Protecting Against Network Worms
Bundling, social engineering, and browser exploits all rely on the user to initiate a connection to a site that hosts malware, but worms can infect a computer without any interaction from the user. Network worms spread by sending network communications across a network to exploit a vulnerability in remote computers and install the worm. After it is installed, the worm continues looking for new computers to infect.
If the worm attacks a Windows Vista or Windows 7 computer, Windows offers four levels of protection:
- Windows Firewall blocks all incoming traffic that has not been explicitly permitted (plus a few exceptions for core networking functionality in the domain and private profiles). This feature blocks the majority of all current worm attacks.
- If the worm attacks an updated vulnerability in a Microsoft feature, Automatic Updates-which is enabled by default-might have already addressed the security vulnerability.
- If the worm exploits a vulnerability in a service that uses Windows Service Hardening and attempts to take an action that the service profile does not allow (such as saving a file or adding the worm to the startup group), Windows will block the worm.
- If the worm exploits a vulnerability in a user application, limited privileges enabled by UAC block system-wide configuration changes.
XP Service Pack 2 (SP2), Windows Firewall and Automatic Updates are enabled, but the other levels of protection offered by Windows Vista and Windows 7 are unavailable.
In this tutorial:
- Windows 7 Security
- Addressing Specific Security Concerns
- Help Desk Calls Related to Malware
- Protecting Against Bundling and Social Engineering
- Protecting Against Browser Exploit Malware Installations
- Protecting Against Network Worms
- Data Theft
- Security Features Previously Introduced in Windows Vista
- Windows Defender
- Windows Firewall
- Encrypting File System
- Credential Manager Enhancements
- New Security Features of Windows 7
