Malware, put simply, is the “junk” that gets on your computer that slows down your work, interferes with your computer’s operations, and may threaten your computer’s security.  At best, malware is a nuisance, but at worst, malware can be a major problem that can completely prevent you from using your computer in a safe manner.  Malware is a general term for all forms of malicious software, and it includes viruses, spyware, adware, etc.

The number one way of getting infected with malware is through the Internet, primarily through web browsing.  The conventional wisdom used to be that malware could only infect your computer if you are visiting unscrupulous websites.  But today, even the most well-intentioned web users can become victims.  When designers of malware create pop-up messages that often look and act like genuine Windows warnings, it’s easy to understand how people who are trying to be safe are sometimes at the most risk.

Many users can often recognize the warning signs of malware and can stop the installation before it even begins.  But it’s a hard skill to teach.  How do we spot malware before we become infected?  Here are a few strategies:

  • Avoid using file sharing sites like Kazaa or Limewire.  You never know who you’re getting your files from, and it’s very risky.  Kids often use these sites to share music, but risks never outweigh the benefits.  [1]
  • One of the oldest pieces of advice is to beware of email attachments.  Definitely leave the attachment unopened if you don’t know the sender, but you should still be wary if you know the sender and still find the email suspicious.  Malware can automatically send out emails to everyone in a user’s address book, and it can often happen without the person’s knowledge.  [2]  So what makes an email suspicious?   The following are warning signs: many recipients, no use of names (such as “Dear Sam” or “-Jill”), generic messages (such as “I can’t believe how much this helped me!  You should try it!” or “Wow OMG, this is too funny!”), email attachments that have generic names (such as “funnyvid.mov”), attachments that end with the extensions .exe or .swf.
  • The same advice about suspicious attachments goes for emails that have suspicious links:  “My home video! LOL  http://www.someunfamiliarwebsite.com/abcdefg/wxyz.php”
  • Facebook is a structured site, so I’m safe when I get a Facebook message, right?  Wrong.  Use the same logic when looking at links that a friend sends you on Facebook.  [5]  Accounts can be easily hacked, and when people log in from a public computer (at a library, computer lab, etc.) and forget to log off, they’re just ASKING for someone to steal their account.  Think of it as e-identity theft.
  • If you get a pop up window while browsing the internet, NEVER click a “close” button that the designer puts within the window.  Instead, click on the red X (Windows users) or red dot (Mac users) to close the window.  [3]  A designer of malware might put in a link or button that says “No thanks” or “Close”, but clicking these will often do the complete opposite.  There’s nothing that forces designers to be accurate in the descriptions of the links or buttons.
  • If a window pops up and alerts you that your computer is infected, be very, very suspicious.  Here are some things to look for:
    • Is it telling you to download and install a particular program?  If so, skip it!  If this was legitimate and your INSTALLED protection software was alerting you, why would it tell you to install something else?
    • Is it telling you to hurry up and decide before the infection gets worse?  If so, skip it!  Your infection happens instantly – waiting longer USUALLY won’t make matters worse, although rebooting the computer can make things worse, sometimes.  But the wisest course of action is to stop and think BEFORE clicking.  The designers are preying on your fears and are hoping that they can trick you by rushing you into hasty actions.  If you’re really worried that your infection is getting worse, disconnect yourself from your network connection by turning off your WiFi (different for each computer) or by unplugging your ethernet cable if you’re connected through a wire.
    • Is it using unprofessional writing styles, such as “Danger!!!” or “Quick!  Protect your computer!”  When’s the last time you saw Microsoft use three exclamation marks in a row?  Can you imagine Steve Jobs approving software that sounds more like something Robin would shout to Batman?  If the writing style is dramatic, skip it!
    • Are there grammar mistakes or spelling errors?  If so, skip it.  Legitimate software is well proofread.  Malware often is not.
  • Avoid downloading free software.  It’s often too good to be true.  The software itself may be free and maybe even is legitimate, but it often comes with copious amounts of malware.  [4]  Some common instances of this are free screen savers, games, Internet speed boosters, etc.  There are some very legitimate free software titles out there, however, so…
  • Do your research before downloading something.  Interested in trying out a software program called “Shop Assist”?  Sure, it seems good.  But a quick Google search might reveal that it is, in fact, a bundle of adware products and is far more trouble than it’s worth.  You can often figure this out just from looking at the list of search results, even without clicking any of them!  Be smart!
  • A link to, say, www.google.com looks safe, right?  Perhaps not.  If you hover your mouse over it, the bottom of your web browser will normally tell you where it is pointing.  It’s normal for there to be some differences (perhaps pointing you toward a specific portion of a given site), but it shouldn’t be something completely different!  Here’s an example.  Hover your mouse over this link to Google:  http://www.google.com Do you see that it would actually send you to Amazon.com?  Unscrupulous individuals will often to the same thing to get to you go over to their site.
  • Many websites have ad bars across the top or down the side.  They may offer you free goods like iPods, or maybe they’ll look like a survey (“Who’s better?  Justin Bieber or Taylor Swift?”).  Suffice it to say, there’s no company that’s going to give you a free iPod just for clicking their ad, and, well, you can proclaim your love for Justin Bieber on your own Facebook account.
  • The term “surfing the web” seems to imply a certain amount of speed – like you need to keep moving or else you’ll lose your (proverbial) wave.  What’s the rush?  Indiscriminate clicking will get you into trouble.  Slow down and read what you’re clicking on. [9]
  • Those search assist toolbars that you can add to your web browser are generally not any better than using the integrated search that comes with web broswer software.  These add-on toolbars bring a lot of extra junk that you don’t want.  [6]  It may not technically be malware (though it often is), but it’s still going to slow down your computer.  The same goes for pop-up blockers, coupon websites, etc.
  • Ensure that your operating system (Windows, OS X, etc.) is kept up to date with the latest patches.  The same goes for your web browser.  There are always security vulnerabilities, and downloading the newest updates and patches closes up the vulnerabilities that can be used to attack your system.  [8]
  • Keep your protection software up to date.  When a piece of malware is first released, it’s the most dangerous in the first few days, before anti-malware programs develop ways to block it.  Once the developers of your protection software release an update to block that particular piece of malware, you’re safe, but ONLY if you actually download that update.  Updates often come daily, and it’s absolutely in your best interest to stay current.  If your subscription runs out, pony up and pay to renew.  You’ll be glad you did.
  • When it comes to protection software, more is not better.  Just as two outfielders running to catch a fly ball can collide and miss the ball, two of the same kind of protection software can interfere with one another.  Pick one protection suite and stick with it.

I’m primarily a Mac user, and I haven’t had a need (so far) to install protection software.  (It’s an ongoing debate [7], and I have a feeling I’ll end up with some sort of protection software in the next year.)  But there are two software titles I can enthusiastically recommend for Windows computers.

  • Nod32 – This is an excellent anti-malware program that will protect your system.  What I particularly like about Nod32 – far more than the more popular anti-malware programs by Norton or McAfee – is that it’s a lean program.  It stays out of your way and doesn’t hog your system resources while doing its job.  It’s not in your face, and it’s simple to use.  Plus, it’s a bit cheaper than the big name programs.
  • Malware Bytes’ Anti-Malware – The free version of this software is different than your normal protection software.  Normal protection software always runs and is focused on blocking malware from getting onto your system.  But the free MW Bytes’ Anti-Malware Malicious Software Removal Tool is great for surgically removing the malware when it does make it through.  Malware on your computer isn’t typically located in one place in one file.  Rather, it’s spread out all over your system, which is one reason why it’s so hard to remove.  MW Bytes does just that, however, and it does it well.  This does not fall under my earlier warning about avoiding redundant protection software – it’s ok to leave MW Bytes installed.  Just remember, the free version won’t PROTECT your computer, it just cleans off infections (assuming it’s kept up to date or that you’ve updated it before running it.)

Further Reading

I found this article by Warren W. Fisher to be very comprehensive, easy to read, and accurate.

FOOTNOTES
1.  http://ezinearticles.com/?How-to-Avoid-Malware-on-Your-Computer&id=466044
2.  http://ezinearticles.com/?How-to-Avoid-Malware-on-Your-Computer&id=466044
5.  http://www.readwriteweb.com/archives/how_to_avoid_malware_on_facebook_and_twitter_8_best_practices.php
3.  http://ezinearticles.com/?How-to-Avoid-Malware-on-Your-Computer&id=466044
4.  http://ezinearticles.com/?How-to-Avoid-Malware-on-Your-Computer&id=466044
9.  http://www.totalcarecc.com/2009/08/12/4-keys-to-avoiding-malware/
6.  http://www.baylor.edu/its/index.php?id=40638
8.  http://blogs.swarthmore.edu/its/2010/01/13/tips-for-avoiding-malware-infections/
7.  http://www.thexlab.com/faqs/malspyware.html