What are Common Misconceptions or “Myths” about Viruses and Malware?
Only Windows machines get malware!
False: Both OSX (Apple) and Linux operating systems can also be vulnerable to malware, although most malware targets Windows because it is the most commonly used operating system worldwide. With the increasing number of OSX users, more malware is made to target OSX; however, because the number of Linux users are far fewer, Linux malware is far less prevalent.
Malware is only spread by devices that are also “infected” by malware!
False: Computers can pass on malware to other devices as “carriers.” An example of this is a computer with OSX, passing on Windows malware to a Windows device, even though that malware didn’t “infect” the OSX device because this malware was designed for Windows. That malware still successfully infected a Windows device, and because of this, users should have anti-virus software that also scans for malware designed for other operating systems.
If I don’t notice anything “strange” happening with my computer, it’s okay!
False: Malware may or may not be noticeable – sometimes it will have dramatic impact on a device’s performance, other times a device will continue functioning in an apparently “normal” manner.
Anti-virus will catch any malware I have!
False: Anti-malware tools can only identify malware that is known; they cannot protect against “undiscovered” or “new” malware. This doesn’t mean you shouldn’t use anti-malware tools, however!
Once each list is made from this section, hang them up, but leave space next to each list for the list of solutions, both technical and non-technical, that will be covered in the following section.
Avoiding Malware
Go to Survival Time to calculate the average number of minutes it takes for an unpatched computer without anti-virus and a firewall to become infected – at time of writing, it took on average 5 minutes.
Below is a list of solutions for avoiding malware to cover together as a group – begin each question by soliciting solutions from participants and adding them to the list, then supplementing additional solutions and missing information as needed.
Place each list of solutions next to the respective list of how users are exposed from the previous section – the avoidance questions below are numbered the same (I or II) as the exposure questions (I or II) from the previous section. Keep them up during the training so participants can refer back to them.