The Internet has become a critical tool in education and entertainment, as well as communications - business and personal. The Internet is a great tool to share information, but it comes with great risks.
One of the biggest dangers of the Internet is exposure to malicious software (malware for short) that steals your information and damages your computer system.
The basic types of malicious software include the following.
Adware places advertisements, often as pop-ups, on your computer desktop and internet browser windows, usually pertaining to the content found on your computer or the keywords typed in documents and internet browser.
Spyware tracks your internet and computer use with the intention of reporting information back to its author or other party, possibly including programs, keywords, account numbers and passwords.
Viruses are typically destructive, intending to disable your computer or programs. Virus are sometimes tied to other malware. Many viruses automatically spread via e-mail or a network.
Beyond the above listed basic types of malware, malware is also classified by the infection mechanism or payload type.
Dialers are amongst the oldest payloads, originally taking advantage of your modem to redirect traffic or connect to pay services, these malware now take advantage of your broadband or other internet connections to accomplish similar redirects or distributed attacks; not to be confused with a hijack.
Downloader malware often adds itself to your system or browser startup intending to download or update malicious content on your computer without detection by security software.
Hijack software usually takes over your internet browser and forces exposure to content or malicious web-sites.
Keyloggers record your keystrokes as you type, in an effort to steal your usernames and passwords, as well as other sensitive information.
Rootkit infection is loaded before the operating system from within the disk boot sector or along with the operating system files on startup. These are the most difficult to remove and often critically damage a computer's operating system.
Trojans install malicious software on computers, posing to provide some other purpose and commonly create a backdoor into a computer system for other undetected use.
Worm is a self-propagating program that spreads through your computer and other computers across networks and e-mail systems.
Malicious software reaches your computer by many means, sometimes without detection by your security software.
Networks are an easy method of attack for worms. A worm will automatically detect computers on a network and attempt to infect them by taking advantage of security inefficiencies within the target system - particularly operating system design flaws.
infected web-sites are a growing method of malware attack. These sites take advantage of scripting features and security failures within common internet browsers and operating systems. These infection attempts may occur in the background without your knowledge or be a pop-up message in your browser.
Internet File Sharing tools like Ares, Bearshare, bitTorrent, Frostwire, Limewire, mIRC, and many others are peer-to-peer file sharing applications which provide any easy path of intrusion, although the applications themselves are not malicious.
Social Engineering is a method of gaining information through casual communication, but it is also a method of encouraging someone to install malware and bypass security systems by human intervention.
E-mail continues to be a strong technique for spreading malware, particularly worms and spyware. Usually an infected e-mail will have an attachment which the message body tricks the reader to launch or automatically launches the attachment.
You might be thinking that all of that sounds pretty scary and well frankly, it is. Even with today's sophisticated security software, malware still damages computers because that malware is also becoming more sophisticated.
Computer Viruses and other malicious software are not random occurrences. Someone wrote the program to do what the malware does.
The operating system or manufacturer of your computer is not relevant to your risk of malware infection. Whether your computer is running Microsoft Windows, Apple OS, Linux, Android, or any other operating system, you are still susceptible to having malicious software affect your computer.
Just because someone hasn't written a virus for your computer yet, doesn't mean it won't happen.
The best way to protect your computer is to disconnect it from the network, internet and never share removable media with other computers. Of course, this is not realistic. Through some personal behaviors and available technology, you can better protect your computer from these threats.
As security flaws are found, many companies release updates to their product or drivers. Check with the manufacturer of your computer and operating system for service packs and security updates. Keeping your application revisions current helps too, like Document Readers and Internet Browsers.
A full-functioning security suite is your best bet to help protect your computer, but the product you choose is dictated by your budget and your computer. Full suites usually include anti-virus, anti-malware (spyware/adware), e-mail scanning and firewall protection.
As the security suites become more sophisticated, they also require greater horsepower from your computer. If you have an slower computer, then a modern security suite might not work for you. Slow computers prevent security software from detecting and removing malicious software before the malware does its damage. In this case lighter-weight stand alone security software may work, but you need to be sensitive to the risks of some web-sites.
Paying a lot of money for your security software doesn't necessarily mean you are getting a better product, though be careful of the free security software - I only know of one that is a good product, but for the sake of this article I am avoiding the mention of brand names.
Most security software providers offer free evaluations of their product. Take advantage of this and check how each product behaves on your computer. Look into industry sites not related to a manufacturer of the security software for technical reviews.
Caution - You should not have more than one security suite or product of the same type installed at the same time. These applications will conflict, dramatically impacting performance and possibly damage your system. Uninstall your current product before trying a different one.
Having good security software installed, running, and up to date is essential to protecting your computer and data. There are a few other things you can do to help protect your computer and data.
Aside from utilities like Java, Flash Player, and Silverlight (to name a few), be wary of web-sites that require you to install their software to use content like video or text. Questionable sites may use this as a method to gain access to your computer.
Don't be fooled by phony virus scanner pop-ups. These phony alerts mimic popular security software and may try to trick you into installing additional software, or giving credit card or logon information.
Just like the last bullet point, don't be fooled by phony e-mails, web-sites, and instant messages. Phishing, as this is called, is the action of pretending to be your financial institution or other provider in an effort to trick you into revealing your username, password, and other personal or financial information.
Look at the URL of the site you are visiting or considering to visit and make sure it is what you are expecting. With very few exceptions, legitimate web-sites will use a domain name (
) not an IP address (220.127.116.11). Sometimes malicious sites will use a variant of a popular domain, like
or yourbank.domain.com instead of
Do not open attachments or follow links in an e-mail you received, unless you were expecting it - even if it comes from a family member, friend, or colleague. Send them a quick e-mail to check if they actually sent the message and trust the content.
Disable server services on computers that do not need to answer network requests. Server Service allows other computers on the network to access your computer.
Disable Auto-run for removable media and network drives. This will also disable it for CD/DVD drives, which may not be a desirable result, but it protects from automatically launching malicious software that may be present when connecting jump/thumb drives and network drives.
Symptoms of Infection
Depending on the severity of the infection and design of the malicious software, the effects on computers will be different. The following lists common symptoms of infection.
Slowness - The computer becomes significantly slower then normal. This could also be a symptom of computer resource issues also, like low disk space, memory or CPU availability.
Typing Delay or
Missing Letters - When infected with keylogging malware, sometimes your typing is briefly delayed to display on screen and characters that you type might be missing. Alternatively some malware will change letters as you type.
Infected Email is sent to people in your address book. These e-mails may contain and attachment or a link to a web-site. Typically the malicious software will masquerade as you.
Files disappear from your computer erroneously or program shortcuts stop working.
Pop-behind windows keep appearing on your computer whether or not you are using your internet browser.
Hijacked Browser - Whenever you go to your favorite search engine or a preferred website, you are redirected to an unexpected or malicious website.
If you suspect your computer has become contaminated with malware and you are not experienced in technology enough to feel confident in finding and cleaning malicious software from your computer, take your computer to a qualified expert.
Q & A
I have security software installed. How did I become infected?
No product on the market is 100% effective, although they have improved greatly over the years. Anti-virus products rely on a "signature" from the software manufacturer to find "known" malware. Malware doesn't become "known" until it is in the wild, infecting computers and someone reports it to the security companies. The security software programmers work diligently to find the fixes for the malware as soon as they become aware of its existence.
One of the progressive efforts that security software is making is in detecting virus-like behaviors to stop some new malware from spreading. Often the security software will ask if a program should be trusted; be careful when answering this question if you are uncertain.
How do I disable autorun?
This varies by the operating system version on your computer. Use Experts-Exchange search tool at the top of this page to search for "disable autorun" and your operating system (Windows XP, Apple OS, for example).
I have scanned my computer, but it seems to still be infected
If Malicious Software is able to load before your security software loads, then that malware may be able to hide from your security software. This is common with rootkit style viruses. These are much more difficult to remove and should be done by a qualified expert.
My computer seems to be clean, but it is still sending virus e-mails to people.
Please note the previous answer about malware that hides from security software. Now it is possible that your computer is clean, but instead your e-mail application or provider has been "hijacked". Change your e-mail password and see if the issue stops. Alternatively, the e-mail may be sent from another location using your address as the "From". You may be forced to change your e-mail address and tell people to block your old one.
No one, including me, can guarantee that you and your computer will not become a victim of malicious software. The information I provide in this article is based on my experience with technology and securing computers in the last 30+ years. This information is presented in an effort to educate people and help them protect themselves.
Brand and product names mentioned within this article are property of their respective organizations. The presence of these names does not imply my support of the organization or their support of me or this article.
I just don't think this is reasonable to ask users to do, do you do this? They should be more aware and suspicious but having to verify the source of every email kinda defeats the convenience of email.
It's not terrible advice, especially if the link or attachment seems all out of character from what the sender would normally do. To use a slightly ridiculous example, if my mom suddenly sent me an email notifying me that she's stuck in Mumbai and needs a bank transfer to get home then I would be somewhat suspicious of it as I know she isn't in Mumbai at the moment. But if she sent me what purports to be a picture of her and my dad but the picture is located at a link to a site I've never heard of, I should probably verify with her what she is trying to do before clicking that link.
Sophos recently released a whitepaper on Blackhole and ZeroAccess attacks. It is a good read for those interested.