Windows 7 / Security and Privacy

Understanding the Risk of Malware

Malware is commonly spread in several different ways:

  • Included with legitimate software Malware is often bundled with legitimate software. For example, a peer-to-peer file transfer application might include potentially unwanted software that displays advertisements on a user's computer. Sometimes, the installation tool might make the user aware of the malware (although users often do not understand the most serious compromises, such as degraded performance and compromised privacy). Other times, the fact that unwanted software is being installed might be hidden from the user (an event known as a non-consensual installation). Windows Defender, as described later in this tutorial, can help detect both the legitimate software that is likely to be bundled and the potentially unwanted software bundled with it, and it will notify the user about the software running on their system. Additionally, when UAC is active, standard user accounts will not have sufficient privileges to install most dangerous applications.
  • Social engineering Users are often tricked into installing malware. A common technique is to attach a malware installer to an e-mail and provide instructions for installing the attached software in the e-mail. For example, the e-mail might appear to come from a valid contact and indicate that the attachment is an important security update. E-mail clients such as Microsoft Office Outlook now prevent the user from running executable attachments. Modern social engineering attacks abuse e-mail, instant messages, social networking, or peer-to-peer networks to instruct users to visit a Web site that installs the malware, either with or without the user's knowledge. The most effective way to limit the impact of social engineering attacks is to train users not to install software from untrustworthy sources and not to visit untrusted Web sites. Additionally, UAC reduces the user's ability to install software, AppLocker can prevent users from running untrusted software, and Windows Defender makes users more aware of when potentially unwanted software is being installed. For more information about social engineering, read "Behavioral Modeling of Social Engineering-Based Malicious Software" at http://www.microsoft.com/downloads/details.aspx?FamilyID=e0f27260-58da-40db-8785-689cf6a05c73.
    Note Windows XP Service Pack 2 (SP2), Windows Vista, and Windows 7 support using Group Policy settings to configure attachment behavior. The relevant Group Policy settings are located in User Configuration\Administrative Templates\Windows Components\Attachment Manager.
  • Exploiting browser vulnerabilities Some malware has been known to install itself without the user's knowledge or consent when the user visits a Web site. To accomplish this, the malware needs to exploit a security vulnerability in the browser or a browser add-on to start a process with the user's or system's privileges, and then use those privileges to install the malware. The risk of this type of exploit is significantly reduced by Windows Internet Explorer Protected Mode in Windows Vista and Windows 7. Additionally, the new Internet Explorer 8 feature, SmartScreen, can warn users before they visit a malicious site.
  • Exploiting operating system vulnerabilities Some malware might install itself by exploiting operating system vulnerabilities. For example, many worms infect computers by exploiting a network service to start a process on the computer and then install the malware. The risks of this type of exploit are reduced by UAC, explained in this tutorial, and Windows Service Hardening.
[Contents] [Next]

In this tutorial:

  1. Windows 7 Client Protection
  2. Understanding the Risk of Malware
  3. User Account Control in Windows 7
  4. UAC for Standard Users
  5. UAC for Administrators
  6. UAC User Interface
  7. Secure Desktop
  8. How Windows Determines Whether an Application Needs Administrative Privileges
  9. How to Control UAC Using Application Properties
  10. How UAC Examines the Application Manifest
  11. UAC Heuristics
  12. UAC Virtualization
  13. UAC and Startup Programs
  14. Compatibility Problems with UAC
  15. How to Configure UAC
  16. Group Policy Settings
  17. Control Panel
  18. Msconfig.exe
  19. How to Configure Auditing for Privilege Elevation
  20. Other UAC Event Logs
  21. Best Practices for Using UAC
  22. AppLocker
  23. AppLocker Rule Types
  24. Auditing AppLocker Rules
  25. DLL Rules
  26. Custom Error Messages
  27. Using AppLocker with Windows PowerShell
  28. Using Windows 7 Defender
  29. Understanding Windows Defender
  30. Automatic Scanning
  31. Real-Time Protection
  32. Windows Defender Alert Levels
  33. Understanding Microsoft SpyNet
  34. Configuring Windows Defender Group Policy
  35. Configuring Windows Defender on a Single Computer
  36. How to Determine Whether a Computer Is Infected with Spyware
  37. Best Practices for Using Windows Defender
  38. How to Troubleshoot Problems with Unwanted Software
  39. Network Access Protection
  40. Forefront