Malware protection


What is malware protection?

Malware is short for malicious software.  It is software or web content (viruses, worms, spyware, ransomware) that has been designed to cause harm. Malware protection helps prevent harmful code from causing damage or accessing sensitive data.

Viruses are a type of malware and their job is to stay alive (or evade detection) by getting onto your computer, doing whatever is required and then looking to infect the next computer.

Sources of malware include rogue links (sometimes seen in forums), rogue or hacked websites, phishing attacks, infected media or downloads from non reputable sources (cheap software that usually costs lots of money).


Why do I need malware protection?

Malware protection stops harmful software from accessing your system or network. Malware can damage files, or lock them to prevent you accessing them, unless you pay a ransom (ransomware). Malware protection helps to detect and prevent any potential threats from malicious software. In addition, malware protection can remove potential threats from malicious software

How do I get malware protection?

A number of operating systems already have malware protection installed and available. Defender is the product that Windows 10 uses.

Check to see whether your OS manufacturer gives you malware protection as part of the OS installation.

How does malware protection work?

It works by looking at either signatures found in files (for instance certain strings), though this is not helpful if the malware is able to change these signatures. Other ways of identifying malware is looking at the behaviours being exhibited and having the computer make a decision as to whether this looks weird.

What do I need to do to protect against malware?

There are three ways to protect your business from malware, but you may not need to use all three. However, you should complete a risk assessment to decide which controls are necessary for your business. You should, at least, use the first two controls.

  1. Use anti- virus software: this should be updated daily and set to automatically scan files. Web pages should also be scanned and connections to malicious websites blocked
  2. Application whitelisting: only allow approved applications to be used on devices. Keep a list of these applications and review them regularly.
  3. Application sandboxing: This is a more technical solution. It prevents applications and programs from interacting with other devices or your network.

Where can I get more information?

As always, NCSC has done yet another brilliant article summing things up. 

This can be found at:


To sum up, this is an overview of malware protection. For more information about Malware protection you should read our detailed blog about malware protection requirements for Cyber Essentials.