Viruses & Malware
Protect Vulnerabilities
One of the most ingenious delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that’s an unprotected operating system, a software program that hasn’t been updated in months, or a browser whose security protocols aren’t up to snuff (we’re looking at you, Internet Explorer).
Here are some ways you can protect against exploits and shield your vulnerabilities:
- Update your operating system, browsers, and plugins. If there’s an update to your computer waiting in queue, don’t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered. So while you leave those programs alone, cybercriminals can find their way in through the vulnerabilities.
- Bonus mobile phone tip: To protect against security flaws in mobile phones, be sure your mobile phone software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your storage is full or your battery is low.
- Enable click-to-play plugins. One of the more devious ways that exploit kits (EKs) are delivered to your computer is through malvertising, or malicious ads. You needn’t even click on the ad to become infected, and these malicious ads can live on prestigious, well-known sites. Besides keeping your software patched so that exploit kits can’t do their dirty work, you can help to block the exploit from ever being delivered by enabling click-to-play plugins. Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). The bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will help keep the EKs at bay.
- Remove software you don’t use (especially legacy programs). So, you’re still running Windows XP or Windows 7/8.1? Microsoft discontinued releasing software patches for Windows XP in 2015, and Windows 7 and 8 are only under extended support. Using them without support or the ability to patch will leave you wide open to exploit attacks. Take a look at other legacy apps on your computer, such as Adobe Reader or older versions of media players. If you’re not using them, best to remove.
Watch out for Social Engineering
Another top method for infection is to scam users through social engineering. Whether that’s an email that looks like it’s coming from your bank, a tech support scam, or a fishy social media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By being aware of the following top tactics, you can fend off uninvited malware guests:
- Read emails with an eagle eye. Phishing is a cybercrime mainstay, and it’s successful only when readers don’t pay attention or know what to look for. Check the sender’s address. Is it from the actual company he or she claims? Hover over links provided in the body of the email. Is the URL legit? Read the language of the email carefully. Are there weird line breaks? Awkwardly-constructed sentences that sound foreign? And finally, know the typical methods of communication for important organizations. For example, the IRS will never contact you via email. When in doubt, call your healthcare, bank, or other potentially-spoofed organization directly.
- Bonus mobile phone tip: Cybercriminals love spoofing banks via SMS/text message or fake bank apps. Do not confirm personal data via text, especially social security numbers. Again, when in doubt, contact your bank directly.
- Do not call fake tech support numbers. Ahhh, tech support scams. The bane of our existence. These often involve pop-ups from fake companies offering to help you with a malware infection. How do you know if they’re fake? A real security company would never market to you via pop-up saying they believe your computer is infected. They would especially not serve up a (bogus) 1-800 number and charge money to fix it. If you have security software that detects malware, it will show such a detection in your scan, and it will not encourage you to call and shell out money to remove the infection. That’s a scam trying to infect you. Don’t take the bait.
- Do not believe the cold callers. On the flip side, there are those who may pick up the phone and try to bamboozle you the good old-fashioned way. Tech support scammers love to call up and pretend to be from Microsoft. They’ve detected an infection, they say. Don’t believe it. Others may claim to have found credit card fraud or a loan overdue. Ask questions if something feels sketchy. Does the person have info on you that seems outdated, such as old addresses or maiden names? Don’t confirm or update the info provided by these callers. Ask about where that person is calling from, if you can call back, and then hang up and check in with credit agencies, loan companies, and banks directly to be sure there isn’t a problem.
- Bonus mobile phone tip: You can block calls until pigs fly, but there will always be a scammer ready with a new number (especially one that looks similar in area code and first three digits to yours). Many cybersecurity programs for Android and iPhone can put the bulk of those calls to rest, meaning an unidentified number needn’t stress you out as much. Of course, when in doubt, screen your calls.
Practice Safe Browsing
There’s such a thing as good Internet hygiene. These are the things you should be doing to protect against external and internal threats, whether you’ve lost your device and need to retrieve it or want to stay protected when you shop online.
“While many of the threats you hear about on the news make it seem like there is no way to protect yourself online these days, the reality is that by following some basic tips and maintaining good habits while online, you will evade infection from over 95 percent of the attacks targeting you,” says Adam Kujawa, Head of Intelligence for Malwarebytes. “For that last 5 percent, read articles, keep up with what the actual security people are saying, and follow their advice to protect yourself.”
So here are some of the basics to follow:
- Use strong passwords and/or password managers. A strong password is unique, is not written down anywhere, is changed often, and isn’t tied to easily found personal information, like a birthday. It’s also not repeated for different logins. For more information on creating a strong password see our passwords guide.
- Make sure you’re on a secure connection. Look for the proper padlock icon to the left of the URL. If it’s there, then that means the information passed between a website’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”
- Log out of websites after you’re done. Did you log into your healthcare provider’s site using your super-strong password? You could still be leaving yourself vulnerable if you don’t log out, especially if you’re using a public computer. It’s not enough to just close the browser tab or window. A person with enough technical prowess could access login information from session cookies and sign into a site as you.
Layer your Security
All the safe browsing and careful vigilance in the world can’t protect you from all the threats out there. Sometimes you need a professional to catch the poo that cybermonkeys are flinging. So to keep your machine clean, invest in security software and layer it up with the following:
- Use firewall, anti-malware, anti-ransomware, and anti-exploit technology. Your firewall can detect and block some of the known bad guys. Meanwhile, Malwarebytes products use multiple layers of tech to fend off sophisticated attacks from unknown agents, stopping malware and ransomware infection in real time and shielding vulnerable programs from exploit attack.
Security professionals agree a multi-layer approach—using not only multiple layers of security technology but also user awareness—helps keep you protected from the bad guys and your own mistakes. Now go forth and fight malware!