Big bad scary malware. How do you explain malware to people who are not really into security? Let’s try. I will use simple analogies and language, yet will still try to go into some detail, so you can help people you know and love (and work for) understand the idea behind malware.

Malware, Virus, Trojan, What?

Malware is a general name. To keep with the medical reference, it’ll be like sick. Malware makes your computer sick. If I go to a doctor and say, ‘I’m sick’, the doctor will say something like, ‘okay, what hurts?’. Because being sick and going to a doctor to be cured requires some kind of test or analysis.

Is it your tummy? Your head? Your knees?

Like the generic term, sick, malware is a generic term for something that makes your computer sick.

Malware is a piece of code – a program or script or macro or whatever – that makes your computer or phone or internet-box sick. But it can mean any kind of thing.

So, some malware makes your computer sick by letting bad guys look through your webcam. Other malware makes your computer sick by giving bad guys control over your files. Other malware makes your computer sick by stopping you from using your computer unless you give the bad guy money.

For the sake of this article, we don’t have to go into techie details about the names and function of different types of malware, just know that there are a lot of problems, some you notice and some you don’t notice.

Fixing this

Let’s try to keep this medical analogy alive. Doctors will tell you that it’s easier to prevent getting sick than to fix you once you’re sick. Plus, even if you can get rid of sick, it sucks. It takes time, costs money, and makes you slow down and feel rubbish throughout.

Insurance companies and businesses are on board. Preventative measures are good. Some companies pay less health insurance fees if its employees ride bikes to work. That’s awesome.

That analogy works for malware. Preventing malware is much safer for you and your money and your safety than fixing malware. Viruses and diseases attack your organs (I guess, I’m not a doctor and once we get technical I kind of fail. I guess I could look it up, but I don’t want to. I care, don’t get me wrong, but this is distracting me from my point.) Malware attacks your programs.

Active Prevention

To prevent malware as best you can, keep your applications patched. Delete applications you don’t use. Install and update anti-malware. Use a password manager (this helps you in case your identity is stolen from a stupid company you are registered it).

Passive Prevention

I just gave a quick hit list of things you can do. There are things you can NOT do that are probably better than the above. Obviously keeping your system healthy will help you keep the bad stuff away, but things don’t just go after your computer if it’s sitting idly (I mean, they don’t go after YOUR computer. They might go after an important computer. But not yours.)

In this case, you need to stop doing some of the things you might like to do. A great way to give people malware is to get them to click on things. You should know now to click on crap in your email. That is easy. You see a fake email and you refuse to click on it.

But some things are either subversive or illegal that you might be cool clicking on. Those could be things like porn sites or illegal torrent sites. You could also go to those free ebook or free software sites. In the old days, those were called warez sites. People would hack into a computer, upload a bunch of free stuff, and then give others access. I think they would setup an FTP server and let people log in and download video games and old versions of Adobe photoshop.

Now people use torrents, or visit dubious porn sites that might be insecure ad networks.*

Sidebar on porn sites. It sucks that I have to include a sexual thing here. Sex isn’t bad. Porn, as an idea, isn’t bad. Some porn is exploitative against its actors and actresses, or teaches unsustainable views and promotes violence against women, and that’s bad. But as an idea, porn isn’t bad. Yet porn sites are a huge vector for malware. Why?

The major ad networks, like Google’s doubleclick, won’t allow porn sites to use their ads. But porn sites have to make money. So they need to find an ad network that is totally cool with porn sites. Those ad networks are either insecure or grey hat. Clever bad guys have figured out how to send malware through those ad networks. So people who visit a porn site with an insecure browser might be fed an advertisement that has malware in it. Just by visiting, you can get malware. Sucks, right?

Dealing with the passive stuff

We don’t want to click on downloaded torrents, we don’t want to click on those software or ebooks, and we don’t want our browsers downloading those ads on dubious websites. What can we do?

Stop downloading torrents. Either avoid porn sites (gasp!) or (realistically) download a robust ad blocker. Stop clicking on shit you didn’t buy or earn.

Few things are free. If it’s free… why? Maybe it’s part of their business plan. Maybe it’s altruism. Maybe it’s malware.