Drive-By Downloads
You’re surfing the Web, enjoying a quiet afternoon, when a window pops up on the screen. “New Windows Antivirus Update Available,” it says. “Would you like to update your system?” You get “Yes” and “Cancel” buttons at the bottom.
It looks like a real, honest-to-goodness Windows message, right down to the logo in the corner. Should you click Yes, or Cancel?
The correct answer is “Neither.”
In programming terms, this is known as a Drive By Download. A website you visited has this code set to run as soon as you visit. The pop-up is trying to install something on your computer, and if you click “Yes,” you really have no idea what you’re agreeing to. Your computer may now be set to make long distance phone calls, or assist in a Denial of Service attack, or just flash adult advertisements at you every thirty seconds.
Many malware programmers design their systems to look just like system messages and windows. Just because an email or a pop-up says it comes from Microsoft, or your bank, for that matter, doesn’t make it true.
We don’t want any of that, so we should hit “Cancel,” right?
Nope.
It may look like a standard Windows message, but it’s really not. It’s just an image of those buttons. Clicking either button—in fact, clicking anywhere in the image—is the same as clicking “Yes” and giving the mystery program blanket permission to do whatever it’s going to do.
The correct answer is to click on the little “X” at the top right of the window, closing it without clicking on anything inside it. This is one of the best ways of keeping malware off of your system.
When in doubt, don’t click. This advice works for ads, email attachments, and mystery files, and is a really good habit to get into.