A method and apparatus for minimizing the effects of rogue security software leverages the fact that virtually all rogue security software generates malware alerts to scare the user/victim into submitting their payment information, and the fact that the malware alerts generated by rogue security software are almost never changed. In one example, a user computing system is monitored/scanned for any alerts being presented to the user. Once an alert is detected, the alert content is sampled and analyzed for defined keywords that indicate the alert is a malware alert and any alert including the defined keywords is considered a malware alert and is treated as being potentially generated by rogue security software. All malware alerts are therefore subjected to an initial malware alert analysis before the user is allowed to see, and/or respond, at least without a warning, to the malware alert. If it is determined that the malware alert is suspicious for any reason, then the malware alert is determined to be potentially generated by rogue security software and the user is prevented from seeing, and/or responding to, at least without a warning, the malware alert until a more definitive analysis can be performed.