Protect against malware

Updated17 June 2021

Table of Contents

...Loading Table of Contents...

    Keeping your device healthy is a critical first step down the path toward better security. Before worrying too much about data encryption, private communication, and anonymous browsing, you should protect your device from malicious software (often called malware). Malware reduces the effectiveness of any other actions you take to protect your security.

    All devices are targets of malware: it is no longer true that Windows devices are the only ones at risk. You should also take the following steps if your device has a Mac, Linux, Android, or iOS operating system.

    Update all software

    This is the single most important thing you can do to protect your device from malware.

    • Follow the instructions for "Use the latest version of your device's operating system (OS)" for your operating system (Android, iOS, Linux, Mac or Windows) to get the best protection.
    • Follow the instructions on the following pages to manually and automatically update apps:

    Android

    iOS

    Windows

    Mac

    Linux

    • In "Show Applications," look for "Software Updater" and run it.
    Learn why we recommend this

    New vulnerabilities in the code that runs your devices and apps are found every day. The developers who write that code cannot predict where they will be found, because the code is so complex. Malicious attackers may exploit these vulnerabilities to get into your devices.

    But software developers do regularly release code--"patches" or "updates"--that fixes those vulnerabilities. That is why it is very important to install updates and use the latest version of the operating system for each device you use. We recommend setting your device to automatically update so you have one less task to remember to do.

    Be aware of being pressured to act quickly and other appeals to your emotions

    • Get in the habit of noticing when something on your device--an email, message, or alert--makes you frightened, distressed, worried, passionate, curious, or that you will miss out on an opportunity.
    • Pause when a message or alert wants you to take immediate action.
    • Be aware that many "win something for free" messages or advertisements are used to trick people into installing malware.
    • When you notice these feelings, look closer at what you are being asked to do.
    • Go through the following instructions about links, file extensions, and pop-up windows.
    • Do not click to proceed unless you are absolutely certain that you know what is about to happen when you do.
    Learn why we recommend this

    Security experts consider people's minds and habits the most vulnerable part of digital security. When we are asked to take quick action, when we are curious, or when we feel threatened, we usually comply. The stresses of human rights work can make us especially vulnerable to this kind of attacks. Many of us are convinced we could never be tricked, but even CEOs of large corporations have been fooled in these ways, losing millions of dollars and damaging their companies' reputations.

    Pause before you click and be cautious when you receive a link

    This is one of the most important pieces of advice for your safety.

    • Look closely at the address in a link before you visit it. This is especially important if someone sent the link via email, SMS text, or a chat message.
      • On your computer, hover your mouse pointer over a link in an email or on a webpage to see the full website address.
      • On mobile, it is harder to see the links, so it may be better not to click them.
    • Here is how to read a web address:
      • after "https://" , travel right to the next "/".
      • Then travel left to the previous "." and the word right before it.
      • Your browser will usually highlight this part for you.
      • Does it look like the site you expected to go to? If not, someone may be trying to trick you.
    • DO NOT click on a strange link to figure out what it is. Instead, copy the web address and paste it into one of the following page scanners to see if it is safe:
    • You can also check a website's reputation using these scanners:
    • If the link looks strange, but you already clicked it:
      • take a screenshot and send it to someone who can help you with your digital security.
      • Then be sure to run your device's anti-malware software.
    Learn why we recommend this

    The majority of devices infected by malware and spyware were infected by a visit to a web page.

    Use caution when opening attachments

    This is another of the most important pieces of advice for your safety.

    • Be alert for unexpected files that are attached to email, chat, voice, or other messages.
    • Make sure the sender is who you think they are. Try to contact them in another way (for example face to face, or by phone if they sent you email) to confirm they sent the attachment.
    • If you absolutely must open a suspicious PDF, Word, Excel or Powerpoint Document, use the app Dangerzone to strip out dangerous elements.
    Learn why we recommend this

    Many devices infected by malware and spyware were infected by a file someone inadvertently downloaded to their device that ran unwanted, malicious code.

    Make file extensions on your computer visible to avoid being tricked by malware

    • To stay safe, make your file extensions visible on your computer.
    • Before you open a file, look at the extension at the end of the file--the letters after the last dot. There might be two extensions or more. Some are normal − like .tar.gz − but others − like .jpg.exe − are suspicious.
    • Ask: is this the kind of file I thought it would be? Does it look unusual? Consult these lists of file formats and filename extensions to see what a file might do when you open it
    • Know some common malicious extensions

    Linux

    • Ubuntu shows file extensions by default.

    Mac

    Windows

    Learn why we recommend this

    People who want to install malicious code on your devices will sometimes make an app look like a harmless document. One way they do this is by changing the app extension: the information about what type of file it is, that shows up after a dot at the end of a file name, usually about 2-4 characters long. They may change an extension for code they can run ("executable code") to an extension you are used to (like .doc, .txt, or .pdf for document files) to trick you. Often they will send these files as attachments to email, or via a chat app.

    Avoid suspicious pop-up windows

    • Watch for "pop-up" windows that appear unexpectedly.
    • Pause. Don't touch anything.
    • Read the window carefully. What is it asking you to do?
    • If this is not something you asked your device to do, close the window (using a button at the window's top) instead of clicking "yes" or "ok".
    • Know the names of apps you have installed. Don’t approve updates by apps you didn’t know you had installed.
    • If you are unsure whether it is actually your app or device asking to install software, check your app store or the website of the software to see if the update is official.
    Learn why we recommend this

    It might seem like hacking your computer requires secrecy and powerful coding skills. In fact, tricking you into doing something for them is one of a hacker's most powerful tools. A button or link that asks you to do something may be waiting to install malware on your device.

    Use antivirus or anti-malware

    • Know how to check if your antivirus or anti-malware app is working and updating itself.

    • Perform periodic manual scans.

    • Choose and run only one anti-malware app; if you run more than one on a device, they may interfere with each other.

    • On Windows we recommend to turn on Windows's own anti-malware protection Windows Defender

    • On Linux you can manually scan your device for malware with ClamAV. But be aware it is only a scanner, and will not monitor your system to protect you from infection. You can use it to determine whether or not a file or directory contains known malware — and it can be run from a USB memory stick in case you do not have permission to install software on the suspect computer. You may also consider using paid antivirus (e.g. ESET NOD32)

    • Otherwise you can get an app:

      • AVG antivirus (Android, iOS, Mac, Windows)
      • Avira antivirus (Android, iOS, Mac, Windows)
      • Malwarebytes (Android, iOS, Mac, Windows). Malwarebytes full version is free for 2 weeks. After 2 weeks, you can still use it but scans are manual.
    • Note that all antivirus and anti-malware apps collect information on how the protected devices are being used. Some of this information may be shared with companies which own them. There have been cases where this information was sold to third parties.

    Learn why we recommend this

    The most important thing you can do to protect your devices' security is to update the operating system and apps you have. However, it is also useful to run the right antivirus or anti-malware software to stop malicious code that may have invaded your device.

    Pick one anti-malware tool to use

    • If you need to switch between anti-malware software it is important to completely uninstall the first one before installing a new one.
    Learn why we recommend this

    Using two anti-virus or anti-malware tools might seem like it would be safer, but these tools will often identify each other as suspicious and stop each other from working properly (like two medications that interact with each other). Pick just one that works for you.

    Set your anti-malware tool to update automatically

    • Make sure that your anti-malware program allows you to receive automatic updates; if it does not, seek another tool.
    • Set the anti-malware tool to check for updates on a regular daily schedule.
    Learn why we recommend this

    New malware is written and distributed every day. Anti-malware tools release updates to fight it. Your computer will quickly become vulnerable, and the tool will be of no help, if you do not set your anti-malware software to update automatically. Some tools that come pre-installed on new computers must be registered (and paid for) at some point or they will stop receiving updates.

    Scan your device for malware regularly

    • If your anti-malware tool has an "always on" mode, enable it. Different tools have different names for this mode, like Realtime Protection or Resident Protection.
    • Scan when you have recently:
      • connected to an insecure or untrusted network
      • shared USB memory sticks with others
      • opened strange attachments by email
      • clicked a suspicious link
      • seen someone else in your house, office, or community having strange issues with their device
    • Consider occasionally scanning all of the files on your computer. You do not want to do this often (and you might want to do it overnight), but explicit scans can help identify problems with your anti-malware tool's "always on" feature or its update mechanism.
    Learn why we recommend this

    Like other fancy gadgets, malware-fighting tools don't work if you don't use them!

    Use good hygiene with devices you plug in

    • If your device uses a USB cable to charge, never plug the USB part directly into a public USB charging slot, unless you are sure the cable you are using is a power-only charger cable. Make sure you use the adapter that lets you plug into a power outlet.

    • Instead, use a data blocker device (like the ones sold by PortaPow) to prevent the public USB slot from infecting your device.

    • Never use a stick, card, disc or cable you find lying around; there have been instances of people putting malicious code on other people's devices by leaving an infected USB stick in public.

    • If you are concerned about what might be on a colleague's drive that you need to plug into your machine, consider using a CIRCLean stick to check it for malware first.

    Learn why we recommend this

    Malware can spread from device to device through smaller devices you plug into them--particularly SD cards, USB drives, cables and "flash" memory sticks, CDs, and DVDs. Malware has also been found on public charging stations.

    Use good hygiene with sensitive information

    • Only store or send the sensitive information using encrypted methods.
    • Check very carefully to make sure you know who you are giving this information to.
    • Be aware that many scams involve someone contacting you electronically or by phone unexpectedly, pretending to be a company or government official who needs this information.
    • Be especially careful about pop-up windows or strange links that ask for this information.
    • Sensitive information includes:
      • Your date of birth or other personally identifying information
      • Passwords
      • Financial information, including bank account or credit card numbers
      • Identification, including government ID numbers, passports, and cards that get you into an office
      • Licenses
      • Your fingerprints or iris scans
    Learn why we recommend this

    Some information about you could do more damage than others, if it fell into the wrong hands. Many people are not aware that email is not a safe way to send this information, as it is frequently stored on multiple computers and servers, making it hard to eliminate all copies.

    Secure other "smart devices"

    • Consider whether the risk of having additional devices around you which are connected to the internet outweighs the benefits of what they can do for you.
    • Consider disconnecting your TV from the internet entirely, or from electricity when you are not using it.
    • Turn off smart speakers like Alexa, Cortana, and Siri. Follow the instructions in the "disable voice controls" section of the basic security guide for your device: Android, iOS, Linux, Mac, or Windows.

    Apple TV

    Other TVs, including Android, Amazon Fire, LG, Roku, Samsung, and Sony

    Learn why we recommend this

    Some malware is designed to infect other devices to which its victims are connected. Many of these internet-connected devices are not as well-secured as our computers and phones. They might include "smart TVs," devices you control with an app on your phone, "smart appliances" like lighting or heating systems, or even children's toys. Attackers might use these devices to get into more important devices around you, or attack other devices as part of a zombie "botnet." Smart TVs, in particular, may listen for sound around them and record what people are saying, using a technology called "automatic content recognition" (ACR). They share what they hear with advertisers and other third parties. You can turn ACR off using the instructions below.

    Shut your computer down overnight

    Learn why we recommend this

    Malware frequently takes advantage of times when you are not using your devices to search or send data, so you are less likely to notice that something is wrong. Turning off your devices and connections can help protect against this.

    Disable Java in all browsers

    Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):

    Disable in email

    Learn why we recommend this

    Java is an older software package that makes it easy for someone to run malicious code on your device without your permission.

    If you suspect your device has been infected...

    Disconnect your device from networks

    • Turn off WiFi, mobile data, Bluetooth, or other wireless ways of communicating to other devices.
    • Unplug any wires (like ethernet cables) the device is using to communicate to other devices.
    Learn why we recommend this

    Doing so will help prevent malware from sending data, receiving commands or infecting other devices.

    Avoid connecting things like drives to the infected device

    • Do not plug in drives, USB sticks, memory cards, or other removable devices unless you are prepared to discard them, or know how to disinfect them safely.
    • Similarly, avoid using things that were previously connected to that device.
    Learn why we recommend this

    Like sick people, infected devices can spread infections to other devices.

    Run your anti-malware software

    Learn why we recommend this

    You can sometimes clear a malware infection just by running your anti-malware software. However, be aware some malware is designed to survive a full re-installation of the operating system. Most infections fall somewhere in the middle, resisting cleaning but not being impossible to root out.

    Use a rescue drive

    • If the infected device is a computer, restart it from an anti-malware rescue drive (such as Windows Defender Offline or the AVG RescueCD)
    • Discard the USB memory stick you used to create the rescue drive.
    Learn why we recommend this

    If the malware infection keeps coming back or is resisting your efforts to clean it off your device, starting your device from a rescue drive (rescue disk) can help remove infected files deep in your operating system.

    Back up files

    • Back up your important documents to a clean, unused drive, preferably one you can plug in to your device.
    • Do not back up any apps or software.
    Learn why we recommend this

    You will need to erase as much as possible of your device to eradicate all traces of the malware. So first, make sure you have copied your important files to a new, clean drive to keep them from being erased.

    Clean your browser by deleting profile folder

    If your browser behave strange or you suspect that it may be infected with adware, spyware or a virus you may want to clean the infection or fix the issues by deleting your browser profile folder. Note that deleting this folder will delete information kept in it like all passwords you saved in the browser, bookmarks, browser add-ons and cookies. Consider doing a backup of this information before you delete the folder.

    Learn why we recommend this

    Some malware can store themselves inside the browser. Sometimes the only way to guarantee that you have a clean device is by deleting the local profile folder of the browser.

    Do a factory reset or re-install the operating system

    • Back up your important files first.
    • Follow these instructions to factory reset:

    Android

    iOS

    Linux

    Mac

    Windows

    Learn why we recommend this

    Many devices now offer the ability to completely reset their operating system. Doing so can eliminate some malware, but you want to be sure you have saved important files first. Be aware you may need to re-set some of your settings and reinstall some applications after doing this.

    Buy a new device

    Learn why we recommend this

    Unfortunately, sometimes malware is impossible to get out of an old device. Whether or not your old device continues to show signs of malware after you have gone through these steps, the most secure solution may be to get a new device which can be updated to the latest software.

    Secure your router

    • You will need the (administrator) login information for your router. If you no longer have the manual that has this information, look for

    • Make sure you are connected to your own wifi network.

    • Try going to the following addresses in your internet browser; one of them should give you a way to log in to your router's control panel:

      • http://192.168.0.1
      • http://192.168.1.1
      • http://192.168.1.254
      • http://192.168.2.1
      • http://10.10.10.1
      • http://10.0.0.1
    • If none of those give you a login page, search for "default IP address router" and the manufacturer and model number of your router.

    • Take a screenshot of what you see once you have logged in, before you change anything. That way if something goes wrong, you can always change the settings back.

    • Change the administrator login password to something strong and unique, as it allows to modify the router's settings. Use your password manager to generate and save a strong password.

    • Rename your network:

      • Do not use the default name (which can tell attackers how your router is vulnerable)
      • Do not give it a name that identifies you, your organization, or your family.
      • You may have the option to make your wifi network invisible, so devices have to know its name to connect. Make sure your devices can connect this way.
    • Look for information on the control panel page about updates to your router's software (known as firmware). Search online for the latest version of the software, and update it if possible.

    • Under "security protocol," select WPA3, WPA2-AES, or WPA2 if possible (in that order of preference). If your router does not make at least WPA2 available, it may be best to buy a new one, as other protocols leave your router vulnerable to attack.

    • Make sure that your router or WiFi access point has a firewall enabled. Most of them do, but it is worth checking.

    Learn why we recommend this

    Your router is the gateway between your local network, including your wifi and devices, and the rest of the internet. Its firewall adds another layer of protection. Not everyone can access the settings for their router; many of us get our routers from our internet providers, and sometimes they make it impossible for us to change the settings. However, you can always try to see if you can get access to your router, change above settings, and make your connection more secure or you can decide to buy your own router, secure it, connect it to the internet provider's router and use wifi from your own router instead.

    If your router software is old and you cannot updated it, or if you would like to have better control over your router, you may consider replacing router operating system with one of the free and open source options like OpenWrt, DD-WRT or FreshTomato. Please note that replacing router operating system is advanced task which if not performed well may lead to rendering your router unusable ("bricking the router")

    Advanced: Use Qubes OS

    Learn why we recommend this

    Qubes is an alternative to Windows, Mac, and Linux that gives very strong protection against malware by dividing your device into secure sections that cannot access each other. Qubes makes use of Linux among other tools. On the surface it resembles Linux operating system to certain extent.

    Advanced: Use a liveUSB drive to make a backup of your files

    • Ensure your infected device is not connected to the network using WiFi, Ethernet, or other connections.
    • Get a brand new, clean USB memory stick.
    • On a separate, not-infected device, using the USB memory stick, create a liveUSB drive of Ubuntu or Tails.
    • Shut down the infected device.
    • Plug the liveUSB into the infected device.
    • Restart the infected device; it should start off the liveUSB.
    • Move your files from the infected device to a new clean drive.
    • Safely shut down the infected device.
    • Discard the liveUSB drive; DO NOT connect it to any device again or it may spread infection.
    Learn why we recommend this

    Starting your infected computer from a liveUSB drive (with Ubuntu or Tails installed) will help prevent the infection from spreading to your backup disk and beyond.

    Consider free and open-source software

    Proprietary software like macOS or Windows often requires proof that it was purchased legally before it will allow you to install updates. If you are using an unlicensed (also known as "pirated") copy of Microsoft Windows, for example, it may be unable to update itself, which would leave you and your information extremely vulnerable. Some unlicensed software even comes with malware already installed. By not having a valid license, you put yourself and others at risk.

    Relying on unlicensed software can present non-technical risks, as well. The authorities in some countries use unlicensed software as a pretence to confiscate devices and close down offices that belong to organisations with which they have political differences.

    You do not have to purchase expensive software to protect yourself from threats like these. Free and open-source software (FOSS) is software that can be obtained and updated free of charge. FOSS tools are generally considered more secure than proprietary ones, all else being equal, because their source code is publicly available and can be examined by outside experts who can identify problems and contribute solutions. This transparent approach to development also makes it more difficult for someone to hide a back door that lets them access important parts of your device they shouldn't.

    Freeware is software that is distributed free of charge but does not necessarily make its source code visible to the public. While outside experts cannot see whether its code contains back doors, it may still be safer than proprietary software that is unlicensed or "expired."

    Consider trying FOSS alternatives to the proprietary software you rely on. If you do not find something that works for you, consider freeware alternatives to any unlicensed software you might be using.

    FOSS applications may be similar to and compatible with, the proprietary software they replace. Even if your colleagues continue to use proprietary software, you may still be able to exchange files and share information with them. As a place to start, consider replacing Microsoft Office with LibreOffice.

    There are FOSS alternatives to the Windows and macOS operating systems as well. Ubuntu Linux is one of the most popular and easy to use. To try it out, download a liveUSB version of Ubuntu, copy it onto a USB memory stick, put it in your computer and restart. When it's done loading, your computer will be running Linux, and you can decide what you think. It will not make any permanent changes to your operating system or other software. When you're finished, just shut down your computer and remove the Ubuntu liveUSB to return to your normal operating system and apps.

    Ubuntu is also a good option for computers that are too old to run updated versions of Microsoft Windows or macOS.