Malware is any software designed to harm, exploit, or gain unauthorized access to a computer system. It includes viruses (self-replicating code), ransomware (encrypts your files for payment), spyware (monitors your activity), and trojans (disguised as legitimate software). Antivirus tools detect and quarantine malware using signature databases and behavioral analysis, but no tool catches everything — cautious behavior remains the strongest defense.
Run a full scan with a reputable antivirus tool (Windows Defender is built-in and sufficient for most users). Review what it found, learn to read the scan results, and practice the difference between quarantining and deleting a flagged file. Look up one real malware incident to understand how it spread.
From your work on internet safety basics, you know that the internet connects your device to millions of other computers — and that not all of them are trustworthy. Malware is the technical name for software that exploits that connection against your interests. The category is broad: a virus self-replicates and attaches itself to other files, spreading when those files are shared. A trojan pretends to be something useful — a free utility, a game crack, a fake software update — but carries a hidden payload. Ransomware encrypts your files and demands payment for the decryption key. Spyware silently records keystrokes, screenshots, or browsing activity and sends that data to a remote attacker. Each type has a different goal but shares one trait: it runs on your machine without your meaningful consent.
Antivirus tools fight malware using two main methods. Signature detection compares files against a database of known malware fingerprints — fast and reliable for known threats, but blind to new ones. Behavioral analysis watches how programs behave: if an application starts encrypting large numbers of files or attempting to contact unusual remote servers, it gets flagged even without a known signature. Modern tools combine both, which is why keeping antivirus definitions updated matters — a signature database that is months old is significantly weaker than a current one. Windows Defender, built into Windows 10 and 11, runs both methods continuously and is sufficient for the vast majority of users.
The most important thing to internalize is that no software tool eliminates the underlying attack surface — your own judgment. The most common malware delivery mechanism is not a sophisticated exploit; it is convincing a user to run something voluntarily. An email attachment from an "HR department," a website offering a free PDF converter, a pop-up warning that your computer is infected and you must call a number — these are all social engineering attempts that bypass technical defenses entirely. Your internet safety prerequisite covered how to evaluate suspicious communications. Apply that same skepticism to anything asking you to download, install, or enable something you did not explicitly seek out.
When an antivirus tool flags a file, it typically offers to quarantine it rather than immediately delete it. Quarantining moves the file to an isolated location where it cannot execute — a sensible first step, since occasionally legitimate software triggers false positives. Before deleting a quarantined file, look it up: search the filename or the detection name to see whether other users have reported it as genuine malware or a known false positive. This habit takes 30 seconds and prevents accidentally deleting software you actually need. When in doubt, quarantine and wait; deletion is permanent, quarantine is reversible.