Understanding Security Threats
A decade ago, the threat landscape for Windows users was dominated by viruses and worms. The modern threat landscape is much more complex and, unfortunately, more insidious. Today, an attacker is likely to be part of an organized crime ring or even acting on behalf of a state-sponsored organization, and attacks are typically designed to go unnoticed for as long as possible.
A rogue program, installed without your knowledge and running without your awareness, can perform malicious tasks and transfer data without your consent. This category of software is often referred to as malware.
The goal of the bad guys is to get you to run their software. They might, for example, convince you to install a Trojan-a program that appears legitimate but actually performs malicious actions when it's installed. This category of malware doesn't spread on its own but instead uses social engineering (often using popular social networking sites such as Facebook and Twitter) to convince its victims to cooperate in the installation process. As part of its payload, a Trojan can include a downloader that installs additional malicious and unwanted programs. Some Trojans install a 'back door' that allows an outside attacker to remotely control the infected computer.
What's in it for the bad guys? Money, mostly, gathered in various ways, depending on how the attackers got through your defenses. Here are just a few examples:
- A password stealer runs in the background, gathers user names and passwords, and forwards them to an outside attacker. The stolen credentials can then be used to make purchases, clean out bank accounts, or commit identity theft.
- Bad guys prey on fear with rogue security software (also known as scareware), which mimics the actions and appearance of legitimate antivirus software. If you install one of these programs, it inevitably reports the presence of a (nonexistent) virus and offers to remove the alleged malware-for a fee, of course. A related category includes tech-support scams, in which a Windows user receives a phone call from a scammer masquerading as a Microsoft support professional.
- The fastest rising star in the malware hall of shame continues to be ransomware, a form of digital blackmail in which a program encrypts all your data files and offers to unlock them only upon payment of a ransom.
- Phishing attacks, which use social engineering to convince visitors to give away their sign-in credentials, are a separate but potentially devastating avenue to identity theft that can strike in any browser using any operating system.
You can review lists of current malware threats, along with links to details about each one, at the Microsoft Security Intelligence site, https://bit.ly/malware-encyclopedia. For a more comprehensive view of the changing threat landscape, Microsoft Secure issues occasional reports, using data from hundreds of millions of Windows users and other sources. As we prepared this edition, the most recent Microsoft Security Intelligence Report was Volume 24, released in 2019 and covering calendar year 2018 (https://go.microsoft.com/fwlink/p/?LinkID=2074683).
Securing your Computer: A Defense-in-Depth Strategy
A multidimensional threat landscape requires a multilayered approach to protecting your PC and your network. The big-picture goal is to secure your device, secure your data, secure your identity, and block malware. On a home or small business network, those layers of security include the following:
- Use a hardware router to protect your broadband connection:
This is an essential part of physical security, even if your network consists of a single PC. - Enable a software firewall, and keep it turned on.
You can use Windows Defender Firewall, which is included with Windows 10, or a third-party firewall such as those included with security suites. - Strengthen the sign-in process.
Biometric sign-in using a fingerprint reader or facial recognition with Windows Hello offers much more than convenience. Because biometric sign-in is linked to a specific device, it provides effective two-factor authentication. If you sign in using a Microsoft Account or Azure AD, turn on two-factor authentication to prevent your credentials from being used if they're stolen. - Set up standard user accounts, and keep User Account Control enabled.
Standard accounts help to prevent (or at least minimize) the damage that an unwitting user can do by installing untrusted programs. User Account Control (UAC) helps in this regard by restricting access to administrative tasks and virtualizing registry and file-system changes. - Keep Windows and vulnerable programs up to date. Windows Update handles this chore for Windows, Office, and other Microsoft programs, as well as for the Adobe Flash software included with the legacy version of Microsoft Edge and Internet Explorer. (For the new Microsoft Edge, all Adobe Flash support ended in December 2020.) You're on your own for third-party programs.
- Use an antimalware program, and keep it up to date.
Microsoft Defender Antivirus, which is included with Windows 10, provides antimalware protection, but many third-party solutions are also available. - Protect yourself from threats in email messages.
At a minimum, your email solution should block or quarantine executable files and other potentially dangerous attachments. In addition, effective antispam features can block scripts and prevent phishing attempts. - Use parental controls to keep kids safe.
If you have children who use your computer, family safety features in Windows can help you keep them away from security threats and keep them from wandering into unsafe territory online by restricting their computer activities in other ways. In Windows 10 version 1703 and later, these features have moved to the new Windows Security app.
Security And Maintenance, included in the classic Control Panel, monitors many of these areas to be sure you're protected, and it displays an alert if something needs attention. The new Windows Security app offers a similar overview in a slightly different format.
The most important protective layer-and the one that's most easily overlooked-is user education and self-control. Everyone who uses a computer must have the discipline to read and evaluate security warnings when they're presented and to allow the installation only of software that is known to be safe. (Although users with standard accounts can't install or run a program that wipes out the entire computer, they can still inflict enough damage on their own user profile to cause considerable inconvenience.) Countless successful malware attacks worldwide have proven that many users do not have adequate awareness of safe computing basics.