Do You Need Antivirus If You Only Surf Normal Websites

There is a common misconception that viruses and malware are only obtained by shady websites. If your computer becomes infected, then you must have been downloading pirated software, or surfing strange porn, right?

With that misconception in place, many users are under the impression that antivirus is unnecessary if they stick to “safe” websites. Sites like Facebook, YouTube, the New York Times – surely you couldn’t become infected on such top-tier websites. Inconceivable! (I don’t think we’re using that word correctly). Unfortunately, you do in fact stand a chance to become infected, even on such websites as those mentioned.

In this article, we will explain how your computer can be infected even on the most popular websites, and why antivirus is absolutely necessary. If you need reputable antivirus software, I’d recommend reading this review of TotalAV.

What kind of websites commonly infect users?

Cisco’s 2015 Annual Security Report showed the types of websites most likely to infect you with malware. The top of the list was “Aviation”, followed by “Media and Publishing”. Aviation could include airline websites, but most likely refers to many of the third-party travel booking websites that exist. Media and Publishing, of course, refers to news websites, and perhaps social media.

You might be wondering how you can become infected on a website like the New York Times, YouTube, or Kayak. The answer lies in advertisements. It’s become common practice for unscrupulous advertisers to inject malicious scripts in advertisements, in a practice known as malvertising. The websites aren’t necessarily to blame, it’s the way the ad business works. Ads are placed on a website by advertising networks, such as Google Adsense, Popads, and RevenueHits – just to name a few of the most popular.

How do advertisements infect users?

Pretty much anyone can buy advertising space through an advertising network. And sadly, advertisements are rarely screened for malicious redirects or scripts. The advertisements may be removed from the ad network after they’ve been reported, but people will still be infected before that happens.

One of the most common malicious ad scripts seen lately is Cryptojackers. These scripts utilize part of your CPU resources to mine cryptocurrency – which is why your CPU usage will spike while you’re on a Cryptojacker-infected webpage. You don’t even need to click on the ads – just their presence on a webpage can infect your computer, through cookies and JavaScript.

Do You Need Antivirus If You Only Surf Normal Websites?

These Cryptojacker ads became so popular, they reached YouTube through the Google DoubleClick ad network. By simply watching YouTube videos, your CPU could be hijacked by advertisements within YouTube. The only way to protect yourself is through antivirus, script blockers, and ad blockers. Unfortunately, ad blockers prevent legitimate publishers from earning revenue, which is why many websites request that you disable ad blocking software before browsing their website.

Facebook users may also fall victim to scams, viruses, and malicious advertisements. particularly through Messenger. A crypto mining virus was making its way through Facebook Messenger in 2017, though it relied on the user downloading an infected attachment in a message. The message typically came from an infected friend. This was not the last of its kind, as similar viruses continue to be spread through Facebook Messenger.

Facebook can also host malicious ads – their presence may not infect you, but clicking a malicious advertisement certainly will. Facebook “Instant Games”, such as the popular OMG! an app, can host malicious ads and links. Finally, games on Facebook are hardly moderated, except for adult content. Nearly anyone can develop a game that executes a malicious script, either through Flash vulnerabilities or JavaScript, and publish it on the platform.

Majority of malicious websites are in the U.S.

Are you still under the impression that viruses only come from porn and Russian software pirates? Here’s some news for you – security firm G-Data released a report that shows the U.S. hosts the most malicious websites, with China, Russia, and Canada coming close behind. The most malware was found on casino websites hosted within the U.S. While gambling websites may not be surprising, “Blogs” came in 2nd, Technology & Communications in 3rd, and Health came in 4th.

It’s important to remember that it is not necessarily the websites infecting your computer. It is mostly scripted in malicious advertisements. And remember, the internet is fueled by advertisements. Almost all websites belong to an ad network. Especially the most popular ones. And thus, the most popular websites, the ones you think are “safest”, are the ones where you very well could be infected.

So now answer the question for us – do you need antivirus if you only surf normal websites?