What You Can Do to Avoid Fake Antivirus and Other Malware
NEVER click a link in an email unless you totally trust the sender and can reasonably verify the message IS from the sender. Doing this is bad for a couple of reasons. One is that it might download something you certainly don’t want. The other is that it tells the scam artist that he’s got a valid rube.
If a website sounds dubious, or your web browser gives you an alarm about the site, don’t visit it!
If you want to visit such a website anyway, turn your web browser into a battle cruiser. Use FireFox and arm it with No Script. Then if you get into trouble, the onus is all on you.
Use popular, name-brand antivirus software and keep it updated.
If you're not sure that you can correctly spell the name of a website, try searching for the website in Google before you try typing it in. If you're reasonably close, Google will ask you, "Did you mean . . . " Much malware is distributed by and many phishing sites rely on misspelled web addresses.
If you run a Windows PC, run Windows Update and then set it to automatically download updates at some time the machine is actually on. (The default in Vista is 3:00 am.)
Be supremely suspicious if you're using Internet Explorer and a website wants to install an Active-X control or application. Small websites should never need to do this, and I can only think of a few mega-sites that would.