• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Hacking & Security

      How to Stay Away From Downloading Malware? Top 9 Prevention Tips

      • Posted by DavidBalaban
      • Date April 12, 2021

      Web swarms with viruses and malware. The unaided eye often fails to spot a malicious code as its distributors conceal it using social engineering tricks and other techniques like drive-by-downloads and zero-click attacks. So, how do you secure your machine from new viruses and malware if you cannot detect it and antiviruses are not always reliable?

      Tip 1 – Never Visit Unsafe Web Pages

      Malicious code often originates from unsecured websites. Cybercriminals host their malware on their own websites and those they hacked earlier.

      Avoid browsing potentially unsafe sites. For business, it is better to set this as a compulsory requirement in your standard operating procedures for staff members.

      But how can you tell a safe website from an unsafe website? That is pretty easy. You do not have to be a cyber-security guru to check a website’s application layer protocol. For instance, https://forbes.com makes use of https://. It shows you that the website you open has an SSL certificate. SSL stands for Secure Socket Layer and means the website holding it is safe. Earlier http used to dominate the web; now, this type of protocol is dying out as it is not deemed safe anymore.

      An SSL certificate is a bundle of two encryption keys. One is private, and the other is public. This pair ensures safe encrypted communication secured from third-party interference. SSL enables a trusted connection with the website concerned.

      It is to be admitted that non-https pages do not necessarily host malicious code. Oppositely, an https page may prove to be unsafe. Such cases occur at an increasing frequency as malicious code evolves, producing more sophisticated strains like polymorphic viruses ever.

      Tip 2 – DNS Filtering to Block Insecure Websites

      Ensuring a website holds a valid SSL certificate is a good starting point. Now let us move on. Advanced traffic filtering at the level of DNS helps you protect both your endpoints and corporate networks from corrupted domains that pretend to be free of malicious code. I do not recommend any particular solution here. Just make sure a security tool you run features advanced content filtering.

      A traditional antivirus in the world of evolving malware does not keep your machine secure. A modern security solution must provide the following functionality:

      • Scan traffic using enhanced machine learning algorithms.
      • Help avoid any exposure of restricted access data.
      • Have comprehensive data filtering (DNS, HTTP, HTTPS).
      • Secure network and endpoints from crypto viruses, exploits, APTs.

      Tip 3 – Avoid Clicking Suspicious Web Links

      Clicking unverified links is a common malware infection vector for most malware types, including dangerous ransomware viruses. Such links may trigger a download session that drops a malicious code into your machine.

      So, how to prevent malicious downloads originating from compromised links? Never open a link until after inspecting the URL it points to. Fortunately, ensuring the link is safe is straightforward enough. Just hover over it with your mouse and check if the website name you see is true to the name the link declares. A malicious website URL may differ from the trusted one by a single symbol. Watch for different spelling and other minor deviations.

      If you suspect anything bad, you can also verify the website’s URL with free online scanning tools like VirusTotal.

      Tip 4 – Skip Free Apps

      The only free cheese is in the mousetrap. Software available for free tends to be bundled with malicious code. Plenty of applications are free, and you can download such programs from their official websites without a second thought as long as you know their publisher is a trustworthy party. They do not sell licenses because they earn money by adding dubious tools to the installation files.

      Next, have you ever stumbled upon a page distributing a paid app for free? Hackers also deploy email phishing attacks sending links to websites that allegedly offer paid software at no cost to users. Both offers lead to scams and malware.

      Tip 5 – Ensure Incoming Emails Are Safe

      Did you know that 85% of all organizations have been hit by phishing attacks? Spam messages that contain malicious content are a prevailing phishing tactic.

      Attackers resort to advanced social engineering techniques to lure unwary users. Whether you follow a link, process content attached, provide any data by filling a form, or just reply to the email dispatched by the crooks; you are going to be pawned. Do not fall for any of these tricks as malware and viruses lurk behind the curtain.

      A rule of thumb is to make every employee aware of phishing and its most widespread varieties. I strongly encourage security training to be provided at regular intervals. These activities should teach your staff how to tell a malspam and other phishing emails from safe items.

      Tip 6 – Run and Regularly Update Enhanced Security Suite

      Staff training is essential, but it is not the only measure to be applied. Engaging every employee in IT matters is a great move. Meanwhile, every member of your team is a professional in his limited area. Cybersecurity is not everyone’s strong point, and human error is always around. That is why your corporate cyber-security should make use of a modern email security suite. A solution I would subscribe to would feature an enhanced antispam capable of recognizing the latest malware strains with heuristic and signature-based scanning.

      The importance of such protection can hardly be overestimated as emails you receive is a critical terminal point for entering your system. My ideal solution should include:

      • In-depth email attachments and links scanning.
      • Proactive protection against phishing, including targeted campaigns.
      • Enhanced antispam shield repelling popular methods of spammers.
      • Scam suppression functionality focused on preventing BEC campaigns.

      A security system of my choice should alert its users about fraud attempts and email compromise in good time. This enables the early detection of deceptive messages and misleading statements.

      Tip 7 – Keep ads at bay

      Some ads are notorious for the extreme annoyance they produce. To make things worse, some ads you encounter carry a malicious script. Interacting with such ads exposes your operating system and network to malware attacks. Even though most ads pose no threat of malicious payload introduction, I strongly suggest blocking them on all workstations. This would reduce the distraction of your staff and ensure malware-backed ads do not infect your systems.

      Popular web-browsers provide built-in functionality for popups and redirects suppression. Among specialized solutions in this niche, AdBlock Plus is my favorite. You would also appreciate that the app is free.

      Tip 8 – Make use of all Patches Once Available

      Too many people are inclined to ignore or postpone updates and patches available for the software they run. This habit is more dangerous than you may expect it to be. The risk is multiplying dramatically if it takes place in a vast business system.

      Unpatched software is a common infection vector. 20 to 40 percent of breaches occur due to bugs in apps that users fail to address despite the availability of patches. Hackers often combine this vector with phishing. User clicks a malicious link, and malware exploits unpatched apps.

      The burden of keeping software up-to-date and applying patches in time is too heavy for ordinary employees. An automated solution is much appreciated. Such a tool should be configured by the IT staff to install updates on the background immediately upon their release.

      Tip 9 – Protect Your Environment With a Trusted Antivirus and Firewall

      Computer viruses appeared more than 30 years ago. It took several years after the first virus attack for an antivirus solution to emerge. As its name suggests, the software is tasked with inspecting the computer system it is installed on to detect and remove computer viruses. A firewall restricts incoming contents by applying a set of filters.

      A modern approach to combating malicious code suggests a combination of an antivirus and a firewall. This pair is basically what the concept of a next-generation antivirus (NGAV) refers to. An NGAV features advanced antivirus and firewall solutions.

      Unlike old antiviruses, a new generation tool goes beyond signature-based detection. It excels in sandbox analysis, backdoor, and heuristic examination.

      Steering clear of malware and viruses is all about your money and reputation. Best practices of safe browsing, email handling, DNS filtering, combined with enhanced security solutions reinforce your corporate cybersecurity.

      • Share:
      author avatar
      DavidBalaban

      Previous post

      Accurately Locate Smartphones Using Social Engineering - Seeker
      April 12, 2021

      Next post

      The Most Secure OS!
      April 15, 2021

      You may also like

      wordpress-pentesting_370x208
      WordPress pentesting
      30 January, 2023
      mimikatz_370x208
      Dump LSASS without Mimikatz via MiniDumpWriteDump!
      19 January, 2023
      open-redirect_370x208
      OpenRedirect Bug Made Easy
      3 January, 2023

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance