Computer safety and security are key to an enjoyable computing experience. However, with so much private information being sent across the internet, ensuring that your system is malware free is also important to your financial and social well-being.
The first line of defense against intrusion is you. In my personal experience, viruses normally do not enter your computer using bugs in software (or so-called "0day exploits") nearly as often as they are willingly installed by a user. These types of malware trick you into installing. Some of the common methods of entry are:
- A website designed to look like an antivirus. These have been well-documented previously by Sophos and Oregon State University. If you encounter a message about system instability, virus infection, computer compromise, STOP, and think about what you are actually looking at. Is it a pop-up window? Are there two borders on the page? Are there two sets of "Close" buttons? Does it have a Chrome/Firefox/Internet Explorer icon in the taskbar? All of these are good indicators that the message is not legitimate. If you are unsure, close your browser immediately (press Ctrl Shift Esc and end the processes associated with your browser). If the message goes away, it was an internet ad. You should avoid the website you found it at (particularly if it was of a questionable nature---porn and piracy are the biggest offenders) and/or email the webmaster of the site (if it is a reputable website).
- Fishy EXE files and other executable files (complete list of executable files). These are often contracted by downloading pirated media, but their download can be initiated by clicking on a fake antivirus ad. In either case, you knowingly downloading an EXE file from a questionable source. Sometimes these files are altered to appear is though they are not EXE files. The icon will resemble that of an AVI, MKV, or ZIP file. However, when inspected, the true executable nature of the file is revealed. In order to protect yourself from such exploits, ensure that you always keep "Show File Types" enabled as outlined on this Microsoft website . In most cases, removal is as simple as deleting the file, provided you did not run it. Never open an EXE file that has the icon of another file type unless you are positive it is not infected. Use an online file scanner if you absolutely need the program and are fairly positive it is a clean file (not downloaded from torrents!)
- Crapware bundled with legitimate "free" programs. The "NEXT" button should not be clicked liberally during software installations. Read each page of the installation wizard and ensure that you are not agreeing to install any additional toolbars or utilities. Clear the check marks to ensure that you dont wind up with more than you bargained for.