In 20+ years of being online, I’ve been hit by just a couple of viruses. While I’d never recommend that you run a PC without anti-virus software, some people do, and many of them manage to stay safe.
But whether or not you use anti-virus software (such as Windows Defender or a full-featured security suite such as BitDefender), you should be aware of the various ways in which you can easily get a virus on your PC or mobile device. From fake buttons to dodgy torrent sites and malvertising in Facebook and other popular sites, the risks are everywhere.
With a little basic training, you can reduce the problem of viruses and malware, and finally enjoy the internet on your own terms.
1. Beware of Fake Download Buttons
These can turn up anywhere, but generally you’ll find them on download sites. Whether legitimate or otherwise, you can guarantee there will be a download button that isn’t the one you want to click. The result can be that you downloaded something you don’t want — possibly malware, although often simply bad software.
As you’ve no doubt spotted, this is a dirty trick. You can beat the scammers with this approach, however. Simply exercise caution when clicking links and buttons. Think twice and consider the following:
- Is this a site you’ve used before?
- Do you trust it?
- Have you checked the browser status bar to confirm the link destination?
- Does the button text and font match the rest of the site?
If you have doubts about any of these questions, then you should avoid the site, and certainly don’t download anything from it. Scammers can use all manner of coding tricks to entice you into making a dangerous mistake. Take your time and trust your instincts.
If you’re still not sure, check whether the site is considered trustworthy or not. Norton Safe Web, is a good option, although this is also a good reason to install an online security suite as many offer this functionality to your browser. Google also offers a Transparency Report for identifying bad websites.
2. Use a Secure Browser
An old copy of internet Explorer is just not good enough these days. Come to think of it, an old version of any browser cannot be considered secure. These apps are updated regularly by their developers for many reasons, mostly to maintain and improve security.
Online shopping, online banking, social networking — they all have their risks, and the last thing you want it a browser harboring some dangerous software that records your keystrokes or hijacks a secure link to your bank account.
Secure, modern browsers use HTTPS and check that certificates are legitimate. Old browsers will not. How secure you want to go depends on how concerned you are. We’d recommend you start with Google’s Chrome browser, Mozilla Firefox or Microsoft Edge, their secure replacement for internet Explorer. Want more help? Check this infographic about the most secure browsers.
You certainly should not be using Internet Explorer at all. This browser is broken and all-but-abandoned by Microsoft. Steer clear! Hackers still profit from targeting the browser, and you can do yourself a favor by choosing something else (something more secure, faster, and easier to use) to browse the web.
Even if you’re running Google Chrome on an old Windows XP PC (and you really shouldn’t be), you’re not secure because the underlying operating system is not secure enough to handle modern malicious software. Windows XP was launched in 2001.
Think about it.
3. Hang Up on Cold-Calling Tech Support Agents
These people are poison.
In the UK and North America, there has been an epidemic of scam telephone calls from people claiming to be from “Windows technical support” or some close variations. Before we continue, understand this:
Variations on this are claims that the caller is from your ISP, or mobile phone provider. Their aim is to get you to find “proof” of an issue on your machine, then download a piece of software that affords the caller — who is a scam artist, pure and simple — control of your PC. From then on, they have the opportunity to install keyloggers, backdoors, and other tools that might be used to steal information from you.
The defense here is to refuse to talk to anyone claiming to be from Microsoft. Just hang up. Certainly, don’t let them walk you through the “checks” and download the “fix”. And don’t keep them talking, as this doesn’t really seem to help (the idea is nice, keeping them away from other people, but in truth, there are so many of these scammers at work that it makes no difference). Also, they tend to become unreasonable, and make threats.
4. Ignore Security-Themed Pop-Up Adverts
This can be tricky to spot, as often pop-up adverts can appear from the bottom-right corner of your screen from any currently-running anti-virus software installed on your system. Frustratingly, this also happens with paid solutions, not just free ones.
If the pop-up seems to originate from your browser — you can check this by completely closing it — you should ignore this. In fact, any and all security messages that did not occur during a scan that you recently initiated should be ignored. For instance, your anti-virus software will have a “scan” button. Didn’t press it? Then ignore the message.
There’s a bad side to all of this, however. If you see anti-virus messages on your computer and haven’t installed any anti-virus software, then your system is infected. Time to take steps to remove the infection!
5. Avoid Public Torrent Sites
You may not realise this, but there are two types of torrent sites: public and private. While both can be accessed through a browser, the latter usually requires you to create an account and manage your ratio.
The idea here is that you upload as much (or more) than you download, or else be banned from the site. Private trackers can be difficult to join, as they don’t often accept new account registrations. It’s not too hard to find ones that are open, however.
And yes, it’s usually illegal, but there are many legitimate uses for Bittorrent.
With public torrent sites, you’re risking malware infections not just from the dodgy adverts, but also from the torrents being fake, or bundling worms, viruses, Trojans and other malicious software in with the file you think you’re downloading.
All torrent sites worth their salt offer a commenting system where other users can share their experiences of the downloaded file. Always check these before committing to a download.
6. Delete Media Files Requiring Fake Codecs
Media from torrent sites can often be fake, and you probably won’t know until it has downloaded. Usually a video file (but it might be audio or even a game), these fakes can be difficult to detect until they’re run.
At this point, your media player will display a message advising that the file cannot play or requires a specific player. So, did you download a genuine movie? The way to find out is to try and play it in the popular and feature-packed VLC Player. With every current video and audio codec built in, if the file won’t play with this, it’s not a genuine media file.
Delete it now. And stop downloading dodgy stuff!
7. Don’t Open Email Attachments Forwarded to You
Emails are a well-known attack vector for worms and viruses. Of my two virus infections, the first was a worm sent as an email attachment from my father. The executable file presented some pretty firework graphics on the monitor. This was the Happy99 worm, described as “the first modern worm” and “the first virus to spread rapidly by email”. One million people downloaded the subsequent fix, which removed the self-replicating malware.
While this worm is now virtually obsolete, other malware can spread via email. Then you’ve got the spoof emails, phishing attempts that try to either con you into entering your personal information on a fake website, or download a piece of malware (or both).
If you’re using a webmail solution such as Outlook.com or Gmail, you have an advantage over malicious attachments. For desktop email clients, make sure you take full advantage of the tools on offer. Don’t preview emails, and make sure you operate a white list of approved senders. Avoid opening emails sent to large groups of people, too.
While you might not want to install an antivirus tool, if you’re not using webmail, it’s a good ideal to use a paid email scanning tool.
8. Only Download Apps From Developers
As we’ve seen, download sites are a big pain. Tricky to navigate with fake “Download” links on them, it’s easy to be fooled into downloading something you don’t want.
This is almost certainly the only way you’ll get the most up-to-date version of the app in question, and the safest, too. If your operating system offers an app store (most do these days on desktop and mobile) then also check that for the app you want to use.
But forget about app download sites. They’ve had their day.
9. Don’t Use Your PC’s Admin Account
Whatever operating system you use, make sure you’re not logging in with the administrator account. Further, make sure your family members aren’t either. Sure, you’ll need an admin account for various tasks, but no one needs it to be their daily account.
Really, it’s asking for trouble, allowing software, malicious or otherwise, to make permanent changes to your computer.
10. Scan All New Files and Disks
Finally, think about the devices you’re connecting to your PC. New data that you’ve downloaded, discs you’ve inserted, phones you’ve connected and flash storage devices you have inserted could all pose problems. If these devices are set to autorun when media is inserted, malware can quickly grab a foothold.
With anti-virus software installed, it’s possible to scan all files that you access via disk. You can also use online virus and malware scanners to check the files. Windows 8 and later will also allow you to prevent autorun, which can prove particularly useful.
As bleeding edge as it might be to run your PC without any antivirus software, in this day and age, with threats from keyloggers, backdoors and ransomware, it’s a good idea to use a full-blown security suite.