Malware

phishing

“Malware” is malicious software that facilitates an unauthorized takeover of your device by another user, government or third party to perform surveillance functions such as recording keystrokes, stealing passwords, taking screenshots, recording audio, video and more. While most malware is designed for and utilized by criminals, state-sponsored actors have increasingly adopted malware as a tool for surveillance, espionage and sabotage. Malware is used to gain control of devices. It exploits access to the device to send out spam, seize banking, email or social media credentials, shut down websites and collect vital information.

Anti-virus software can be an effective first response to protecting a device from a significant percentage of malware (a general term for all malicious software, including viruses, spyware, trojans, and other such threats). However, anti-virus software is generally considered ineffective against targeted attacks. Nevertheless, it remains a valuable defensive tool against non-targeted, but still dangerous, malware. See the Anti-Virus page for more information.

There is no single or simple method to protect yourself from malware, but you can make yourself a more difficult target.

Keep in mind, however, that specialized and targeted malware will not be detected by even the best anti-virus software.

  • Step 1: Regularly check for updates to all of your software, especially your operating system and your browser
  • Step 2: Install and configure an anti-virus program (see above) and make sure it updates automatically. Some anti-virus programs will stop after their trial period expires without warning.
  • Step 3: Change your own behaviours. Email and chat attachments are common ‘attack vectors’ where a compromised computer of a friend will automatically try to send malicious attachments to the owner’s entire address book. Ask people to send documents in plain text where possible and never open unexpected attachments without carefully verifying that the sender intended to send it! Using a third party service like Google Docs to open office documents and spreadsheets can also let you see and edit the content with a much lower risk of a malware infestation.
  • Step 4: Further protection can be provided by adding plugins to your browser such as HTTPS Everywhere or NoScript (for firefox).