Back in the early days of personal computers, every user needed a goodly dollop of technical expertise. System won’t start? Open the case and reseat all the expansion cards, perhaps, or polish the terminals with a pencil eraser. Ask for help during question time at the PC Users’ Group meeting. Try tweaking some settings in the CONFIG.SYS file. Fun stuff! But that era is long gone. Modern computing devices just work, most of the time, which can be so boring. Here’s a thought to spice up your life—why not get your computer infected with malware?
What if you turned on your computer and it flashed a warning that the FBI is investigating you? Or opened your browser only to confront a blizzard of fun and colorful ads? Who knows, maybe your computer could be among the zombie army enlisted by a bot herder to take down a major website! Wouldn’t that be cool?
In truth, if you want to open yourself to the full malware experience, you’re going to have to do a little work. Modern operating systems and computers are just too darn nanny-state protective, and just about every new computer comes with a security suite preinstalled. Here are some tips to ease you into this exciting world.
Pick the Right Device
Love your Mac? Your iPad Pro? Well, for now, you’ll have to put them aside. There’s no doubt that malware for macOS exists, but you could get old and gray waiting around for an attack to hit. As for iOS, forget about it! Everything that makes macOS trouble when you’re trying to get malware goes double for iOS.
What you need is a good old PC, running Microsoft Windows. The older the Windows version the better; newer editions have some annoying built-in security features. If you can find a box running the antiquated Windows 95, that’s golden! Microsoft ended support for this precious antique operating system in 2001, and hackers have had years to exploit it.
If you can’t come up with a Windows device, go for Android. That’s what the malware writers do! Lots of Android devices get stuck at an old Android version because the vendor doesn’t support updates, including security updates. Lollipop, anyone? Android fragmentation means that there are a lot of vulnerable phones out there.
Evade Malware Protection
If you’re trying for the malware infection experience, obviously you don’t want malware protection installed. That would defeat the whole purpose! But hold on, don’t just delete your antivirus; it’s not as easy as that.
See, Microsoft really really wants you to have some kind of antivirus protection. If Windows 10 detects that you don’t have any other antivirus running, it automatically turns on Microsoft Windows Defender Security Center. In the past, that wouldn’t have been a problem, because Windows Defender was so lame. But unfortunately, the latest version is showing better test results.
You might think you can turn off Windows Defender by digging into security settings and turning Real-time protection off. However, Defender keeps running scheduled scans, so that’s not a real solution. Yes, if you’re a PC wizard you can edit the Registry to put a stake through Windows Defender’s heart. Are you a wizard? I didn’t think so.
Your best bet is to check our reviews of antivirus software and pick one with a poor score. You can also try keeping the antivirus program active, but disabling scheduled scans and real-time protection. Better yet, use an older version of Windows, one without all the security padding.
Tell the Browser to Shut Up
Modern browsers think they know everything. Download this, but don’t download that. This website is OK, but you can’t go to that one. Throw off the tyranny of the browser! You’re the one in charge, after all.
Naturally, the way you escape oppression differs between browsers. In Chrome, click Settings from the menu, click Advanced, and just turn off everything under Privacy and Security. If you’re partial to Edge, choose settings from the menu, click View advanced settings, scroll to the bottom, and turn off Windows Defender SmartScreen.
Firefox users should click Options, select the Privacy & Security tab, and un-check the box titled Block dangerous and deceptive content. On old-school Internet Explorer, press Alt+T to bring up the Tools menu, select Windows Defender SmartScreen Filter, and turn that feature off.
That’s it! You’re free to surf all the web, not just the places your killjoy browser permits. Check out shady links, off-color blogs, sites offering free utilities, anyplace you can imagine.
At PCMag, we infect computers with malware deliberately, to test security products, and we have our own methods for collecting malware samples. If you’re impatient to get the malware party started, there are plenty of resources available to the public, among them the Contagio Malware Dump site and the KernelMode.info malware discussion forum.
Click All the Links!
OK, you’ve removed the obstacles to acquiring a malware infection. Now what? Where’s the malware?
First stop—your email account. Skip those familiar emails from your boss, and your Aunt Esther. Look for oddball messages from unfamiliar folks. If you don’t find them, check the junk mail folder. When you find an offer to meet a Russian bride, or receive millions from your long-lost Nigerian cousin, click the link to see what they want to show you.
If the web page indicates you need to install a new video codec or driver or whatever, go right ahead! It might be a boring update, but it could be some cool malware. If you don’t see anything interesting, don’t give up. Some malware works behind the scenes. But if you’re lucky you might see an entertaining screen like the one below. Don’t worry; the FBI isn’t really after you. This malware is just bluffing.
Don’t stop with links in your email messages. If you see a weird ad while surfing the web, take a look! It might be just some offbeat new product, but it might also be a hacker trolling for PCs to infect with malware.
Get Free Storage With Free Malware
You don’t pay for USB thumb drives, do you? I mean, people are giving them away all over the place. Go to a seminar, you get the text on a thumb drive. Your kids may bring homework from school on a thumb drive. If you can wangle your way into the Press Room at Black Hat or another security conference, you’ll find a wealth of press releases on thumb drives. The boring security wonks don’t take them, so that leaves all the more for you.
You’ve heard the expression, “See a penny, pick it up, all the day you’ll have good luck.” Well, surely it’s even better luck to find a thumb drive on the sidewalk, or in the parking lot!
Most USB malware is courteous enough to launch automatically when you plug in the drive. If nothing launches, explore what’s on the drive, see what kind of interesting programs are waiting for you to activate them.
If you’re using an older computer, you could be in for some free fireworks. Originally demonstrated at Black Hat, now marketed as a tool for testing, the USB Killer uses your computer’s own USB power to charge up its capacitors, then zap the PC with 200 volts. If the hardware isn’t properly buffered, the results can be exciting.
Don’t be disappointed if the thumb drive doesn’t seem to contain anything interesting. It could be secretly taking over your PC without any visible evidence. And, if nothing else, you got yourself a free thumb drive!
The Joy of Ransomware
Malware that pretends you’re wanted by the FBI is cool. Adware’s flashing plethora of ads can be as entertaining as a kaleidoscope. And your heart surely pounds with a frisson of alarm and excitement when you find that a banking Trojan has emptied your account. But there’s nothing to compare with a full-blown ransomware attack, especially when you’ve disabled any boring ransomware protection that might be cluttering your PC.
Basic file encryption ransomware can be entertaining. After it has encrypted your documents, it typically displays a colorful ransom note in several different ways. Some types change your whole desktop to a ransom note. Others display the note in your browser, or in Notepad. You get to decide whether to go through the cloak-and-dagger ransom payment process, or to enjoy starting fresh, without the baggage of those old documents.
File encryptors are OK, but for real excitement, you want a whole disk encryptor like the infamous Petya ransomware. Watching Petya in action is a gripping experience, like watching a spy movie.
First, it reports a system crash, and it looks exactly like the real thing. You wait, in suspense, while it (supposedly) creates the crash report. Then it reboots the system. On reboot, you see a plain text screen warning that CHKDSK is repairing the file system, and that if you turn off the PC you could destroy all of your data.
But, surprise! That’s not CHKDSK, it’s Petya. And it’s not fixing your file system, it’s encrypting the whole disk. When it’s done, a flashing red/white skull image offers a colorful clue that you’ve got real trouble.
When you tap a key, the skull changes to a garish (but non-flashing) ransom note. Alas, this may be the end of your malware experiments, unless you choose to pay the ransom and hope for the best. But you certainly went out with a bang!
Taking the Safe, Boring Path
What’s that you say? You like it when using your computer is boring? You don’t want to experience the excitement that comes when you invite malware into your life? Well, you’re missing out. But you can still get some use from this article. Just follow all the steps and suggestions, but do the opposite—while you’re at it, you might even want to start using a VPN, normie.