There are an increasing number of ways you can get malware (spyware, virus, etc) on your system. Here is a basic summary of the types:
- Running a program from removable media: This was the original method. You start a program that has the infection code embedded in it. In the early days, this usually involved viruses on diskette and they would let you know very quickly that you had let them loose on your computer, usually deleting or corrupting files. These attacks can still occur with CD/DVD or USB drives, but are fairly uncommon.
- Booting with infected media: You start your computer with a diskette or CD/DVD that has infected code on it. The automatically attempts to boot or run off the media, thus launching the virus.
- Opening an email: Many early viruses took advantage of programming defects in common email programs like Outlook and would be able to activate themselves when you simply opened the infected email. They would usually then access your address book and automatically propagate themselves and sending copies to all your contacts. This is a fairly uncommon method of transmission now, as most email programs have been fairly well patch, and many people are relying more on online email systems like gmail.
- Clicking on pop up windows: Many early forms of spyware gained entry into your computer via your web browser, usually using security holes in Internet Explorer. You would visit some web page that showed some kind of pop up that enticed you into clicking on it. Once clicked on, the script would gain access to your system and download its payload.
- Opening an email attachment: More modern viruses rely less on programming defects and instead use social engineering to deceive you into activating some kind of email attachment, usually containing an executable program, possibly embedded in a .zip file (archive).
- Viewing an infected file: Some very sophisticated attacks have virus code embedded in files such as graphic images or even PDF files. Most of these types of infection can be prevented by keeping your system software up-to-date with the latest patches.
- Clicking on an link: Usually coming in an email, the user clicks on a click that launches a virus from a web site. It can also happen via a web site link.
- Accessing an infected web site: The latest wave of malware involves very sophisticated attacks. It starts by infecting susceptible websites with a virus delivery sytem. Once you simply visit that infected web site, even without clicking on anything, the virus will be instantly launched, attacking your web browser to gain access to your system via programming defects or lax security. This type of infection is one of the most difficult to prevent, but is generally not that common (as it requires a website to remain infected).
Most good antivirus programs can prevent most of these attacks, as long as the software is kept up-to-date with the latest program updates. And most quality email providers automatically scan your email to check for most types of virus.