You’re not alone – there is still a lot of confusion when it comes to deciding whether to purchase protection to guard yourself against viruses, malware, spyware, etc. You may be an existing user, and your renewal notice has arrived. You’re wondering, “Do I ‘really’ need to renew? Has it ‘really’ helped me avoid viruses over the last 12 months?”
Let’s start with some education. There are a lot of terms thrown around – virus, malware, spyware, adware, trojans, ransomware. Purchasing protection that claims to protect you from, for example, viruses, doesn’t guarantee protection from adware. You then may be wondering, “how many different anti-virus suites do I need to protect myself?”
Let’s clear up what is what:
- Malware is simply an umbrella term. It refers to any form of ‘malicious software’, hence the word itself. It includes any of the above – viruses, spyware, adware, ransomware, trojans, worms, rootkits. It can be a culmination of more than one of these things.
- Virus – a virus is a piece of malicious software or code that once ran, is contagious and looks to spread itself by any means necessary once on a computer. Over the network, onto external disk drives, whichever methods have been written into the code depending on the purpose. Hence the name – a virus.
- Spyware – this is a form of malicious software that once ran, spies on your activities (internet browsing, keystroke logging, etc.) without the consent of the user. It could be sending this information to somebody out there via the internet looking to commit fraud. Spyware is very tricky to detect.
- Adware – although classed as a form of malicious software, it’s usually more annoying than dangerous. Mass adverts are shown to the user via the installation of a piece of free software (a game or application), or via web browser popups, in a hope to generate revenue. The user’s web browsing activity is monitored, and appropriate adverts are then shown to them in the hope that the user will click through on them, thus generating money for the author. If millions of people are targeted, then the author stands a good chance of making some money. Adware can affect the performance of your computer and slow things down.
- Potentially Unwanted Program – PUP for short, is an unwanted program, usually adware, toolbars, or a program with an unknown objective, that gets installed alongside a downloaded program that the user installed. PUPs are less severe, but can still be a nuisance and in some cases just as dangerous as any malware. They can trick you into clicking on further things to cause worse malware infections.
- Ransomware – malware that once executed, will lock your computer up and demand a fee to unlock it. The fee will usually have to be paid via a money sending facility such as Ukash, Western Union, Moneygram, or other anonymous pre-paid services. These are very tricky to deal with. The most famous version of this is called Cryptolocker where it encrypts all of your files and demands a fee for the decryption key. The latest versions of this can’t be bypassed – you will lose access to your data unless you had it backed up elsewhere, or pay the fee. Nevertheless, this is still a criminal act and you have no idea what your money is funding so it’s best not to.
- Trojan – trojans masquerade as an application or piece of software that looks legitimate and safe, but in reality, installs malware that will allow your computer to be accessed secretly by the trojan author. The author can then do whatever they’ve programmed the trojan to do – steal personal information and keystrokes, control your computer, or worse. Again, they’re very tricky to detect.
- Worm – a worm destroys files and information on the computer that it has landed on, and will replicate and spread itself. Similar to the function of a virus.
- Rootkit – a collection of malicious computer software that is designed to allow low-level access to the computer that usually wouldn’t be allowed. A rootkit is very difficult to detect – more so than any of the above if it’s an advanced rootkit because it can usually subvert or disable anti-virus software, preventing its detection.
So now that you’re more familiar with the different kinds of malware, let’s clear up another myth that some people think holds truth. I also get customers telling me that this myth has occurred on their computer, but I always refuse to believe it and I always ask them what were they EXACTLY doing before the infection. Literally down to their last few clicks, to try and investigate how their computer got infected. In every case, they’ve clicked on something somewhere:
Malware doesn’t automatically enter your computer out of the blue sky unless you purposely clicked on something to run, or gave something privilege to run on your computer in the first place.
Now that you are aware of this, here is a critical guideline:
You can actively prevent malware from entering your system via your usage habits and with a little informed knowledge.
So now, you may ask, “why is anti-virus software necessary if malware can be avoided?” Precisely the point of this article. We need to change our ways of thinking. Rather than seeking protection, we need to ask ourselves – “If we change our computing habits so that we aren’t ever clicking on anything suspicious or questionable in the first place, then why is anti-virus software even necessary?” The truth is that malware detection is becoming a nightmare for anti-virus software. In our current day and age, avoiding the malware altogether is the best way forward – to avoid having to shell out yearly subscriptions, and to avoid putting reliance on their ability to protect our computers if we do click on suspicious things. Let’s learn how to avoid malware.
There are several ways in which malware can enter your computer. They all have the same thing in common – they require interaction by the user to do so. Malware in no shape or form automatically enters your computer and executes itself unless authorised by the user via a click of the mouse. Let’s take a look:
- Clicking an ad or link on a webpage, usually an illegitimate webpage but on occasions can be a legitimate site that has been hijacked and linked to malware.
- Opening unrecognised email attachments (.zip, .js, .pdf, and many other formats that are used as deceptive containers for malware), or clicking links within emails that persuade you to click them by fabricating a reason, such as resetting a password, looking at legal documents, parking tickets, delivery tracking information, being summoned to court, it literally could be anything fabricated by the malware creators. This is called ‘phishing’.
- Video streaming websites that have an obscene amount of ads and pages popping up, and pages hijacking your browser session not allowing you to click away or forcing you to click something malicious accidentally.
- Fake update webpages telling you to download an Adobe Flash, or Java update to your system. These usually popup alongside streaming sites many times.
- Fake anti-virus webpages telling you that they are a reputable company (i.e. Microsoft, or Virgin Media, any large corporation) and then forcing you to download anti-virus software or ring a phone number for support. Some of these pages show what looks like ‘Windows Defender’ running, and showing you that it has found malware on our system. This is a fake image! These webpages appear on your screen maximised, to make them difficult to close down, but to the more unsuspecting computer user, they can fool you quite easily into clicking to download.
- Illegal sites that host illegal files such as music, software, movies, that always have multiple ‘Download Now’ links, duping you into clicking them and therefore causing a malware download.
- Your search engine provider within your web browser being changed from Google, Bing, or Yahoo, to another search engine (via a browser hijack), so every time you search for something online, you’ll get links and adverts that appear legitimate but are auto-generated and usually lead to malware.
- Downloading freeware games and software that come packaged with adware (or worse), and make it difficult to deny the installation of the adware before the actual freeware software/game installs. The installers are constructed in a very smart manner to fool most people.
- Opening files from a pendrive or external drive borrowed from somebody else, that may have hidden malware on it.
There are other ways, but the bottom line that you need to learn is that if you don’t click on something, it won’t harm your computer. If you download a file via the browser by mistake that is suspected to be malware (and is possibly renamed as whatever you thought it initially would be), don’t click to run it. In Google Chrome your downloads appear at the bottom and it’s very easy to click them by mistake – be very careful! Go to your ‘Downloads’ folder and delete them immediately.
There is also something that most of the above have in common – anti-virus software has a very hard time preventing any of the above from appearing in front of your very eyes. Anti-virus software tries to kick in ‘AFTER’ you have clicked on malicious software to run. The only problem here, and it’s a huge problem – it may not be able to stop the installation! In fact in reality it will struggle, which kinda makes anti-virus software pointless to a large degree.
Another factor is that anti-virus software is always going to be outdated by a few days, sometimes more. Here’s an example. A virus maker creates a piece of new malware, distributes it via email to millions of people. Thousands of unsuspecting people click the attachment and run it, and get infected with the malware. Anti-virus software can’t do anything about it because it doesn’t have that piece of malware registered in it’s daily definitions. You see, the reality is, it’ll be a few days before the anti-virus makers cotton on, and release a definition to aid in removing this malware. It’s already too late – you’re infected and are having to attempt to clean it yourself, or bring your computer to us to have the malware removed. Your £30 (or more in many cases) that you paid for the anti-virus software becomes a waste. This is a reality unfortunately, and you’re usually shelling out extra labour costs to technicians for malware removal services.
To avoid malware, you need to learn preventative methods and techniques. Change the way you use a computer. Keep control of the ‘trigger’ (which would be the left mouse button, or the left touchpad click) and kerb the curiosity that may be enticing you to click on things.
So, let’s repeat the above problems and give a solution for each one:
- Clicking an ad or link on a webpage, usually an illegitimate webpage but on occasions can be a legitimate site that has been hijacked and linked to malware.
Examine the website that you’re on. If you’re clearly on an illegitimate site, close it. If your use for the site is legitimate, check the top address bar. Click on the ‘Secure’ area to the left to ensure you’re actually on the site you’re meant to be on, and that it’s security certificate is valid and in date. - Opening unrecognised email attachments (.zip, .js, .pdf, and many other formats that are used as deceptive containers for malware), or clicking links within emails that persuade you to click them by fabricating a reason, such as resetting a password, looking at legal documents, parking tickets, delivery tracking information, being summoned to court, it literally could be anything fabricated by the malware creators. This is called ‘phishing’.
If you’re not expecting it, don’t open it! With regards to emails demanding you to click links, you should be aware that no government or banking institutions email you asking you to click on links for password resets, or anything for that matter. They only send notifications. If unsure, log into your bank account via your browser and see if the correspondence is there within your message centre. Don’t trust the email. If relating to banks you don’t have accounts with, delete them. Malware creators are also using a whole raft of stories and reasons to fool people into opening links and attachments. Some will seem very real, but just remember – anything that is critical, you are likely to receive something through your letterbox. No company nowadays uses email for sensitive matters. If they do, you’ll know it’s real because you’ll recognise the subject matter. If you don’t, then it’s likely to be fake, especially if it’s bundled with an attachment. - Video streaming websites that have an obscene amount of ads and pages popping up, and pages hijacking your browser session not allowing you to click away or forcing you to click something malicious accidentally.
You’re clearly doing something illegal if you are on these sites, so the best thing to do is to refrain from using them and finding legitimate ways to watch your content. However, there are always reasons for why people stream such as unavailability in the UK for the content on offer. Anti-virus software will struggle to help you with these sites, but an ad blocker plugin will help to disable a lot of the bad stuff. The most common one is called Adblock Plus, and is available across most common browsers. You will occasionally still get the odd tab or popup – close it immediately. If you can’t use your mouse to close it, press Alt + F4 on your keyboard to try and close the tab (or the Task Manager if it’s not closing). If you can’t watch that particular stream without annoyance, then it’s best to abandon it. - Fake update webpages telling you to download an Adobe Flash, or Java update to your system. These usually popup alongside streaming sites many times.
Java updates appear in your bottom taskbar on the right, so if any websites pop up asking you to update Java, Flash, Shockwave, Air, or anything similar, close it. It won’t be real. Besides, you can perform these updates manually yourself by visiting the proper websites. If you can’t close the tab or window, use Alt + F4 to forcefully close it, or use the Task Manager to close it. - Fake anti-virus webpages telling you that they are a reputable company (i.e. Microsoft, or Virgin Media, any large corporation) and then forcing you to download anti-virus software or ring a phone number for support. Some of these pages show what looks like ‘Windows Defender’ running, and showing you that it has found malware on our system. This is a fake image! These webpages appear on your screen maximised, to make them difficult to close down, but to the more unsuspecting computer user, they can fool you quite easily into clicking to download.
Don’t trust anything of this nature. Companies don’t ask you to ring them. The numbers go to black-hat callcentres and they have staff that will guide you to handing them remote access to your computer, from where they’ll inject even more malware. You’ll also find that these companies are cold-calling you on your landline or mobile phone occasionally, and start off by saying that they’re from Microsoft, or another large corporation, and asking you “is your computer slow?” or “we’ve detected you have a virus, let us help you remove it”. Don’t install any anti-virus or anti-malware software that pops up through your web browser. No company is ever going to be that direct, so you automatically know it’ll be malware or ransomware or something even worse. - Illegal sites that host illegal files such as music, software, movies, that always have multiple ‘Download Now’ links, duping you into clicking them and therefore causing a malware download.
You shouldn’t be on these sites in the first place – these people know that you’re after something for free that you should be paying for, so they’re going to give you a hard time before allowing you to download it. And after all the hassle of the links, popups, and ads, 8 times out of 10 the actual download will likely just be malware anyway. These people are just trying to make revenue from the ads, and also looking to spread malware. And people looking for stuff that shouldn’t be free, are the perfect candidates. If you accidentally download a strange file via a download button/link that seemed legitimate, don’t run it, especially if it’s an executable file. Delete it immediately. - Your search engine provider within your web browser being changed from Google, Bing, or Yahoo, to another search engine (via a browser hijack), so every time you search for something online, you’ll get links and adverts that appear legitimate but are auto-generated and usually lead to malware.
Usually you may have already clicked on something by mistake on a site (likely described above), or installed some light adware and it has changed your search provider to a different provider that looks similar to a common search provider. You’ll then search for terms and get linked to automatically generated sites littered with ads and malware. If you search for something online and the links don’t look right, or you simply don’t see that you’re searching on Google, Bing, or Yahoo (always keep an eye on the address bar), then go into your browser settings and check the search engine provider settings – ensure that it’s a trusted one such as Google, Bing, or Yahoo. If it changes back to a bad search provider after a restart, then you likely have malware that is actively changing it, so it’s too late at this stage. You’ve already clicked on something somewhere beforehand at some point, and you now may need some malware removal services from us. - Downloading freeware games and software that come packaged with adware (or worse), and make it difficult to deny the installation of the adware before the actual freeware software/game installs. The installers are constructed in a very smart manner to fool most people.
Avoid freeware if you’re unsure on your ability to look through the installation process and decline the adware prompts before installing the actual freeware. Whatever the freeware is, it’s very likely that there is some clean software available for free online that will perform the same function, written by an ethical software developer that doesn’t come packaged with adware. You just need to find it. Contact us if you need help on finding clean freeware. - Opening files from a pendrive or external drive borrowed from somebody else, that may have hidden malware on it.
This is one of the things where anti-virus software can help – many paid suites scan pendrives and external drives when they’re connected to your computer, but it doesn’t necessarily mean they’ll successfully find the malware. To be safe, don’t connect such devices to a sensitive computer – you could use a secondary computer in the household (we will get to this).
As you can see, in the majority of cases above it’s possible to survive without paid anti-virus software. Many paid suites can also impose a performance hit on your computer due to all of the modules they have in place to help prevent all of the different types of malware. In reality, none of this is necessary if you can learn how to safely use your computer and the internet. If you use the internet safely and take precautions, then there’s no reason why you can’t maintain a clean operating system.
If your computer is sensitive to your work or daily activity, then there is no need to take any risks on it at all. Have a second computer or laptop to hand if you need to open anything questionable or visit questionable websites. At least if the computer becomes infected, you’re not going to affect your workflow, and the secondary computer can be wiped and set back up again as a worst case.
One thing that I’ve found anti-virus software to do is to give customers a peace of mind, even if they’re not effective in the real world. We don’t want to discredit them entirely – they do have detection algorithms that can sometimes help pick up on clicked malware that isn’t registered within their definitions, and they’ll also prevent against old malware that has been circulating for years.
Conclusion
There are a couple of methods that you can use to give yourself equal protection without paying for expensive anti-virus subscriptions. As shown above, you can prevent the mass majority of malware by adapting the way you use your computer. Our goal is to try and educate you on how – prevention is the best course of action. Anyhow, this is what we have found to be the best combination:
- Use an ad blocker within your web browser as a necessity (Adblock Plus is the most established) but don’t forget to disable it on legitimate sites because you will be impeding legitimate adverts that are likely of no annoyance. It remembers your preferences so once disabled on a site, it remembers your choice.
- Use a free anti-virus suite – we recommend Avast. It’s lightweight and very feature rich. Besides, if you adapt your computing usage as above, you won’t be giving Avast any malware to detect, However, as a free software suite, it’s very worthwhile keeping it running if your computer has the horsepower, simply for peace of mind. It also has email detection if you use an external email client such as Microsoft Outlook or Mozilla Thunderbird, but as we said above it may not detect brand new threats so be cautious with your emails, especially if you check them online via a browser.
- Use a dedicated malware scanner and perform a regular scan just to ensure your computer is clean. We recommend Malwarebytes Anti-Malware for this purpose – the free edition is excellent. It picks up on thousands of threats that anti-virus suites won’t detect in a scan. The paid version is equally excellent but unnecessary if your computer habits are tidy. Besides you’ll have the same issue with malware that is fresh and new – Malwarebytes won’t have updated their definitions with it so if you were unlucky to get infected after clicking something, it won’t be able to protect you.
I sincerely hope that the above helps you minimise, or better, eradicate malware from your computing life! I have been using the combination of an ad blocker coupled with the integrated Windows Defender built into Windows 10 (and previously in Windows 7 also, but badged as Microsoft Security Essentials). I don’t use free anti-virus software and never have done, even in our current time right now where there are more threats out there than ever before. I’m extra careful not to click on anything suspicious, especially through email. That’s all it takes. If you can tighten up your computing usage, anti-virus software becomes an unnecessary burden, both financially, and with that extra drain on your computer’s resources. If you can become very skilled in avoiding malware, a free suite would also be unnecessary.
If you ever have any questions or queries relating to malware prevention, contact us to have a chat, and we can help guide you on how to avoid malware.
Nimesh