The security checks and all instructions and tools on this page are available free of charge. Individual products may be licensed for longer term use.

Depending on the Internet provider, the affected customers are notified via different channels (online, e-mail, letter, SMS).

Because Internet providers do not access your computer, malicious software that operates only locally and does not attract you to the outside can not be detected by your Internet provider.

Neither your internet provider nor other SISA cooperation partners will collect personal information about you or your computer as a result of this initiative. This initiative aims to reduce the risk of malware damage in Switzerland. In case of an infestation, your Internet provider will detect certain behavior patterns of your computer in their networks, or your computer (or IP address) will catch on to other Internet services through specific bot communication. If so, your internet provider will contact you. Internet providers are required by law to identify ports for 6 months based on their IP address.

Check your computer with our security checks.

Botnets are augmented by installing a “bot” on an uninfected computer. This can be done in different ways.

Infected emails
An e-mail asks the user to open an attached file containing the malicious code or to click on a link pointing to an infected web page. If he follows the request, a malicious program will be installed on his computer, which can make this part of a botnet. These calls are often made via deceptive emails that are getting more and more professional. Thus, such an e-mail pretend to come from your own bank or similar.

Downloads
The malicious program is linked to a program that is available for download on the Internet. Anyone downloading this program infects their computer with the malware. This coupling of a malicious program to a useful application is called a Trojan horse (“Trojan horse”). This usually happens with illegal download programs. For security reasons, legal and legitimate programs should only be downloaded from the manufacturer’s original website and verified with a virus scanner.

Exploits
The infection using this method exploits security vulnerabilities and errors in applications, in the browser or in the operating system itself. Exploits are activated, for example, when the user clicks on a prepared link; In a drive-by attack, they can also be triggered automatically when a web page is called up.

Drive-by attack
A drive-by attack refers to the unconscious downloading of software onto a user’s computer. Among other things, this refers to the unwanted downloading of malicious software solely by visiting a specially prepared website. Unfortunately, not attacking shady sites, unfortunately, only partially protects, as it hackers always manage to manipulate legitimate websites.

Cybercriminals automatically scour the Internet for potential victims. Your computer is likely to have vulnerabilities or vulnerabilities that allowed attackers to install malicious software. As soon as you use a computer on the Internet, you are exposed to all dangers. It is therefore important that you have implemented all our safety recommendations as completely as possible.

The following tips should be noted for your safety.

• Beware of attachments in emails. Never open attachments from senders you do not know. If in doubt, ask the sender.
• Equip your devices with the latest security defences: Install always all updates
• Beware of unknown web pages: You can install and run malicious programs on your computer just by visiting a page.
• Use strong passwords (at least 12 - 14 characters, uppercase and lowercase letters, numbers and special characters).
• Make regular backups of your personal data (such as documents, pictures, music) on an external medium.
• If you use a Wi-Fi, especially a public one, pay attention to encrypted transmission of the data.
• Do not install software from unknown, questionable sources, especially if it is offered for free.
• Be suspicious of free offers such as fast money or free travel, as well as unknown links, attachments, or pictures in popular social networks such as Facebook, Twitter or Instagram or Messengers such as Whatsapp or Facebook-Messenger.

You can find more detailed information under Safe Devices.

Use…

• at least 12-14 characters
• Numbers, upper and lower case letters as well as special characters
• no keyboard sequences, no private data, no dictionary words, i. the password should not make sense
• a different password for each service
• do not write down the password and do not save it unencrypted
  

Further information…

Use a password manager.

Further information…

The term malware or malware refers to a program that performs unwanted or hidden functions (e.g., erase, destroy or alter data) on the affected computer. Malicious programs are fully functional and often self-contained programs that are created and distributed by savvy programmers with criminal intentions. Malicious programs are

• Virus
• Worms
• Trojans
• Bots
• Dialer
• Scareware
• Grayware

A botnet is a network of Internet-enabled devices (PC, Mac, smartphone, tablet, router, TV, NAS, etc.) that are infected with malware and then plugged together.

Once connected to the Internet, a botnet can respond to remote commands from cybercriminals. The individual computers are called “bot” or “zombie”. In principle, a bot is the damaging program itself, but its meaning is also associated with the system.
The network connectivity and local resources of affected computers are used without the knowledge of the owners of cybercriminals for different purposes: Thus, the own computer unnoticed for sending spam can be abused, but also the execution of DDoS attacks or phishing, so the collection of personal data and Passwords, is possible.
Botnet operators want to hijack as many computers as possible to increase the resources available to them. They not only use the botnets themselves, but also rent them on the criminal market. The botnet increases itself and keeps itself alive by spreading the malware and infecting other computers.
It is believed that up to a quarter of all computers worldwide are part of a botnet. Switzerland is attractive for botnets, not least because it provides a high-performance Internet infrastructure. The botnets themselves serve as the infrastructure for cybercrime and are one of the largest sources of illegal Internet revenu

Criminals who spread bots want to go undetected. This also applies to the bots that are active on millions of computers worldwide. The first signs of an infestation are a deteriorated Internet or computer speed, unwanted page views and advertising or even that you can no longer access pages with the popular browsers (Internet Explorer, Firefox, Opera). However, infected computers do not necessarily have to show these symptoms. Users often do not notice at all or very late that their computer has become part of a botnet.

A cleaner is a program that allows you to scan and clean your system for the latest bots. A cleaner does not replace the permanent installation of an anti-virus program.

Second Opinion Scanners are specifically designed to remove an existing malware infection or to confirm a suspicion that the computer may be infected. An installed anti-virus program, which usually runs in the background, is primarily intended to prevent infection of the computer in advance. It also allows a profound investigation of the system.

Depending on the amount of data and installed programs, the check may take a different amount of time. Usually it takes a few minutes on a modern system.

The safest solution is to completely reinstall the operating system. In any case, after successfully removing the findings, you should restart your computer and rescan. In any case, pay attention to the preventive measures.

Infection can never be ruled out with absolute certainty. No product can guarantee a 100% detection rate. But if you went through our "Sicherheits-Checks" and have taken all precautions, they are best protected.

There are several options here, depending on whether you have a complete PC or your own compilation. If you have an installation CD / DVD, insert it and boot from the CD / DVD. Further instructions for reinstallation can be obtained from the manufacturers of the operating systems. If you do not have an installation CD / DVD, try recovering from the recovery partition. For further instructions, refer to your manuals or contact the manufacturer of your system Windows 8 / Windows 10.

On a computer running Mac OS or Linux, the risk of infection has traditionally been lower as cybercriminals have so far primarily attacked Windows computers. Meanwhile, however, there is also increasing malware for Mac OS. Also, Mac OS or Linux users should install an anti-virus program specifically for Mac OS or Linux to protect them.

IP (Internet Protocol) Address is an address of your network hardware. It helps in connecting your computer to other devices on your network and all over the world.

An IP Address is made up of numbers or characters. An example of an IP address would be: 506.457.14.512

All devices that are connected to an internet connection have a unique IP address which means there’s a need of billions of IP addresses.

An antivirus software is a virus scanner that detects and removes current and known malware such as viruses, worms, trojans, etc. An antivirus programme belongs on every computer. Today, several malware programmes enter circulation worldwide every minute. Antivirus software looks at data — web pages, files, software, applications — traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.

Be careful which antivirus protection you download onto your device. Among the free programmes there is also fraudulent software. The independent test institute AV-Test regularly tests the most popular anti-virus programmes. By the way, never run two antivirus programmes on your computer at the same time. There is a danger that they will block one another.

Bluetooth is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves.

Bluetooth is a short-range wireless communication technology that uses radio waves to transmit information, much like WiFi. But where that wireless standard operates semi-permanent networks and can do so over a vast distance, Bluetooth is typically more limited and personal than that.

Bluetooth works by sending information over ultra-high-frequency radio waves . It works between the 2.4 and 2.485 GHz frequencies, much like many Wi-Fi devices do, which can create problems with interference when both technologies are running simultaneously.

Where Wi-Fi operates asymmetrically Bluetooth typically works symmetrically, with one Bluetooth device connecting to another. Up to eight devices can be connected on a single personal area network.

The term bot, from the English word for “robot”, describes a computer program that usually performs its own repetitive tasks without being dependent on user interaction. Harmful bots can i.a. used for email spam or DDoS attacks. However, the term bot is also associated with computer systems running damaging bots.

Botnets are networks of several interconnected bots. For details, please read the corresponding article on the page “Technical Questions”.

Browsers are programs for displaying web pages on the Internet (WWW). The most popular browsers include Google Chrome, Microsoft Internet Explorer/Edge, Mozilla Firefox, Apple Safari and Opera.

A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Attackers let a computer do the work – trying different combinations of usernames and passwords, for example – until they find one that works.

The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all. A supercomputer can input 1 trillion combinations per second. With that amount of power, a hacker can reduce the time it takes to try 2.18 trillion password/username combinations (an 8 digit password) to just 22 seconds!

Today, individuals possess many accounts and have many passwords. People tend to repeatedly use a few simple passwords, which leaves them exposed to brute force attacks. Also, repeated use of the same password can grant attackers access to many accounts. Such cyberattacks account for roughly 5 percent of all data breaches.

Strong passwords protect you from brute force attacks.

CEO fraud is a sophisticated email scam that cybercriminals use to trick employees into transferring them money or providing them with confidential company information.

Cybercriminals send savvy emails impersonating the company CEO or other company executives and ask employees, typically in HR or accounting to help them out by sending a wire transfer. Often referred to as Business Email Compromise (BEC), this cybercrime uses spoofed or compromised email accounts to trick email recipients into acting.

CEO fraud is a social engineering technique that relies on winning the trust of the email recipient. The cybercriminals behind CEO fraud know that most people don’t look at email addresses very closely or notice minor differences in spelling.

These emails use familiar yet urgent language and make it clear that the recipient is doing the sender a big favor by helping them out. Cybercriminals prey on the human instinct to trust one another and on the desire to want to help others.

A content management system (CMS) is software for providing website content. With a CMS, not only programmers but also ordinary computer users can create and publish web content.

DoS Attack is the generic term for attacks on the availability of network services, mostly Internet services, such as Internet access. Web or DNS server.

The most common DoS attacks are:

a) email bombing; Sending a large number of e-mails to a recipient. Objectives of the attack are the recipient, by very long waiting times, or crash his system and the e-mail server, by increased load, or crash the e-mail system).

b) e-mail list bombing; Subscribing to a large number of mailing lists to a foreign e-mail address.

c) Distributed DoS (DDoS); DoS attack, which is performed synchronized by many systems.

In general, poorly protected systems with direct Internet connection and large bandwidth are used for such attacks. Small programs, so-called agents, are implemented on these systems and coordinated from a central point via so-called handlers.

The Internet is a giant network of computers. To identify them, each computer is assigned an IP address, which is a series of numbers.

A series of numbers is quite difficult to remember. Domain names were invented to solve this problem. Now if you want to visit a website, you don’t need to enter a long string of numbers. Instead, you can visit it by typing an easy to remember domain name in your browser’s address bar.

Think of it like a mobile phone: you want to call your mother, so you simply click on your contact "Mom" and your phone dials your mother's phone number. Domains are connected to IP addresses in much the same way.

In a drive-by attack, Internet users are infected with the malware when they visit a website where the attackers have placed malware.

It usually exploits vulnerabilities in the browser and plug-ins of the visitor to infect the computer. Such a process happens without the user being aware of it.

A firewall is a software that monitors the flow of data between two networks (e.g., the computer and the Internet) and filters or blocks them using given rules.

A firewall can e.g. make it difficult for you to access your computer over the Internet and increase the security of your computer. Some routers have already integrated a firewall.

A hosting provider makes a server available with a wide range of services, such as processing the data necessary for operating a website.

Internet service provider (ISP), company that provides Internet connections and services to individuals and organizations.

In addition to providing access to the Internet, ISPs may also provide software packages (such as browsers), e-mail accounts, and a personal Web site or home page. ISPs can host Web sites for businesses and can also build the Web sites themselves. ISPs are all connected to each other through network access points, public network facilities on the Internet backbone.

Malware (= malicious software) is the umbrella term for malicious programs that run unnoticed in the background of the user.

Put simply, malware is any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess. Viruses, Trojans, spyware, rootkits and ransomware are among the different kinds of malware.

Malware is often created by teams of hackers: usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark Web. However, there can be other reasons for creating malware too — it can be used as a tool for protest, a way to test security, or even as weapons of war between governments. More about malware.

An operating system is the most important software that runs on a computer. It manages the computer's memory and processes, as well as all of its software and hardware.

It also allows you to communicate with the computer without knowing how to speak the computer's language. Without an operating system, a computer is basically useless.

Modern operating systems use a graphical user interface, or GUI (pronounced gooey). A GUI lets you use your mouse to click icons, buttons, and menus, and everything is clearly displayed on the screen using a combination of graphics and text. Each operating system's GUI has a different look and feel, so if you switch to a different operating system it may seem unfamiliar at first. The three most common operating systems for personal computers are Microsoft Windows, macOS, and Linux. But not only computers have operating systems, other devices like smartphones have them too. The most common smartphone operating systems are Android and iOs.

A patch is a small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.

Phishing is an attempt to gain access to personal information about an Internet user through fake websites, e-mails or short messages in order to commit identity theft. Further information on phishing.

A port is a number used to uniquely identify a transaction over a network by specifying both the host, and the service.

The Port is like a more precice address of your computer’s IP address. It is necessary to differentiate between many different IP services, such as web service (HTTP), mail service (SMTP), and file transfer (FTP).

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.

Ransomware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Typical attacks usually ask for $100 to $200. Other attacks seek much more, especially if the attacker knows the data being held hostage can cause a significant direct financial loss to a company. As a result, cybercriminals who set up these scams can make big sums of money.

No matter what the scenario, even if the ransom is paid, there is no guarantee that computer users will be able to fully access their systems again. While some hackers direct victims to pay through Bitcoin, MoneyPak or other online methods, attackers could also demand credit card data, adding another level of financial loss.

Don’t pay the ransom. Keep in mind, you may not get your files back even if you pay a ransom. A cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

Computer viruses and other malware are real threats. And rootkits might be the most dangerous, both in the damage they can cause and the difficulty you might have in finding and removing them.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.

Rootkits can contain a number of tools, ranging from programs that allow hackers to steal your passwords to modules that make it easy for them to steal your credit card or online banking information. Rootkits can also give hackers the ability to subvert or disable security software and track the keys you tap on your keyword, making it easy for criminals to steal your personal information.

Because rootkits can hijack or subvert security software, they are especially hard to detect, making it likely that this type of malware could live on your computer for a long time causing significant damage. Sometimes the only way to completely eliminate a well-hidden rootkit is to erase your computer’s operating system and rebuild from scratch.

A modem router is a device that communicates between the internet and the devices in your home that connect to the internet. As its name implies, it “routes” traffic between the devices and the internet.

A typical home has a range of internet-connected devices — personal computers, tablets, smartphones, printers, thermostats, smart TVs, and more. Your router enables them to form a network, either a LAN (Local Area Network) or a W-LAN (Wireless Local Area Network). Without a router, you could only connect one device to your internet.

But the router does more: It directs incoming and outgoing internet traffic on that network in the fastest and most efficient way. When you are looking up a website in the internet the router makes sure the information is delivered quickly and to the correct device. The more devices (smart Internet of things) you add the bigger gets the task of your router.

Your router and your devices aren’t the only components on your home network. Routers use a modem such as a cable, fiber, or DSL modem to allow communication between other devices and the internet. Today most modern routers have a modem integrated.

Scare ware includes programs that are designed to fool the computer user into a danger that does not exist.

The most famous form is counterfeit antivirus software, which indicates that there are countless viruses on the computer. However, to remove the alleged pests, the user should purchase a paid program. The goal is to exploit the fear of computer users and to earn money with the fake anti-virus software.

Social engineering is a common method of manipulating people so they give up confidential information. Attack target is always the human.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

In order to obtain confidential information, it is very often the good faith and the helpfulness but also the uncertainty of a person exploited. From fake phone calls, to people pretending to be someone else, to phishing attacks, anything is possible.

Social networking sites have made social engineering attacks easier to conduct. Today's attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.

Social Media refers to all social networks in which participants share ideas, thoughts, pictures, videos and informationon on a platform with one another. Usually, anyone interested can participate in such communities, usually for free. On such platforms, it is customary to make public a profile and contact information. The aim is to communicate and establish and maintain personal or business contacts. The best-known social networks include Facebook, Instagram, Twitter, Tictoc, Snapchat, Xing, LinkedIn, etc.

E-mail spam describes mass unsolicited e-mailing of promotional content.

Email spam often contains infected attachments or links that lead to infected web pages. More about spam mail in E-Mail-Security.

“To spoof” means to trick or deceive and is an apt description. Criminals send emails with the intent to deceive recipients with phishing or blackmail schemes.

This is done, for example, by sending emails from fake sender addresses which may look like trusted and known sender addresses. Cyber criminals register domains for this purpose which are very similar to the imitated sender addresses and, at first glance, do not raise any suspicions.

Another method used by hackers is the manipulation of email headers. Here, the Sender field is changed so that it is hard, or impossible, to distinguish it from the original.

This allows the sender to send messages that appear to come from a known or trustworthy source, in some cases even from your own account.

Spyware is a type of malware. It infiltrates your computing device, stealing data and sensitive information.

Spyware is used for many purposes. Usually it aims to track your internet usage data, capture your credit card or bank account information, or steal your personal identity. Spyware is like a mirror for criminals. It monitors your internet activity, tracks your login and password information, and spies on your sensitive information.

Some spyware install additional software or change the settings. It’s important to use secure passwords and keep your devices updated.

Spyware can affect PCs, Macs, and iOS or Android devices. Although Windows operating systems may be more susceptible to attacks, attackers are becoming better at infiltrating Apple’s operating systems as well. Some common ways your computer can become infected:

• Accepting a prompt or pop-up
• Downloading software from an unreliable source
• Opening email attachments from unknown senders
• Pirating media such as movies, music, or games

A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.

A Trojan seeks to deceive you into loading and executing the malware on your device by acting to be a desired game or the song you like so much. You might also for example think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device.Once installed, a Trojan can perform the action it was designed for.

Trojans usually are employed by cyber-thieves and hackers trying to gain access to users' systems. They can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

A computer virus (Latin virus, poison, Schleim ‘) is a self-propagating computer program, which infiltrates into other computer programs and thus reproduces itself. The classification as a virus refers here to the distribution and infection function.

Once started, it can make uncontrollable changes to the status of the hardware, the operating system or other software (damaging function). Computer viruses can interfere with computer security by the creator desired or unwanted functions and count to Malware.
The term computer virus is colloquially also used for worms, ransomware, rootkits, spyware and trojans, since there are often mixed forms and for users the difference is barely recognizable.

A wireless local area network (WLAN) is a wireless distribution method for two or more devices that use high-frequency radio waves and often include an access point to the Internet.

A WLAN allows users to move around the coverage area, often a home or small office, while maintaining a network connection.

The WLAN transmits radio frequency signals at 2.4 GHz and 5 GHz. It functions similar to a radio, but is able to send and receive. The WLAN is normally built up by a router. A big variety of devices can be connected to it such as desktop computers, workstations, laptop computers, smartphones, refrigerators or smart lights.

WLAN should not be confused with the Wi-Fi Alliance's Wi-Fi trademark. Wi-Fi is not a technical term, but is described as a superset of the IEEE 802.11 standard and is sometimes used interchangeably with that standard.

A worm is a program that copies itself to another computer (independently executable). A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

Computer worms can arrive as attachments in spam emails or instant messages. Once opened, these files can provide a link to a malicious website or automatically download the computer worm.

Worms can modify and delete files, and they can even inject additional malicious software onto a computer. Sometimes a computer worm’s purpose is only to make copies of itself over and over — to overload a device or network. In addition to wreaking havoc on a computer’s resources, worms can also steal data and allow a hacker to gain control over a computer and its system settings.

A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.

The curriculum vitae of a vulnerability can basically be divided into 4 time periods:

1 Seemingly safety gap-free section

2 A vulnerability is detected by someone and, if necessary, reported to the manufacturer of the program. At best, he also writes an attack program or sells this information to intelligence agencies or criminals.

3 The manufacturer develops an error correction (patch) depending on the significance of the vulnerability (only 60% – 80% of the published vulnerabilities are patched) and publishes the error correction – possibly together with the (previously unpublished) vulnerability. (Bug fixes can also contain security holes!), until the user finally installs the patch (possibly after a compatibility check).

4 Attack programs are also generated automatically from error corrections within a very short time (minutes). Thus, the update procedures of the manufacturers become serious security risks for the users.