiest one to counter, but take a minute to think about all the time in your day that you're away from your computer. It could be in the next room while you're using the toilet. It could be sitting on your hotel room while you go downstairs to grab some lunch. Security personnel may take it aside "for inspection" when you land at an airport or cross a border. You may have bought it used, or someone else could have borrowed it. This list goes on and on. The point is, yes there are times when you can't actually see what's happening with your machine. During these periods, an attacker could possibly install either software or hardware that will capture your activity without you knowing about it.

How to counter it: You should keep your computer in a secure location, or with you when traveling or working on an assignment.
 
  • Don't let your device out of your sight as much as possible. If you travel a lot with it, consider how you'll comfortably keep it with you.
  • Password protect it and make sure every time you open it, you need to log in. If it's confiscated and someone forces you to log in, you'll at least be aware that the computer has been accessed.
  • Enable hard drive encryption and power your computer off completely when not using it.
  • Use a bit of permanent marker ink, glue, paint or glitter nail polish on the screws at the base of the laptop. and possibly cover your ports with an old sticker when traveling. If you see these have been tampered with, it's a clue the hardware has been accessed.

Special thanks to Josh Cockroft and mobile security researcher Bernard Tyers for contributing to this page. Image credit: Aaron Muszalski. The video at top was created for the Journalists Survival guide.

Do you have an malware attack method that we haven't included here? Let us know through our feedback form!
Created: July 2013

Help us be a better resource!

Give us feedback about this page. What was helpful here, or what could be included to make it more useful?

Create a comment
Create a Comment
  • Security code
News letter sign up