When personal computers were new, having one in your home was a kind of hobby. Every user needed some serious technical expertise. System won’t start? Open the case, pull the expansion cards, polish their terminals with a pencil eraser, and reseat them. If that didn’t work, you could join your fellow hobbyists at a PC Users’ Group meeting and ask around. You might solve other problems by tweaking arcane settings in the CONFIG.SYS file. Fun stuff, for sure! Computers these days are no longer a hobby, just a boring commodity. Here’s a thought to spice up your life—why not get your computer infected with malware?What if turning on your computer made it flash a warning that the government is investigating you? Or if opening your browser generated a blizzard of fun and colorful ads? Who knows, maybe your computer could be among the zombie army enlisted by a bot herder to take down a major website using a DDoS (Distributed Denial of Service) attack! Wouldn’t that be cool?You may be surprised to learn that opening yourself to the full malware experience will take a little work. Modern operating systems and computers are too darn nanny-state protective, and just about every new computer comes with a security suite preinstalled. Here are some tips to ease you into the exciting world of malware.Pick the Right DeviceLove your Mac? Your iPad Pro? Well, for now, you’ll have to put them aside. There’s no doubt that malware for macOS exists, but there’s no telling how long you’d have to wait for an attack to hit. As for iOS, fuhgeddaboudit! Everything that makes macOS trouble when you’re trying to get cozy with malware goes double for iOS.What you need is a good old PC, and I do mean old. The older the Windows version, the better; newer editions have some annoying built-in security features. If you can find a box running the antiquated Windows 95, that’s golden! Microsoft ended support for this precious antique operating system in 2001, so hackers have had more than 20 years to exploit it.
(Credit: Microsoft/PCMag)
If you can’t come up with a Windows device, go for Android. That’s what the malware writers do! Lots of Android devices get stuck at an old Android version because the vendor doesn’t support updates, including security updates. Lollipop, anyone? Google seems to have stamped down the scourge of Android fragmentation, but there are still a lot of vulnerable phones out there. Got an old phone you threw in a drawer? Revive it and you’re golden!Evade Malware ProtectionIf you’re trying for the malware infection experience, obviously, you don’t want malware protection installed. That would defeat the whole purpose! But hold on, don’t just delete your antivirus. It’s not as easy as that.Here’s the problem. Microsoft doesn’t trust you to handle life without malware protection. If Windows 11 (or 10) detects that you don’t have any other antivirus running, it forcibly turns on Microsoft Defender Antivirus. In years past, that wouldn’t have been a problem because the old Windows Defender was so lame. But unfortunately, Defender is showing better and better test results these days.
(Credit: Microsoft/PCMag)
You might think you can turn off Microsoft Defender by digging into security settings and turning Real-time protection off. However, Defender keeps running scheduled scans, so that’s not a real solution. In any case, it doesn’t stay turned off. Yes, if you’re a PC wizard you can make a bunch of changes using Registry Editor and Group Policy Editor to put a stake through Defender’s heart. Are you a wizard? I didn’t think so.Your best bet is to check our reviews of antivirus software and pick one with a poor score. You can also try keeping your existing antivirus program active but with scheduled scans and real-time protection turned off. Better yet, use an older version of Windows, one without all the security padding.Tell the Browser to Shut UpModern browsers think they know everything. Download this, but don’t download that. This website is OK, but you can’t go to that one. Throw off the tyranny of the browser! You’re the one in charge, after all. While you’re at it, remove any ad blockers or other browser extensions that rudely get in between you and those fascinatingly dangerous pages.
(Credit: Microsoft/PCMag)
Naturally, the way you escape oppression differs between browsers. In Chrome, click Settings from the menu, click Privacy and Security, click Security, and set Safe Browsing to “No protection (not recommended).” While you’re there, turn off Always Use Secure Connections and Use Secure DNS.If you’re partial to Edge, choose Settings from the menu, click Privacy, search, and services, and scroll down to the Security section. Found it? OK, turn off Microsoft Defender SmartScreen. Actually, go ahead and turn off everything related to security.Firefox users should click Options, select the Privacy & Security tab, and uncheck the box titled Block dangerous and deceptive content. This will eliminate Firefox’s interference when you visit interestingly dangerous sites and also prevent it from messing with your downloads.Are you using Internet Explorer? Congratulations! You must be using an old version of Windows. Microsoft has swept IE under the rug, so it’s way more susceptible to malware. To be sure it doesn’t interfere with your malware mission, press Alt+T to bring up the Tools menu, select Windows Defender SmartScreen Filter, and turn that feature off.That’s it! You’re free to surf all the web, not just the places your killjoy browser permits. Check out shady links, raunchy blogs, sites offering free screensavers, anyplace you can imagine.At PCMag, we infect computers with malware deliberately, to test security products, and we have our own methods for collecting malware samples. If you’re impatient to get the malware party started, there are plenty of resources available to the public. Check out the Contagio Malware Dump site or this list of malware-hosting sites curated by a security expert. Bear in mind, though, that you’ll miss out on the fun of wrestling malware in the wild.Click All the Links!OK, you’ve removed the obstacles to acquiring a malware infection. Now what? Where’s the malware?The first place to look is your email account. Skip those familiar emails from your boss and your Aunt Mabel. Look for oddball messages from unfamiliar folks. If you don’t find them, check the junk mail folder. When you find an offer to meet a Kranjovian bride or receive millions from your long-lost Brungarian cousin, click the link to see what they want to show you.
(Credit: PCMag)
If the web page indicates you need to install a new video codec or driver or whatever, go right ahead! It might be a boring update, but it could also be some cool malware. If you don’t see anything interesting, don’t give up. Some malware works behind the scenes. But if you’re lucky, you might see an entertaining screen like the one above. Alas, Dudley Do-Right of the RCMP isn’t really chasing you. This malware is just bluffing.Don’t stop with links in your email messages. If you see a weird ad while surfing the web or scrolling through social media, seize the bait! It might be just some offbeat new product, but it might also be a hacker trolling for PCs to infect with malware.
(Credit: PCMag)
As you travel the byways of the web, you may find yourself confronted with a big antivirus warning. Weird, since you neutered your antivirus protection, right? But it’s actually cool. Real antivirus products don’t get in your face unless you install them. You’ve scored a scareware installation, most likely. Typically, it’ll scan for malware at no charge, way faster than real security software, and then ask you for cash to disinfect what it “found”. Far from removing malware, it probably planted some goodies for you to enjoy later.Get Free Storage With Free MalwareYou don’t pay for USB thumb drives, do you? I mean, people are giving them away all over the place. Go to a boring lunch about timeshares, you get the prospectus on a thumb drive. Your kids may bring homework from school on a thumb drive. If you can wangle your way into the Press Room at Black Hat or another security conference, you’ll find a wealth of press releases on thumb drives. The security wonks think they’re too smart to take them, which just leaves more for you.You’ve heard the expression, “See a penny, pick it up, all the day you’ll have good luck.” Surely, it’s even better luck to find a thumb drive on the sidewalk or in the parking lot! Grab that sucker and plug it right into your computer.
The Top Antivirus Software We’ve Tested
Most USB malware is courteous enough to launch automatically when you plug in the drive. If nothing launches, explore what’s on the drive to see what kind of interesting programs are waiting for you to activate them.If you’re using an older computer, you could be in for some free fireworks. Originally demonstrated at Black Hat years ago, now marketed as a tool for testing, the USB Killer uses your computer’s own USB power to charge up its capacitors, then zaps the PC with 200 volts. If the hardware isn’t properly buffered, the results can be exciting, to say the least. The very latest USB Killer device carries its own battery, so it can “test” even a turned-off PC.Don’t be disappointed if the thumb drive doesn’t seem to contain anything interesting. Some super-tricky ones lie to your computer, saying, “I’m a keyboard!” They go on to “type” commands that secretly take over your computer, without any visible evidence. And, if nothing else, you got yourself a free thumb drive!The Joy of RansomwareMalware that pretends you’re wanted by the Mounties or the FBI can liven up your day. Adware’s flashing plethora of ads can be as entertaining as a kaleidoscope. And your heart surely pounds with a frisson of alarm and excitement when you find that a banking Trojan has emptied your account. But there’s nothing to compare with a full-blown ransomware attack, especially when you’ve disabled any dreary ransomware protection that might be cluttering your PC.
(Credit: PCMag)
Basic file encryption ransomware can be entertaining. After it has encrypted your documents, it typically displays a colorful ransom note in one or more different ways. Some types change your whole desktop to a ransom note. Others display the note in your browser, or in Notepad. You get to decide whether to go through the cloak-and-dagger ransom payment process or to enjoy starting fresh, without the baggage of those tedious old documents.File encryptors are OK, but for real heart-pounding thrills, you want a whole disk encryptor like the infamous Petya ransomware. Watching Petya in action is a gripping experience, like watching a spy movie.First, it reports a system crash, and it looks exactly like the real thing. You wait, in suspense, while it (supposedly) creates the crash report. Then it reboots the system. On reboot, you see a plain text screen warning that CHKDSK is repairing the file system and that if you turn off the PC you could destroy all your data.
But surprise! That’s not CHKDSK, it’s Petya. And it’s not fixing your file system, it’s encrypting the whole disk. When it’s done, a flashing red/white skull image offers a colorful clue that you’ve got real trouble.When you tap a key, the skull changes to a garish (but non-flashing) ransom note. Alas, this may be the end of your malware experiments, unless you choose to pay the ransom and hope for the best. But you certainly went out with a bang!Take the Safe, Boring PathWhat’s that you say? You like it when using your computer is boring? You don’t want to experience the excitement that comes when you invite malware into your life? Fine. You’re free to rejoin the sheeple herd. But even while you’re busy putting your blinders back on, you can get some use out of this article. Just follow all the steps and suggestions, but in reverse.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Neil J. Rubenking
Lead Analyst for Security
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.In the early 2000s I turned my focus to security and the growing antivirus industry. After years working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.
Read Neil J.’s full bio
Read the latest from Neil J. Rubenking