Malware has, of course, been around for ages, predating the web itself by a long mark. Indeed, the first viruses were spotted way back in the early 1970s, on networks such as ARPANET, the forerunner of the Internet.
However, as the worldwide web grew, so did the ability to more effectively spread malware. Then the explosion in social networks led to social engineering, and increasingly more sophisticated scams came about – for example, targeted spear phishing (opens in new tab) and ransomware (opens in new tab) – leading us to the densely populated malware landscape of today, full of big bad nasties like Cryptolocker.
Cryptolocker was recently the subject of a major warning issued at the start of last week (opens in new tab) by the National Crime Agency, which cautioned that users have a two-week window to protect themselves from this ransomware and Gameover Zeus. In reality, the way in which the warning was issued was rather clumsy, and what the NCA meant was that they've disrupted the infrastructure of these pieces of malware, so now is a good time to clean up your security act. Although, of course, any time is a good time to adopt best security practices – and so that's what we're covering here; the basics of staying safe and protecting yourself against any potential malware when you surf the web.
First off, let's recap the fundamentals. In terms of software, it should go without saying that you need an Internet security suite (or at least a basic antivirus program) on your machine, preferably a good one. That doesn't mean you have to pay, either, as there are some great free efforts – check out AVG (opens in new tab) and Avast (opens in new tab), to pick two prominent examples. If you want to be even more cautious, it doesn't hurt to have a second line of defence after your main AV package – we'd recommend you take a look at Threatfire (opens in new tab). It won't clash with most common security software, and will provide you with what security pros call a layered defence.
Always keep your software up to date – all of it. That means your antivirus definitions, your web browser, any plugins like Flash, every piece of software you have including the Windows operating system itself (or whatever OS you use). Security holes are constantly patched across all software, but if you don't have the latest updates, you'll be vulnerable to them.
Then there's what we call the common sense basics. If you see a web address you think sounds a bit dodgy, don't visit it – even if your friend sent you a link, or posted it on Facebook. You don't know if they actually posted it, or if their account has been hijacked. And even if they did post it, they may be unaware that the site is malware-ridden. In particular look out for links which seem sensationalist, ones that are trying to get users to click ("free iPads and nude pictures of *random supermodel name here*").
Even if you receive an email from what appears to be your bank, Amazon, eBay or whoever, asking you to log in for whatever reason and providing a link to do so – don't trust that link. Open your browser, and type in the bank's website address yourself. You can do the same thing when you're sent links to amusing YouTube videos by friends – don't click the link, but go to YouTube directly, copy and paste the video title in to search for it, and watch it that way.
Do not trust links. This piece of advice can probably save your behind more times than anything else.
Finally, if you're visiting a website where you're entering payment information such as your credit card number, always check that it's a secure site – you can tell because the web address will begin with https:// (note the 's') and there'll be a green padlock icon to the left of the URL bar.
Another thing you can do to keep yourself safe is to use a less well-known browser, seeing as there are more exploits hidden away in web pages that target the big names such as Internet Explorer, Chrome and Firefox. They have the most users by far, so they obviously represent the most tempting targets. You could try switching to something like Opera (opens in new tab) or Maxthon (opens in new tab), which are both excellent alternative browsers. Of course, we understand that not everyone will want to give up their browser; also, if you do switch, don't start swanning about the web thinking you're invulnerable. All the advice in this article still pertains – caution first, as always.
Whatever browser you use, one solid defensive measure is to turn off Java. Unless you specifically need it, Java has been the cause of many holes and exploits, and we keep it turned off for the sake of security. Want to know how to rid yourself of it? Then see our guide to disabling Java (opens in new tab).
You should also make sure any passwords you use for websites are strong, and also not reused across different sites. The latter's a big no-no as one data breach could mean you lose control of multiple accounts to a hacker. If you have trouble remembering passwords, then get yourself a password manager (we round up the best of them here (opens in new tab)).
Two factors are better than one
For added security on the most important sites you visit – usually those involving financial details, like PayPal for example – it's a very good idea to set up two-factor authentication (which is generally supported by these sort of websites). As the name suggests, this is simply a second line of authentication, so you not only have to enter a password initially, you must also provide a secondary login, which can be a code texted to your phone, or perhaps provided by a dedicated piece of hardware (like a PayPal security key). This means even if an attacker gets your password, they won't be able to login as they won't have this second factor to hand. We've also got a guide on this topic, showing which sites support two-factor authentication, and how to set it up (opens in new tab).
If you follow these guidelines, you'll be unlikely to end up one of the unfortunate folks who is compromised by a hacker or scammer on the worldwide web.