How to Avoid Malware Online

Malware (malicious software) is the collective term used for software that is designed with the intention of slowing down, appropriating or crippling a device or a network. Malware can also be tailored to covertly record information regarding your online activities and relay that information to its designers. This is illegal and usually done with the intention of offering the information as a cheap alternative to legitimate market research. It is also commonly used to steal private and banking information for the purposes of identity and currency theft.

Malware comes in many shapes and sizes, all of which are undesirable and should be avoided wherever possible. Unfortunately this can be a tricky process, as knowing when and where Malware will strike is difficult and can be confusing to many users. Of course, Malware can always be removed after it has been installed, but as with most things of this nature prevention is better than cure.

Regarding the prevention process there tends to be 2 prevailing but dichotomously opposed attitudes:

1. Anti-virus software is key. Grab the most powerful anti-virus program you can and you should be safe.
2. Anti-virus software is useless. It slows down your computer needlessly when all that was needed in the first place was a little common sense and caution on behalf of the user.

Of course, as with most areas of fierce debate, the answer tends to lie somewhere between the two. Anti-virus software can indeed be helpful in protecting you from malware, but it’s important to not rely on it too heavily. Anti-virus software should be viewed as your safety net, or last-line of defence. There are many types of malware than can circumnavigate anti-virus software.

The argument that anti-virus software slows down a computer is also somewhat valid. While modern-day anti-virus programs are much lighter and require less of your system’s attention than older iterations, they can cause increased delays when starting up a computer or installing new software. Due to the lighter nature of today’s anti-virus software these delays are usually quite minimal in comparison to what their opponents claim, but the delays do still exist, nonetheless.

As such we advise merging the two ideologies. While most of the responsibility of avoiding malware can easily rest on the user, it’s still a good idea to be running some form of background protection, however minimal, in order to have a chance of catching anything that slips by.

Common Types of Malware

Virus

Far and away the most well-known form of malware is the computer virus. A virus hides in pre-existing programs, applications or system files and is capable of replicating itself. A virus will usually try to spread itself to other computers once it has infected yours. This can be done over the internet, over a closed-network or by transmitting itself to a data transfer device such as a USB key.

Worm

A worm is similar to a virus in that it can replicate itself, only it does not hide in pre-existing files but instead is a file unto itself. Worms are usually designed to destroy files, hinder networks and generally decrease computer efficiency. Some worms, such as the Blaster Worm from 2003, can actually prevent your computer from fully starting up before it shuts down again.

Trojan

Trojans are possibly the most dangerous form of malware from a social and personal-economic standpoint.

A Trojan will find its way on to your computer using another file as a carrier. It rarely destroys files or affects computer performance. Rather, Trojans are generally intended to record user information, such as passwords or banking details, and relay this information to the developer.

Botnet

A botnet is not a piece of malware unto itself, but rather something that is created by malware. What happens here is that your computer is taken over by a botnet operator and used for their own purposes. This can be anything from increasing computer-power in order to perform brute-force hacks or to unleashing dedicated denial of service attacks on websites. Basically your computer is secretly turned in to an unwilling part of a large hive-mind of similarly enslaved computers, with one puppet-master pulling all the strings.

This is often not a conspicuous process and the puppet-master will go to great lengths to ensure that your computer’s new status as a zombie will not be noticed.

Spyware/Adware

Spyware, surprisingly enough, spies on you. This is generally done with the intention of gathering marketing data so that companies can more accurately advertise to you.

Adware is similar, but actually contains the ads themselves. Adware is often installed on your computer legally, as it can be found in many user licence agreements. Agreeing to a user licence agreement can often mean you have given a company permission to install adware on your computer.

Spyware and Adware can usually be removed with active system scans.

Modern Malware Penetration Techniques

As technology changes and online security systems advance so does malware and the methods that are employed to get it from its developer to your computer. Where once malware was predominantly passed around on USB drives, floppy discs or emails it’s now far more common to see more inconspicuous methods. Many victims of malware actually never realise that they’re a victim until real-world repercussions start rolling in.

One of the more common methods for the transferral of malware is to use a malicious or hacked website as a carrier. These websites will prompt you to download an innocent-looking package such as a video codec or browser plugin that is ‘required’ to view material on the website. Another method is to exploit browser security holes to install malware directly on to your computer without even asking.

However, even prompted-downloads can be difficult to spot. This isn’t because you are somehow tricked in to clicking a download button without your knowledge, rather it is because reliable websites can be hacked and turned in to malware-dispensing tools. Even the BBC has had a couple of its websites turned in to these malware vendors in the past.

Possibly the nastiest way that malware commonly proliferates by pretending to be ‘free’ anti-virus software. An alert will pop up in the user’s browser, warning them that a threat has been detected on their computer and that they have to download this new software now in order to eliminate it. The unwitting victim then dutifully downloads the package, allowing the real malware threat that was actually the download itself instant access to their system. Do not fall for this. Only pre-installed anti-virus programs should ever be installed.

If you get a pop-up from a program that is not already installed on your computer then ignore it and leave the website immediately. Don’t even click the ‘x’ box in the top right or left of the pop-up if you can avoid it, as that might be a cleverly hidden download button. You may also wish to contact the website to warn them that they have been hacked, but doing so may increase your risk and thus is up to you.

Vulnerable Devices

Desktop PCs laptops running Windows are still the most vulnerable devices to malware. Apple Macs have become a larger target in recent years as well, but still get less attention from malware developers than anything running Windows. Android phones have also become a target, due to Android’s open-source nature and a user’s ability to download an app that has not been directly approved of by Google. Anything downloaded through the Google Play store (previously Android Market) should be safe. iPhones and iPads haven’t really had any problems, mostly thanks to Apple’s often strict control over the iOS ecosystem so that nothing that hasn’t passed Apple’s required tests isn’t made available on the App Store.

Staying Safe

The key to staying safe from malware is to be alert. Be careful with small-time or dodgy-looking sites. Smaller websites usually have worse security methods in place and thus can be targeted more easily by malware developers. It’s also less common for maliciously-designed websites to look and act as professionally as a larger one, as malware developers often won’t have the kind of money that’s necessary to create a first-class web experience just to lure in unsuspecting prey. If a website looks bad or unprofessional then you might want to think twice about visiting there, let alone downloading any files.

Most larger sites, especially those that support monetary transactions or store personal information, will use a more secure network. This can often be spotted easily, as the web address will begin with ‘https’ rather than the traditional ‘http’. Modern browsers and anti-virus packages will also often provide some kind of a marker, such as a green box or tick, to indicate that a website has been tested and is now a trusted source.

As far as anti-virus applications for Windows go there are some solid free options such as AVG, Avast, Avira and Microsoft’s Security Essentials. These programs provide a constant passive protection, as well as a more direct approach.

If your computer is acting sluggishly, or you believe you may have some malware, you can activate a scan that checks every file on your system. This is best to do overnight or while you’re out as it usually takes time to complete. Any threats that are detected will be quarantined until you decide what to do with them. The usual course of action is deletion. Scanning will not find every piece of malware out there, but it will detect and eliminate most of them. If you’re using a dedicated anti-adware program for this be careful, anti-adware packages are one of the more common fake ‘security services’ previously mentioned that end up being malware themselves. It’s probably best to use your pre-installed anti-virus software, if you have it.

Currently Mac users tend to not have to really worry about security software, as the prevailing majority of malware is still designed to target Windows machines.

Basically we suggest that you remain alert and only use Anti-Virus software as a backup. The first and best defence against malware is to pay attention to what you’re doing and avoid online threats. Keep your eyes peeled and if you see something suspicious play it safe and just avoid it, rather than hoping your Anti-Virus package will protect you.