How do I Protect My PC from Malware?
Understanding malware is the first step in protecting yourself and your computer. If you haven't already, you may want to check out this page to learn the basics of what malware is and what it can do to your computer.
Protecting your computer against malware involves a lot more than installing good antivirus software (although that's an essential part of it). You need to consider all the different ways that your computer can become infected, guard against them all, and have a backup plan to protect your data just in case your computer becomes infected despite your best efforts to prevent that from happening.
I personally consider all the steps on this page to be mandatory if you want to both protect your computer from malware infection, and come as close as possible to guaranteeing that your data will always be safe even if that does happen. It's a lot of work, but everything I'm going to recommend here has a reason behind it.
Let me explain it to you.
How I Protect My Own Computers from Malware
Create a Non-Administrator User Account in Windows
If you use Windows, the first thing you should do when setting up a new computer is create an account that does not have admin privileges, and use that account for your everyday use of the computer. Use the account with administrator privileges only when installing software or performing other administrative tasks.
The reason for this is that malware can only execute with the privileges of the currently logged-in user, so doing your routine daily work as a user with low privileges will prevent most malware from successfully installing.
Install a Good Antivirus Program
This is the second thing you should do when you set up a new computer. I personally prefer ESET computer security products and have been using them for more than a decade, but you can always check here and here for current reviews of other good antivirus and computer security software.
A good antivirus program is a must, but don't necessarily trust it. Antivirus software works primarily by recognizing malicious code from samples that have been collected in the wild. If your computer happens to be one of the first targets, then the antivirus software may not recognize the code as being malicious. Most antivirus programs also use heuristics to try to recognize brand-new malware, but it's not perfect by any means.
Install Mailwasher Pro
Although intended primarily as an anti-spam program, Mailwasher Pro is a vital part of my own anti-malware regimen. I have been using it for many, many years. In fact, I have a lifetime license.
The reason Mailwasher Pro helps protect against malware is that it allows you to preview the mail before you download it using your Email client (Outlook, Thunderbird, etc.), downloading only the headers, not any attachments or images. If a piece of mail looks suspicious or is obviously spam, you can delete it from the server before you ever download it.
Have a Bulletproof Backup Plan
Some malware, especially ransomware, attacks backups as well as the system drive; so protecting your backups is an essential part of protecting your data from malware.
Most good drive imaging software is able to protect backup files from deletion or encryption by protecting them from deletion except from within the software and password-protecting them. That's pretty good protection, but it's not enough to allow me to enjoy my beauty sleep. There are two possible solutions to this worry.
The first solution is to physically disconnect your backup destination (for example, an external hard drive) between backups. That's a bulletproof solution, but not a very convenient one because it requires that I be here and actually remember to do it.
The second solution is to back up my data to the cloud using an online backup service. The one I personally use most is Backblaze. I use them as a backup destination for both my personal computers and my Web servers.
Install a Good Firewall Router
Most better routers have firewalls built in, but many of the cheap ones don't update their firmware often enough to patch vulnerabilities. Spend a few dollars extra for a good, current firewall router and check frequently for firmware updates.
Speaking of routers: If you use Windows RDP to remotely log in to your computer, change the public port to one that's hard to guess, close port 3389 on the router, and let the router port-forward connections from the new public port to port 3389 on your PC. Aside from being more secure, you'll avoid lots of bot traffic.
Secure Your Wireless Connection
If you have a wireless network, use WPA2 encryption (WEP is easily hacked) and secure it with a strong key. If your router has the ability to set up a "Guest" network, set it up and let house guests use that connection to isolate them from your computers.
Avoid Questionable Sites
Porn sites and "warez" (pirated software) sites are notorious for distributing malware. Also be very suspicious if a site you regularly visit looks different, especially if it's a banking or other financial site. It could just be a site redesign, but it could also be that the site was hacked or that your browser is being hijacked.
Avoid Online File-Sharing
Unless you really have no other way to download a file, avoid file-sharing services like Bittorrent. Yes, I know that a lot of legitimate, perfectly-legal content is distributed that way. But so is a lot of malicious crap. If you must use a file-sharing service, be very careful, and limit the software's access to only the folder that you absolutely must share to use the service. But look for an HTTP or SFTP alternative first.