How Do I Protect Myself Against Malware?
Last Reviewed: June 21, 2024
Malware , short for “malicious software ,” is software that is used to harm computer users. It has a wide-range of capabilities that include:
- disrupting computer operation
- gathering sensitive information
- spying on the owner of the infected device
- impersonating a user to send spam or fake messages
- gaining access to private computer systems
- encrypt the contents of a computer and hold that data for ransom (ransomware)
The majority of malware is criminal and is often used to make money; either by obtaining financial or identity information, ransoming private data, or gathering login credentials for email or social media accounts. Governments, law enforcement agencies, and even private citizens use malware to circumvent encryption and to spy on users. With malware, an adversary can: record from a webcam and microphone; disable the notification setting for certain antivirus programs; record keystrokes; copy emails and other documents; steal passwords, and more.
How Can an Adversary Use Malware to Target Me? anchor link
The best way to deal with a malware attack is to avoid getting infected in the first place. But that might be difficult if your adversary has access to zero day exploits—attacks that exploit a previously-unknown vulnerability in a computer application. If you think of your computer as a fortress, a zero day would be a hidden secret entrance that you don’t know about, but which your adversary discovered. You cannot protect yourself against a secret entrance you don’t know exists.
Governments and law enforcement agencies stockpile zero day exploits for use in targeted malware attacks. Criminals and other actors may also have access to zero day exploits that they could use to covertly install malware on your computer. But zero day exploits are expensive to buy and costly to reuse (once you use the secret entrance to break into the fortress, it increases the chances that other people may find it). It is much more common for an attacker to trick you into installing the malware yourself.
There are many ways in which an attacker might try to trick you into installing malware on your computer. They may disguise the payload as a link to a website, a document, PDF, or even a program designed to help secure your computer. You may be targeted via email (which may look as if it’s coming from someone you know), through a message on WhatsApp or Slack, or even via a link posted to your Facebook page. The more targeted the attack, the more care the attacker will take in making it tempting for you to download the malware.
For example, hackers targeted Jeff Bezos with a malicious video file in a WhatsApp message which gave them access to large amounts of data on the phone. A journalist for The New York Times was targeted with a hyperlink attempting to install Pegasus spyware, as were activists and members of European Parliament. Journalists, political opposition figures, and an NGO worker were targeted with a zero-click exploit that used an invisible iCloud calendar invitation to install spyware.
So How Do I Protect Myself Against Malware? anchor link
Use Antivirus Software anchor link
Antivirus software can be effective at combating basic, “non-targeted" malware that might be used by criminals against hundreds, or even thousands, of targets. However, antivirus software is usually ineffective against targeted attacks, such as the ones used by the Chinese government hackers to compromise the New York Times. EFF recommends using antivirus software on your computer, though we cannot recommend any particular antivirus products as being superior to others.
Be Wary of Suspicious Attachments anchor link
The best way to avoid being infected with targeted malware is to avoid opening suspicious documents and installing the malware in the first place. But well-targeted attacks can be very convincing, even for people trained to spot it.
If you are using Gmail, open suspicious attachments in Google Drive rather than downloading them—this may protect your computer from infection. Using a less common operating system , like Ubuntu or ChromeOS, significantly improves your odds against many malware delivery tricks, but will not protect against the most sophisticated adversaries. For more information, check out our guide on avoiding phishing attacks.
Run Software Updates anchor link
Another thing you can do to protect against malware is to make sure you are running the latest version of your software and downloading the latest security patches.
As new vulnerabilities are discovered in software, companies can fix those problems and offer that fix as a software update, but you will not reap the benefits of their work unless you install the update on your computer. It is a common belief that if you are running an unregistered copy of Windows, you cannot or should not accept security updates. This is not true.
Note Indicators of Compromise anchor link
Sometimes antivirus software won’t detect malware on your device, especially if the malware is new or unknown to antivirus authors. If this is the case you may still be able to find indicators of compromise . Indicators of compromise are signs or clues that your computer has been infected with malware. For example, you might notice the light near your webcam is on, even though you did not activate it yourself (though advanced malware may be able to turn your webcam light off). Another example: Facebook, Apple, Microsoft, and Google will sometimes warn users if they believe your account has been targeted by state-sponsored attackers.
Other indicators are less obvious. For example, you may notice your email is being accessed from an unfamiliar IP address or that your settings have been altered to send copies of all of your email to an unfamiliar email address. If you have the ability to monitor your network traffic, the timing and volume of that traffic might indicate a compromise. Another example: you might notice your computer connecting to a known “command and control” server—the type of computers that send commands to machines infected with malware or which receive data from infected machines.
What Should I Do If I Find Malware on My Computer? anchor link
If you find malware on your computer, turn off your Wi-Fi and stop using your computer immediately.
Every keystroke you make may be being sent to an attacker. You may wish to take your computer to a security expert, who may be able to discover more details about the malware. If you’ve found the malware, removing it does not guarantee the security of your computer. Some malware gives the attacker the ability to execute arbitrary code on the infected computer—and there is no guarantee that the attacker has not installed additional malicious software while in control of your machine.
Log into a computer you believe is safe and change your passwords. Do so for every password you may have typed on your computer while it was compromised.
You may wish to reinstall the operating system on your computer in order to remove the malware. This will remove most malware, but some especially sophisticated malware may persist. If you have some idea of when your computer was infected, you may reinstall files from before that date. Reinstalling files from after the date of infection may re-infect your computer.
Malware is not limited to just computers. Head over to our guide on mobile phone malware to learn how it can infect Android and iOS devices.