Half a million.

That’s how many popular websites were found to be susceptible to Heartbleed, a bug found in OpenSSL—a web technology responsible for encrypting passwords and other sensitive information for providers around the world—in April this year. Dubbed by Forbes Magazine as the worst vulnerability found since commercial traffic began to flow on the internet, this defect allows hackers to read sensitive information such as credit card numbers and passwords. Millions of consumers were forced to change their passwords for all of their major accounts.

The most recent bug to gain headlines truly shows the vulnerability of the system we use to run our daily lives. The “Bash Bug”—or Shellshock—affects Unix operating systems like Linux, on top of which the Android mobile operating system  and the Mac OS run.

There are many different types of security threats that roam the Internet—among them viruses, bugs, and cyber-attacks—putting users at risk. According to a Microsoft Security Intelligence Report, 16 million households in the U.S. alone have experienced malware on their devices in the past two years. Students, the most active users of the internet as per a recent Pew Research Study, are especially at risk.

It is important to understand what internet users are dealing with. On its security website, Microsoft defines viruses as “small software programs that are designed to spread from one computer to another and to interfere with computer operation.”

Viruses range from harmless pranks like the 1990s ‘cookie monster’ virus that halted progress on a computer until the user typed in the word ‘cookie,’ to veritable cyber-weapons such as Stuxnet, a program developed by Israel and the U.S. that attacked Iran’s nuclear reactors and delayed their nuclear development by years. In general, viruses are designed to corrupt or destroy data on users’ devices. Bugs like Heartbleed, on the other hand, are programming errors, similar to loopholes, which can be exploited to gain access to sensitive information, leaving millions exposed to hackers and fraudsters.

According to The Verge, the Shellshock bug exploits vulnerabilities in Bush, a shell which allows programs and users to control other computers.

“[Shellshock] allows for an attacker’s code to be executed as soon as the shell [which controls the user interface] is invoked, leaving the door open for a wide variety of attacks.” The Verge explains. Patches have been released, but many are still vulnerable.

So what can students do? Unfortunately, not much, as bugs are outside the control of users. Reading the news, changing passwords when softwares alert users to vulnerabilities, and praying for companies to issue software patches to the bugs is about all the average student can do. However, students can be proactive about viruses and malware on their computers. Because users are the ones who install such software, they can use basic steps to avoid such software.

Tech Republic recommends using firewalls, updating software as soon as improvements are available, avoiding odd-looking email links, using anti-virus software, and only downloading files from reputable sources. Although seemingly simple, these rules are crucial. According to BitTorrent trackers, 30 million people share 4.5 million torrents every day, exposing users to ample opportunities for exposing themselves to viruses.