What is malware?
Malware is short for malicious software, which is software that is designed to cause harm by disrupting, damaging or gaining access to a computer, without the owner’s knowledge. Malware typically consists of code developed by cyber attackers, designed to cause extensive damage to data and systems, or gain unauthorised access.
How does malware get onto my device?
A common way that malware could get onto your computer is through a phishing attack. (See guidance about phishing.) This could be in the form of an email from someone pretending to be your bank or another trusted institution. The email will generally ask you to open an attachment or click on a link, and if you do, it will try to install the malware onto your device. If you are using your computer with a regular user account as opposed to an administrator account, any malware will not be able to download without the administrator password. (See guidance on about accounts.)
Other common ways to infect a computer device with malware is through clicking on an advert that appears on a website, or downloading software from a non-manufacturer approved source. Your computer could also be infected with malware from a removable storage device such as a USB stick, many companies have banned USBs for this reason.
Different types of malware and what they can do
There are many different forms of malware that cause all sorts of different issues.
Viruses: A virus is a malicious piece of software code that attaches itself to a program, file, or the boot sector of the hard drive ( the host). Once activated, the virus inserts its code into other programs on your device to help copy itself, corrupt your files, damage device performance, and spread to additional devices. The main objective of viruses is to modify or delete information.
Worms: Worms are similar to viruses, but they do not need a host in order to spread, and are not triggered by human interaction. Worms enter computers through a vulnerability in the software, self-replicating and spreading at lightning speed through a network. A worm does not modify software, instead, its main objective is to eat the system resources, interrupting and arresting large network and web servers. Unlike viruses, worms can be remotely controlled.
Trojan Horse: With reference to the ancient story of Troy, where Greeks infiltrated the walled city by hiding in a giant wooden horse, this programme sneaks into a device by pretending to be a legitimate programme. A Trojan is designed to damage and also steal data.
Spyware: As the name suggests, this software is created to spy on a user! It can gather data held on a device without a user’s knowledge and send it back to the infiltrator. This might be web pages that have been visited where personal details have been entered such as credit card details.
Adware: This programme is designed to pop up advertisements. The advertisements are uncontrollable and tend to pop up frequently on screen, it is often difficult to close them.
Ransomware: This is a form of malware that encrypts a user’s files. (scrambles the data so it cannot be understood) A payment is demanded via an online process in order to unlock the files, however, it cannot be guaranteed that you will be able to access your files even if you do pay the ransom.
Protecting your devices – anti-malware software
Many operating systems have anti-malware already installed. Windows 10 has a product called ‘Defender’ which meets the requirements set out in Cyber Essentials. Apple was previously considered to be a ‘safe bet’ and ‘immune from viruses’. This is certainly no longer the case and, despite modern Apple Operating Systems containing anti-malware mechanisms, it is strongly advised that people use an additional third-party program to ensure maximum security.
Anti-malware software will monitor your device for any malicious activity, if it finds anything, it will destroy or secure it before it causes any harm. There are many anti-malware products available to download on a subscription arrangement. Some are even free. McAfee, AVG and Sophos are just a few well-known names.
Malware is continually evolving, so it is important that the supplier includes both *malware signatures and *heuristic detection facilities which is updated on a daily basis. Most anti-malware software is set to scan files automatically upon access as the default setting, but you will need to check these settings in the software configuration screen. Your anti-malware software should have an option you can enable for your internet browser that scans web pages you visit and prevents access to known malicious websites. On Windows 10, SmartScreen can provide this functionality.
*Malware signature detection is a method of virus detection that involves identifying malware by comparing code in a program to the code of known virus types that have already been encountered, analysed and recorded in a database.
*Heuristic detection was developed to spot suspicious characteristics that can be found in unknown, new viruses and modified versions of existing threats. Heuristic analysis is incorporated into anti-malware software to detect new threats before they cause harm.
Additional important tools to protect yourself from malware
List of approved software
Known as a software restriction policy, and found in your security settings, you can create a list of approved software that is permitted on your device. Software not listed, especially malware, cannot be added to your device. You can adjust this list as your needs change. Certain operating systems have options to allow software only from reputable sources, like the official Apple Store and identified developers only.
You can prevent software from automatically opening by itself when a USB or DVD is plugged into your device by disabling Autoplay and AutoRun. This will be effective in stopping malware you did not know was on that drive from running without your knowledge. Instead, you will be notified that some software wants to run and you can decide whether to allow it.
In the System Preferences setting you can find ‘software updates’ and enable automatic updates. This feature is often enabled as default and will ensure that as soon as software manufacturers release their security updates, your computer will apply them automatically. Updating your software will protect you from malware using the known vulnerabilities (those that have been patched) to attack your systems.
Malware tries to steal or damage as much of your data as possible. To limit the amount of data that malware can potentially impact, you can run each application in an isolated area called a ‘sandbox’. This means that malware won’t be able to reach anything outside of its sandbox or anything inside another sandbox. This may sound complicated but some of your applications like your web browser are probably in a sandbox already. Google Chrome has been sandboxed since it first launched, Microsoft Edge now sandboxes all processes and Apple’s Safari browser runs websites in separate processes which has a similar effect.
Virtual machines can also be used to sand box applications and the settings can be tailored within the configuration options of the virtual machine software. (See guidance, about virtualisation.)
Best practice for preventing malware
- Install anti-malware software
- Only use manufacturer approved software
- Only use software that is supported and regularly updated
- Create an approved list of software that you allow on your device
- Disable Autoplay and AutoRun on your device
- Run each application in a sandbox