Even though VPNs (Virtual Private Networks) have been around for years, there’s still a lot of confusion about how they work and what they do.
Some people have gotten the impression that they’re a security measure similar to a firewall or anti-malware (antivirus) software, protecting their device from malware.
Is this true?
Does a VPN protect you from malware?
If you’ve used a computer for more than a week, you’ve heard about malware, or at least viruses, a type of malware. Malware is a generic term for malicious software. What can malware do?
- Steal data
- Delete data
- “Lock” your files and prevent you from using them (ransomware)
- Spy on you (including audio and video)
- Damage hardware
- Use your device to send spam or malware
Does A VPN Protect You From Malware – Uncovering The Truth
Obviously, malware is something you want to avoid. And people have heard that a VPN (Virtual Private Network) is a good way to protect themselves online.
So, some people think VPN protect them from malware.
This isn’t true (with only one exception I’m aware of, which I’ll explain later).
A VPN simply reroutes your Internet traffic. Normally, your traffic goes from your device to your ISP (Internet Service Provider; a company like Comcast, Spectrum, or AT&T), which is probably in or near your city. From there, your traffic then goes out to the public Internet.
A VPN creates a secure, encrypted tunnel between your device and the VPN node, which could be in another city, state, or country.
So, your VPN just moves the place where your traffic joins the public Internet; it doesn’t provide additional malware protection.
Any site you visit will be as safe, or as dangerous, as it would be without going through a VPN.
Imagine there was a concrete tunnel from your front door to the front door of your best friend’s house. You’d feel safe going back and forth, knowing that no one would bother you as you walk. Now imagine that the tunnel goes from your front door to a prison yard, where inmates walk freely. The tunnel would still protect you from people outside the tunnel, but it wouldn’t protect you from any inmates who choose to walk to your house.
In this analogy, the tunnel is the VPN. Your friend’s house is a safe website that you visit. The prison yard is a potentially dangerous website that you visit. Just as the tunnel doesn’t restrict travel within it, a VPN doesn’t stop anything malicious from sites that you visit.
Because a VPN doesn’t protect against malware, even when you use a VPN, you still need to use caution online, use a secure browser, and keep your firewall and anti-malware enabled (whether that’s built into your operating system or third-party software). If you use a Mac, here’s the best Mac anti-malware.
How Does A VPN Protect You Online?
So, what good is a VPN if it doesn’t block malware?
A VPN protects your traffic from being eavesdropped between you and your connection to the public Internet. It’s especially useful when you’re using public Wi-Fi, such as at a coffee shop or airport, because it prevents others who are using that Wi-Fi from seeing your traffic.
Also, ISPs usually log your Internet activity, so if you want to keep your ISP from tracking you, that’s another reason to use a VPN.
I’m aware of one major VPN provider that does protect against malware, in a way. NordVPN has a feature called CyberSec. When you try to visit a website, it checks a blacklist of sites that are known to host malware. If the site you want to visit is on the blacklist, it will block you (though you have the option to proceed). This feature is more of an Internet filter than true anti-malware, because it isn’t scanning files or network activity for malware, it’s just blocking blacklisted websites (based on DNS).
Other VPN providers use a similar DNS-based blacklisting approach or have anti-malware build into the VPN client (the software you install on your device to use the VPN). However, since I haven’t researched these VPN providers, I’m not going to link to them.
The fact remains that, in general, VPNs do not protect against malware.
What You Should Do
- If you need a VPN, see my post about choosing a VPN service. I like ProtonVPN and Private Internet Access (PIA). If you want a VPN that will block access to malicious sites, check out NordVPN.
- Even when you use your VPN, use caution online, use a secure browser, and keep your firewall and anti-malware enabled (whether that’s built into your operating system or third-party software).
ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.
Private Internet Access provides state of the art, multi-layered security with advanced privacy protection using VPN tunneling. It helps block unwanted connections, hide your IP address, and defend yourself from data monitoring and eavesdropping.
TorGuard protects you from hackers, net censorship, identity theft, and ISP's monitoring activities. It provides easy to use services that protect your online identity.
ExpressVPN hides your IP address and encrypts your network data so no one can see what you're doing. You can access any content, no matter your location using ultra-fast VPN servers.
TunnelBear encrypts your internet connection to keep your online activity private and anonymous. It's very easy to use for both consumers and teams.
Windscribe helps you browse the web privately as it was meant to be. It encrypts your web activity and blocks ads for a better web browsing experience.
SurfShark enables you to access the Internet anonymously. It prevents malware and phishing attempts, and blocks ads for a better web browsing experience.