Firmware viruses are among the most dangerous to your computer, whether you have a Windows PC or a Mac. They’re hard to detect and even harder to remove. News of a test worm built to attack Macs was unveiled at this week’s Black Hat security conference in Las Vegas, showing that when it comes to firmware, both operating systems are vulnerable.

Understand that this is a laboratory virus created by researchers to show manufacturers how their machines could be at risk to an attack. By sharing the research, it is hoped that manufacturers and software developers will fix the identified weak points. In this particular case, Thunderstruck 2 was shown to be able to allow a firmware attack to spread automatically from one Mac to another without a network connection. It is the first such experimental virus of its kind.

However, there’s no magic here. While the malware doesn’t use a network connection, it must be transferred from one computer to another via a peripheral device. And more importantly, the original infection enters a computer in the typical way — by the user clicking on a malicious link in a phishing email. Once infected, the virus waits until it detects a peripheral device, transfers the virus in seconds and so the spread begins. In the test case, an infected Apple Ethernet adapter was used. The researchers have alerted Apple of its findings and the company is working on patches to eliminate the vulnerabilities.

Firmware is present in most computerized devices. It is a type of software embedded in a piece of hardware. Manufacturers use firmware updates to add new features to devices. The problem stems from the fact that firmware is outside the machine’s operating system, which means it’s outside the reach of most antivirus programs. An infection can be nearly impossible for the typical computer user to remedy. Even wiping your computer won’t eliminate malware in firmware. When you do a clean install, you’re replacing your operating system, but the firmware remains. The only way to get rid of a firmware virus is to reprogram or replace the chip that contains the firmware.

“For most users that’s really a throw-your-machine-away kind of situation,” Xeno Kovah, one of the researchers who designed the worm, said in an interview with Wired. “Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

Firmware is also particularly vulnerable to attack because most hardware makers, PCs and Macs alike, usually use much of the same firmware code and it’s often left unencrypted. While computer manufacturers could implement protections, they would require a substantial investment. But this type of malware is also very expensive to create and therefore, quite rare. Still, it’s worth taking steps to protect your computer.

One way to reduce your risk is to buy peripherals like Ethernet adapters and SSD cards from only reputable manufacturers. Don’t use USB drives from an unknown source — even those you pick up from a conference where they are often handed out like candy. Don’t allow someone else to use any of these small devices on your computer.

Don’t let your computer out of your sight while traveling. Security firm Kaspersky has noted state-sponsored attacks at airports and border crossings, dubbing such malicious stunts as “evil maid” attacks. A traveler’s computer is removed for inspection and a peripheral device is used to infect it. Unless you’re a spy or traveling in very risky countries, I wouldn’t worry too much about this one.

But a very real and common pitfall is the phishing email. If you receive an email that contains links or attachments, don’t click or open them unless you are confident of the source. Likewise, avoid visiting unknown websites that can contain malicious code that can be transferred to your computer simply by opening the page — known as a drive-by attack. Always use secure and unique passwords for your accounts. Keep your computer up-to-date and remove any software that you don’t use to reduce possible entry points for malware.

Leslie Meredith has been writing about and reviewing personal technology for the past six years. She has designed and manages several international websites. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.