You’re not going to like the answer to this one.
There may be no signs at all. It’s possible for a machine to be compromised even though it seems to be working properly.
That’s why we need help.
The goal of most malware is to hide
Hiding is the holy grail of malware: to be able to do something malicious without being caught.
“Malicious” can literally mean anything. Malware that sends spam, steals your information, or monitors your activity would like very much to never, ever be caught. To that end, such malware uses techniques that minimize any signs of its presence. It hides, and tries to hide for as long as it possibly can.
If written properly, malware might not do anything noticeable during normal computer use.
There would be no signs at all.
The goal of some malware is to cause trouble
Other malware is more obvious — but often not until it’s too late.
For example, malware that encrypts your files and extorts a payment for recovery — ransomware — clearly wants to be discovered, just not before it has done its damage. While it encrypts your files, it might do so in a way that is virtually undetectable to you or me. Some ransomware minimizes its impact by performing the encryption slowly, taking days or weeks to complete the task, at which point it presents its demands.
Other malware doesn’t really want to be discovered, but discovery is an inevitable side-effect of its more explicit goal. As soon as your files are missing, your network connection overrun, or other malicious impacts, it becomes clear you have a problem.
Some malware is just poorly written
Fortunately, a lot of malware is easy to spot, regardless of its goals. Staying stealthy is hard, and not all malware authors are up to the task. As malware has transitioned from an annoyance to a business, it has certainly become more sophisticated. Still, the vast majority of malware is relatively easy to spot with the right tools.
But just because “most” might be easy to spot doesn’t mean all are.
Your own observations are the worst
You cannot and should not rely on what you see happening on your computer as a way to detect malware. Chances are you’d be very, very wrong.
As I’ve said, malware tries to hide, and if well constructed, can do a pretty good job of it.
What I see more often is the reverse: people who are concerned — even convinced — that they have malware, or are being spied on, when they are not. The clues they see are frequently explained by significantly more mundane and less nefarious causes.
Using the right tools
Since you can’t rely on yourself as a “malware detector”, you need to rely instead on three things:
- Rely on yourself as a “malware avoider”.1 Understand what it means to be safe on the internet. Don’t put yourself into positions where you are likely to allow your machine to be compromised in the first place. You are the first line of defense when it comes to staying safe.
- Rely on your anti-malware tools for detection. Make sure you’re running anti-malware tools, and that they are up-to-date. That also means keeping all your software up to date, including the operating system and the applications you run.
- Rely on your backups for recovery. When, not if, “stuff” happens, you’ll be able to undo the damage done to your files and other important data by recovering from your backups.
There are no guarantees
There is simply no way to guarantee 100% safety. There just isn’t.
Technology is a lot like life that way. Getting out of bed in the morning involves risk2; using your computer involves risk.
There’s no guarantee you’ll notice malware.
All you can do is reduce the risk and stack the deck in your favor with good behavior and good tools.
And backups. Always backups.