How to Protect Yourself Against Malware

An illustration of a man boxing with a gift box with an evil face on it protecting his computer behind.

One of the most common ways hackers and criminals cause trouble online is by spreading malware. In addition to using common sense, follow these basic guidelines to protect yourself against malware.

1. Use antivirus software

You should always have reliable antivirus software running on all devices you are using. This software is your main line of defense against viruses and other types of malware. Make sure your antivirus is always up to date so it can deal with any new security threats.

Antivirus programs allow you to scan your entire device for malware. Make it a habit to run regular scans of your devices to catch malware early and prevent it from spreading. If you need to download something, make sure to use an antivirus program to scan the download for malware before opening it.

Windows comes with free and reliable antivirus software, Microsoft Defender, built-in. You can get Microsoft Defender to protect your device even better by adjusting a few settings.

2. Keep your software and hardware up to date

Malware infects your devices by finding and exploiting vulnerabilities in software. Hackers and criminals are constantly looking for such vulnerabilities. Companies that create software fix vulnerabilities through security patches released in updates. Therefore, it is important to install updates as soon as they become available.

Whichever device you use, make sure you are using the latest version of the operating system. It is a good idea to set the operating system and antivirus software to update automatically. Update the rest of software on your devices often and on a regular basis.

If there have been no updates to the operating system on your mobile phone offered within the last six months, it is highly likely that it is an older model that the manufacturer no longer supports. In this case, consider replacing the phone with a newer model that gets critical security updates.

3. Use a non-admin account

Malware can be particularly devastating for your device and data on it when you are logged in an administrator account. It is a good idea to create a user account with limited privileges on your computer and use it for regular daily tasks. When you are signed in to an account with restricted privileges, it is much harder for malware to find a way into your device and make system-wide changes.

4. Know what you install

A lot of malware is bundled with shady software or built into pirated versions of legitimate software. One of the surest ways to infect your computer with malware is to install pirated (unlicensed) software on it. If you really need a particular piece of software but cannot afford it, keep in mind that there are free alternatives to almost all major software products. These alternatives may offer more limited functionality but they will get the job done without making malware a constant feature of your online experience. When you have a chance, always choose open-source software over proprietary commercial products.

Download apps only through official app stores. When you install something for the first time and are not familiar with the app, make sure you read reviews to find out if other users have found the software trustworthy.

Make it a habit to revisit all apps installed on your devices on a regular basis. Delete the apps that you no longer use or trust.

5. Beware of attachments

It is one of the most fundamental digital safety rules that you should never download or open attachments that arrive in emails, social media messages, or mobile texts from people you do not know or do not trust fully. Scammers and criminals are particularly fond of Word, Excel, PowerPoint and PDF files infected with malware. If an email or any other type of message looks strange or suspicious to you, the best way to deal with it is by deleting it right away.

It is also worth remembering that even people you know and trust can have their email accounts compromised. So if you receive an unexpected email with an attachment from them, it is a good idea to check with the person who you think sent you the email before opening it.

6. Check links before clicking

You should never click on links sent by people or organizations that you do not know. You should also make it a habit to treat each single link you receive as a potential risk. When you get an alert from a colleague, your bank or the social media service you are using, do not click the link in the email. Hover your mouse over the link to see the full website address. This can help you decide whether or not you want to click that link. Alternatively, you can open a browser window and type of address directly into the URL field to make sure the site is real.

Before clicking on a link that you find even a tiny bit suspicious, scan it with a link scanner such as Norton Safe Web ( that lets you enter the URL of a suspicious link and check it for safety.

Use extra caution when dealing with shortened URL links. Always check the real URL link behind a shortened one. You can use a free online service such as UnshortenIt ( to “decode” a shortened URL.

7. Don’t trust pop-up messages

We have all had this experience: you surf the Internet and suddenly there is a pop-up window telling you that your computer has been infected and recommending that you download some software to protect your device. Do not fall for this. You are smarter than that.

8. Be careful with removable media

Malware often travels across different devices via removable media such as USB memory sticks, external hard drives, flash memory cards and so on. Never insert such a device into your computer if you do not know where it came from. When you have to use a removable media device and know where it came from, it is a good idea to use an antivirus program to scan the device before opening it.