Last updated June 2018
Software is what makes personal computers so flexible and adaptable. Your computer is capable
of things that haven’t been invented yet! Give it new software in future, and it will obey its
This is also a weakness, because a computer will just as readily obey instructions that aren’t
good for it, or for you. Software that intentionally harms a computer, damages your data or
compromises your privacy is called malware.
Note: Lots of people say virus, but a virus is actually
just one kind of malicious software. Malware is a better word because it encompasses viruses
among other bad things.
How malware arrives
It’s extremely rare for a computer to simply ‘pick up’ malware, just by being on and connected
to the Internet. In fact, leaving computers online is beneficial because they can
update their software sooner, which makes them safer.
Reading email is also safe. It’s extremely rare to get malware just by opening a message, so if
you receive an email you’re not sure about, don’t be afraid
to look at it before deciding whether to delete it. Do not, however, open a suspicious
attachment, and don’t click a link within an email if you’re unsure about it.
It’s also safe to visit websites, provided your software is up to date. Even a site that turns
out to be not what you expected, or looks frightening, can’t normally cause harm. But don’t
download files or install apps that you’re unsure about, as these might be malware.
Note: Bogus websites that pretend your computer is infected or damaged
are common, but cannot do harm unless – ironically – you follow their invitation to ‘fix’ the
Malware can also spread via memory sticks or external hard drives. While it’s no longer common
to be at risk from just plugging one in, if someone lends you a memory stick or drive you should
understand the kinds of file you find on it before double-clicking to open them.
How antivirus works
No matter how careful you are with attachments, downloads and memory sticks, everyone makes
mistakes — whether it’s you, the person who emailed you, or the person who runs your favourite
website. So it’s common to have antivirus software to help protect
Note: The name antivirus is still used, though ‘antimalware’ would more accurate.
Antivirus software includes a database of known malware, which is updated via the Internet as
new malware is discovered. Every file you download or open is automatically checked against this
database, and if a match is found, you are blocked from using the file.
Why it’s not perfect
The main problem with antivirus is that the people creating malware are always one step ahead.
Hundreds of thousands of new malware variants appear each day. To help combat this, modern
antivirus looks for suspicious behaviour in software, in addition to exact matches with its
malware database. Still, despite its best efforts, antivirus software can never detect all
malware — a fact that is complicated by there being dozens of competing antivirus vendors.
Another problem is false positives, in which antivirus unwantedly
blocks a harmless file. There’s also the inevitable use of resources: antivirus makes your
computer slower. However, few people will decide that these are compelling reasons to forgo
antivirus software altogether.
When it can’t help
There are also risks from which antivirus cannot protect you. It may surprise you that the two
most common kinds of security incident I’m called to help with don’t involve malware.
First is the tech support scam, in which you either:
- Receive a phone call from someone pretending to be from a reputable company, claiming to
have detected a problem with your computer
- Encounter a website that says there’s a problem with your computer, and gives you a number
The bogus technician directs you to give them remote control of your computer, then shows you
the alleged problem and charges to ‘fix’ it. Microsoft has
a good article with more detail
on these scams.
The other is phishing, in which you receive an email or text message
pretending to be from a friend or a company you deal with — perhaps saying the friend has shared
a file with you, or that someone has made a purchase on one of your accounts. When you click to
find out more, you’re shown a fake screen that looks similar to a genuine website and asks for
your password or other information. In the heat of the moment, you give your password, bank
details or other private data to a criminal. Learn more in
this article by Action Fraud,
the UK’s national reporting centre for fraud and cybercrime.
What else you can do
Now you know that antivirus is not a silver bullet, you should instead think of it as just part
of the overall picture when it comes to computer security. In addition to antivirus:
- Keep your software up to date
- Regularly back up your data
- Be cautious with email attachments and downloads
- Use a modern email service like Gmail or Outlook.com (Hotmail) — these have better spam and
malware filters than the email offered by most Internet providers (BT, TalkTalk, Plusnet etc.)
I’m a computer technician and tutor serving North Oxford, Kidlington, Woodstock and the
surrounding villages. Visit my home page to find out more and get in touch.