How to Fix a Malware Infected Computer
Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.
Installing an antivirus program is a good first step . But you're not done yet The initial setup enables the antivirus scanning engine the code that checks files for possible viruses . The most important part of the package is the database of virus definitions (sometimes called the signature file). After installing an antivirus package on a new computer, update it to the latest definitions immediately. Then configure the program to enable these features
Antivirus software works primarily by comparing the contents of the computer with a list of known viruses (virus definitions) Software vendors sometimes bundle security software, including antivirus and firewall products, that can install on top of the existing Windows solutions. Overlapping security programs that perform the same function, when installed at the same time, can cause conflicts and unpredictable results. You don't want two firewall programs, for example, operating concurrently. You can select which firewall to run in Action Center or, if you choose to use the built-in Windows Firewall, simply uninstall the secondary firewall using Programs and Features in Control Panel. to see whether any part of a computer is infected. It does this in two different ways. The first is by scheduling recurring scans, daily or perhaps weekly at a time of your choosing, during which the program plods through all endangered areas of the computer. If any viruses are found, they can be...
The intent of an antivirus program is to identify, inoculate, disinfect, or clean a virus or other malware program from a computer. Antivirus programs usually work in two different ways. Most scan a computer in its entirety, looking for known viruses based on their databases of virus listings, and then they delete, inoculate, remove, or quarantine the infected file. Other antivirus programs watch file behavior on the computer. If the program detects unusual behavior, it will usually capture the file, scan it, and then either ask the user for input on how to handle the issue or quarantine the file for further inspection and possible deletion. Most current commercial antivirus programs use both of these methods to detect and eradicate viruses from infected computers. This helps eliminate the threat of infection by watching the most consistent way viruses try to infiltrate computers. The most common elements of virus removal involve repair of the file itself. This consists of the...
Recently more companies have realized the potential harm of malware programs, and they have tried to take steps to begin removing malware from their environments. With the onset of the Sarbanes-Oxley and HIPAA acts, compliance is on the rise and many people have started to realize how vulnerable their private data has become to outside entities. Armed with this knowledge, security practices have become increasingly important for many organizations, and everyone feels the pain as we struggle to maintain a balance between user-friendly computing and secure computing. To combat the problem with malware, many vendors now offer tools that will remove even the toughest malware out there. The industry refers to these programs as antimalware tools. Antimalware tools scan and remove malware from infected computers. If you type antimalware in a search engine, you will discover some of the more than 6 million web pages on the topic. The reason for this relates directly to the inexhaustible...
Historically, many malware installations occurred because the user visited a malicious Web site, and the Web site exploited a vulnerability in the Web browser to install the malware . In some cases, users received no warning that software was being installed. In other cases, users were prompted to confirm the installation, but the prompt might have been misleading or incomplete . Windows 7 provides four layers of protection against this type of malware installation Windows Defender notifies the user if malware attempts to install itself as a browser helper object, start itself automatically after a reboot, or modify another monitored aspect of the operating system. figure 2-2 Windows 7 uses defense-in-depth to protect against browser exploit malware installations .
Security threats have constantly changed to adapt to each new generation of operating system. In the past several years, the prevalence of malware (a broad term that encompasses viruses, worms, Trojan horses, and rootkits, as well as spyware and other potentially unwanted software) has soared NOTE Microsoft uses the term spyware and potentially unwanted software to refer to software that is unwanted but not unambiguously harmful. In this book, the definition of malware includes both clearly malicious viruses and worms and the more ambiguous spy-ware and potentially unwanted software. Because of the challenges in identifying malware, it might be impossible to eliminate the threat completely. However, Windows Vista and Windows 7 have many new security features to help protect computers from malware . Many malware infections can be prevented by installing updates on a mobile computer or by adjusting the security configuration. Group Policy, Windows Server Update Services (WSUS), and...
Malware, a term used to describe malicious software such as spyware and adware, has had a significant negative impact on IT departments in recent years. Often, malware has been distributed through Web sites that either trick users into installing the software or bypass the Web browser's security features to install the software without the user's consent . Internet Explorer 7 has been hardened to reduce the potential for malicious Web sites to compromise a user's browser or the rest of the operating system. The sections that follow describe other improvements that reduce security risks when users browse the Web .
Avoiding Malware Taking a minimalist approach to installing software on your computer goes a long way toward avoiding malware. It also saves space, avoids bogging down your PC, and can make the computer simpler and easier to use. That doesn't mean you must forego all the software gadgetry that makes computers useful and fun, but it does require a more judicious attitude on installing software. As with many areas in life, when it comes to installing software from the Internet, installing a CD purchased at the dollar store, or downloading content from a peer-to-peer program, less is more. The best way to prevent an unintentional computer donation is to follow this rule N EVER install software from a source you don't trust. Once installed, malware can and will take major liberties with your computer. Malware writers go to amazingly creative and destructive lengths to achieve their goals whether to profit by directing you to ads, theft of personal information, or worse. If your computer...
Plenty of good antivirus programs are available. You can start your search at the Windows 7 Security Software Providers page, w7io.com 1510, which provides links to publishers of Windows 7-compatible security software, including antivirus programs . (If you haven't yet installed antivirus software, you'll find a link to this page in Action Center. Next to Virus Protection, click Find A Program Online .) This Windows 7 Security Software Providers page provides no independent evaluation . Besides the usual review sites managed by computer magazines, you should look to ICSA Labs, which tests antivirus programs and certifies those that meet its criteria for effectiveness . You can find lists of certified programs at w7io.com 1511. Another independent tester is Austria-based AV-Comparatives . org (w7io.com 1512) .
On the second Tuesday of each month, as part of its normal security releases, Microsoft releases an updated version of a utility called the Malicious Software Removal Tool (MSRT). This utility is not designed to block new viruses from entering a computer rather, its function is to clean up systems that have been infected with well-known and widespread viruses and other forms of malware. The MSRT is delivered by Windows Update, and on most computers, this tool runs silently and then deletes itself it alerts you if it finds any infections, and lets you know if they were successfully removed. As an alternative to the MSRT, free web-based virus scanning services are available from several antivirus vendors . The Windows Live safety scanner can be run from w7io.com 1516. Periodic scanning by the MSRT or an online tool does not provide continuous protection against virus infections . For that, you need to install and run an antivirus program .
Many people spend a lot of time on the Internet browsing websites, downloading data, and never thinking of the potential problems of malicious software (malware) creeping onto their computers. Some such software simply reports your surfing habits, and other software tries to take control of your computer. Malware consists of programs that are suspicious in nature and have the malicious intent of infiltrating your computer without your consent. The industry also defines malware as software with a legitimate purpose that contains harmful bugs that ravage a computer. Before the proliferation of broadband Internet connections, most malware was kept in check by the limited bandwidth of dial-up Internet connections. When you dialed into your service provider, you didn't really have the bandwidth to allow your computer to be compromised without your knowledge and most computers were not left online all the time for people to try to connect to and harm. However, because broadband connections...
This screen will take you directly to the website for the anti-virus vendor you choose. My two personal recommendations are Microsoft Security Essentials and AVG antivirus, both of which are free although AVG also offer a paid-for security suite that has additional functionality.
The Action Center (New ) provides a single place to manage your four security essentials, Windows Firewall, Automatic Updating, Malware protection (virus and spyware) and Other security settings (Internet security and User Account Controls). If you're having computer problems, you can access troubleshooting (New ) and System Restore options. The Action Center recommends security settings that you can use to help protect your computer. It also provides links to important information about the latest virus or other security threat, or to get customer support from Microsoft for a security related issue. As you work, Windows 7 uses security alerts and icons in the notification area on the taskbar to help you recognize potential security risks, such as a new virus, out of date antivirus software or an important security option is turned off, and choose appropriate settings. If Windows requires your attention, the Action Center icon appears in the notification area (New ). Click the Action...
You'll need to obtain one, as none is included with Windows 7 . For more information, see Blocking Viruses and Worms with an Antivirus Program on page 517 . Beyond those essential steps, it's important that you learn to avoid installing potentially risky software. With improved security layers, the biggest risk nowadays is a form of social engineering Trojan horse programs that masquerade as beneficial (or, at worst, benign) programs and rely on gullible users to install them. User Account Control (UAC) helps in this regard by limiting the administrative tasks (installing any type of program is an administrative task even though it is not always performed by an administrator ) that less knowledgeable users can perform. (For details, see Preventing Unsafe Actions with User Account Control on page 531 .) In addition, Internet Explorer makes getting into trouble more difficult than in previous versions. (For more information, see Security and Privacy Options on...
If you send and receive e-mail, Windows Firewall doesn't block spam or unsolicited e-mail or stop you from opening e-mail with harmful attachments. To protect your computer from these attacks, see Protecting Against E-mail Attacks on page 194. Windows Firewall helps block viruses and worms from reaching your computer, but it doesn't detect or disable them if they are already on your computer or come through e-mail. To protect your computer, you need to install antivirus software.
Yet another option is to download and use one of many available antivirus programs. A reliable source is www.mcafee.com, and its website is another good place to check for the latest discovered viruses and how to protect your computer from them. I like a freebie called Avast (www.avast.com) and have had good luck with it for several years. AVG also offers a free version of its commercial package. You can find it at http free.avg.com. For help dealing with junk mail and spam and phishing emails, and for information on protecting your computer from viruses, adware, malware, Trojans, and all other manner of invasive mischief, see Chapter 30, Protecting Windows from Viruses and Spyware, and Chapter 33, Protecting Yourself from Fraud and Spam. Contrary to popular belief, simply downloading an infected attachment virtually never harms your computer. With few exceptions, it is only if you open an attached executable file that there could be dire consequences. If possible, save the file...
On the Security panel, you'll see the status of security-related features, including you computer's default spyware and antivirus program. If you are using Windows Defender, you'll see alerts about required updates and scans as well. Using the Action Center, you can easily identify common security features and the tasks associated with securing your operating system. With the Action Center, you can view the status of Windows Firewall, Windows Update, Windows Defender, Internet Options, User Account Control, and Network Access Protection. The Action Center also lists virus protection status and indicates whether you have installed an antivirus solution on the computer.
3) Make sure you are using the most up-to-date antivirus software. New viruses and more virulent strains of existing viruses are discovered every day. Unless you update your virus checking software, new viruses can easily bypass outdated virus checking software. Companies such as McAfee and Symantec offer shareware virus checking programs
A spyware infection is rarely a single application most successful malware infections automatically install several, even dozens, of additional applications . Some of those applications might be straightforward to remove. However, if even a single malicious application remains, that remaining malware application might continue to install other malware applications. 3. Run antivirus scans on your computer, such as that available from http safety.live.com . Often, spyware might install software that is classified as a virus, or the vulnerability exploited by spyware might also be exploited by a virus. Windows Defender does not detect or remove viruses. Remove any viruses installed on the computer. 4. If you still see signs of malware, install an additional antispyware and antivirus application from a known and trusted vendor. With complicated infections, a single anti-malware tool might not be able to remove the infection completely. Your chances of removing all traces of malware...
In conjunction with antivirus, antispyware, and personal firewall software, automatic updates are a critical part of a solid security strategy because they shut down avenues of attack as soon as they are discovered. Malware often relies on flaws found in software to work. These flaws are akin to open side doors to your home that, hopefully, nobody knows about. There they stand as an open invitation for malware to walk in. Automatic updates don't just shut the door they usually remove the door entirely and put a permanent wall in its place. You can enable and configure automatic updates in the Security section in Action Center. If daily updates at 3 00 a.m. do not suit you, adjust the time and frequency as you like.
Because worms spread across networks without user interaction, antivirus programs that seek to prevent users from launching viruses do not apply. Defense against worms demands a layered defense, where the first layer is a good network firewall. As evidenced by the layout of the Security heading in the Action Center, there is often one program to block spyware, another to fight viruses, and yet another to provide a network firewall on a single PC. The industry trend is toward convergence. Many antivirus programs now use their scanning technology to identify and remove spyware, and some include a personal firewall as well. Some packages even include rootkit and phishing protection in some form. (See Chapter 32 for details on phishing.) In coming years, we might see the evolution of an Integrated Security Client rather than a grab-bag of specialized applications, or at least more cohesive suites of products. Comprehensive PC management services, which include malware defense, are another...
Out of the box, Windows 7 includes antispyware functionality in the form of Windows Defender, a two-way firewall in Windows Firewall a hardened Web browser (Internet Explorer 8) and automatic updating features that keep the system up-to-date, every day, with the latest security patches. Also included are changes to the User Account Control (UAC) feature, covered in the next chapter, making it less annoying and less likely to be turned off, thus reducing your exposure to malware. It would seem that Windows 7 comes with everything you need to be secure. 2. Install an antivirus solution Many new PCs are preinstalled with security suites from companies such as McAfee and Symantec. While these suites are better than nothing, they're also a bit bloated and perform poorly in our own tests. We prefer standalone antivirus solutions for this reason. There are many excellent options, including ESET NOD32 Antivirus, which in our own tests has proven to do an excellent job with minimal system...
Antispyware falls into the same category as antimalware does. Before the proliferation of this type of code across the Internet, a distinction was made between the two types of programs. However, in recent years, these antispyware and antimalware programs have morphed into the same program. Usually you can eliminate spyware using freeware antimalware tools or antivirus scanners. Some specialty tools list themselves as spyware removal tools, but they also help eradicate malware. The backlash created by consumer outrage did have some positive effects, though. As ISPs noticed that people were increasingly canceling their memberships because their computers simply could not be made safe on the Internet, many began offering free security solutions. At the time of this writing, two of the largest ISPs in the United States Comcast and AOL provide McAfee security products free to subscribers. Comcast subscribers get a free subscription to McAfee VirusScan, Personal Firewall Plus, Privacy...
Stop 0xEA messages can occur after you install faulty drivers (especially video drivers) or system services . If a driver is listed by name, disable, remove, or roll back that driver to resolve the error. If disabling or removing drivers resolves the error, contact the manufacturer about a possible update . Using updated software is especially important for backup programs, multimedia applications, antivirus scanners, DVD playback, and CD mastering tools .
For applications to receive the Certified For Windows Vista or Certified For Windows 7 logo, the application must be designed to work well for standard users unless the tool is specifically intended for use by administrators . However, many applications were developed prior to Windows Vista and will not work correctly with UAC enabled. These might include some older antispyware, antivirus, firewall, CD DVD-authoring, disk-defragmentation, and video-editing tools designed for Windows XP or earlier versions of Windows .
Windows Vista and Windows 7, when connecting to a Windows Server 2008 infrastructure, support Network Access Protection (NAP) to reduce the risk of attackers entering through remote access and LAN connections using the built-in NAP client software of Windows Vista. If a Windows client computer lacks current security updates or antivirus signatures or otherwise fails to meet your requirements for a healthy computer, NAP can block the computer from reaching your internal network. However, if a computer fails to meet the requirements to join your network, the user doesn't have to remain frustrated. Client computers can be directed to an isolated quarantine network to download the updates, antivirus signatures, or configuration settings required to comply with your health requirements policy. Within minutes, a potentially vulnerable computer can be protected and once again allowed to connect to your network.
AyF7indows 7 uses the Action Center to keep ww you informed of security and maintenance issues that need attention, such as antivirus protection and file backup. The Action Center alerts you to issues you should investigate by displaying a flag with an X over a red circle in the notification area of the taskbar.
Antivirus and security software programs may offer their own firewall protection and may display a message asking whether you want to switch. Check their features against Windows and then decide, but usually most firewall features are comparable. The important thing is to have one activated.
Hackers and computer viruses have long been popularized in movies and the media. Although the term hacker has been affectionately used to describe particularly dedicated and skilled computer geeks, it is also used in negative context to describe those who abuse that knowledge for criminal activity. As high-speed Internet connections and personal computers proliferate, these so-called black hat hackers continue to amass an impressive arsenal of tools. These tools may be placed into a few major categories according to their primary characteristics. All of the descriptive terms, some of which you've no doubt heard in reference to computers, such as virus, worm, or spyware, all fall under the single category called malware software designed to do bad things. It's important to understand the differences between the major types of malware because the computer industry is still evolving to fight these threats. At this time, there is no single silver bullet that solves all problems. The...
If you anticipate that your computer will be used by more than one person, set up an account for each additional user now Creating standard accounts for users ensures that they won't be able to install malware or incompatible software in system folders and will be unable to install unsigned device drivers that can cause system instability They'll also be blocked from deleting essential system files
Microsoft Diagnostics and Recovery Toolset (DaRT) is a suite of special troubleshooting tools that administrators can use to boot into a Windows Recovery Environment to repair unboot-able or locked-out computers. Using these tools, you can perform recovery tasks such as restoring lost data, removing malware from infected systems, and diagnosing various kinds of problems
Bundling, social engineering, and browser exploits all rely on the user to initiate a connection to a site that hosts malware, but worms can infect a computer without any interaction from the user. Network worms spread by sending network communications across a network to exploit a vulnerability in remote computers and install the worm. After it is installed, the worm continues looking for new computers to infect.
That follow describe how Windows Vista and Windows 7 security features work together to improve security in regard to three major, common concerns wireless networks, spyware and other kinds of malware, and network worms . Each security technology is discussed in more detail later in this chapter and elsewhere in this resource kit.
Two of the most common ways that malware becomes installed on a computer are bundling and social engineering. With bundling, malware is packaged with useful software. Often the user is not aware of the negative aspects of the bundled software . With social engineering, the user is tricked into installing the software . Typically, the user receives a misleading e-mail or browser pop-up containing instructions to open an attachment or visit a Web site . Windows Vista and Windows 7 offer significantly improved protection against both bundling and social engineering. With the default settings, malware that attempts to install via bundling or social engineering must circumvent two levels of protection UAC and Windows Defender. Windows Defender real-time protection blocks applications that are identified as malicious. Windows Defender also detects and stops changes the malware might attempt to make, such as configuring the malware to run automatically upon a reboot . Windows Defender...
Windows Defender is a free anti-spyware program included in Windows 7. Use it to protect yourself against various types of spyware and malware. Although Windows Defender performs quick scans daily, you can also use it to perform full scans at your direction. Use this section to learn how to start and run Windows Defender.
Run a scan of your system on a regular basis. Windows Defender is set up by default to run a quick scan once a day. You can also use the method described here to run scans more often, or if you visit a site by mistake that you think could download malware to your computer.
To help limit this type of attack, all Internet Explorer 7 and later browser windows now require an address bar. Attackers often have abused valid pop-up window actions to display windows with misleading graphics and data as a way to convince users to download or install their malware . Requiring an address bar in each window ensures that users always know more about the true source of the information they are seeing.
Keeping up to date with the current malware definitions can help protect your computer from harmful or potentially unwanted software. Microsoft has taken several steps to create definition updates, including gathering new samples of suspicious files, observing and testing the samples, and performing a deep analysis. If we determine that the sample does not follow our criteria, its alert level is determined and the software is added to the software definitions and released to customers. Turn On Definition Updates Through Both WSUS And The Microsoft Malware Protection Center Provides similar functionality to the previous Group Policy setting, but clients download updates from a different site . You should set these two policies to the same value unless the computer has no access to the Internet and relies only on an internal WSUS server. Turn Off Windows Defender Enable this setting to turn off Windows Defender real-time protection and to remove any scheduled scans . You should enable...
Keeping Windows up to date is an absolutely essential step in maintaining a secure computer and avoiding malware. In recent years, the most widely exploited vulnerabilities in Windows have been patched quickly usually before these issues became widespread problems. Windows users who installed the updates promptly were able to avoid infection, whereas legions of others (who failed to keep their systems updated) fell victim .
BitLocker uses the TPM to unlock the VMK . The Windows startup process uses the TPM to verify that the hard disk is attached to the correct computer (and thus, the hard disk has not been removed) and that important system files are intact (preventing access to the hard drive if malware or a rootkit has compromised system integrity). When the computer is validated, TPM unlocks the VMK, and Windows 7 can start without prompting the user, as illustrated in
Internet Explorer 7 helps to deter this malicious behavior by appending the domain name from which each script originates and by limiting that script's ability to interact only with windows and content from that same domain . These cross-domain scripting barriers help ensure that user information remains in the hands of only those to whom the user intentionally provides it . This new control will further protect against malware by limiting the potential for a malicious Web site to manipulate flaws in other Web sites and initiate the download of some undesired content to a user's computer.
To prevent unwanted software, ensure that you have all Microsoft security updates installed and are using anti-malware software, such as Microsoft Forefront or Windows Defender. For more information about installing security updates, read Chapter 23, Managing Software Updates . For more information about Microsoft Forefront and Windows Defender, read Chapter 24 .
As Figure 20-24 shows, scheduled tasks are stored in the Task Scheduler Library. Task Scheduler displays tasks created by you or other users when you select the Task Scheduler Library node in the left pane. Unlike earlier versions of Windows, Windows 7 makes extensive use of scheduled tasks. In the Task Scheduler Library, you'll find system tasks under Microsoft Windows and Microsoft Windows Defender. Tasks under Microsoft Windows handle many of the background housekeeping tasks on your computer. Tasks under Microsoft Windows Defender are used to automate malware scans.
Also available is a link to the Malware Protection Center website. The Malware Protection Center performs malware research and response for the Windows operating system. You can learn more about the latest definitions for Windows and various other Microsoft products. There's also lots of information about malware as well as lists of protection software and resources.
Drivers typically run as part of the kernel, which gives them almost unprotected access to system resources . As a result, drivers that have bugs or are poorly written, or malware drivers specifically written to abuse these privileges, can significantly affect a computer's reliability and security
To prevent unwanted changes in the future, ensure that you have all Microsoft security updates installed and are using anti-malware software, such as Microsoft Forefront or Windows Defender. For more information about installing security updates, read Chapter 23 . For more information about Microsoft Forefront and Windows Defender, read Chapter 24 .
Windows XP Mode requires hardware virtualization support in the CPU, such as Intel virtualization or AMD virtualization. Virtualization support must be enabled in firmware. Although Windows XP Mode provides a fully functional Windows XP environment, it is not meant for graphics-intensive applications. As with any virtualized PC environment, you should protect the virtual OS by installing anti-virus and anti-malware programs in Windows XP mode. These anti-virus and anti-malware programs are separate from those running in the native Windows 7 environments.
The Windows Filtering Platform (WFP) is an architectural feature of Windows Vista and later versions that allows access to Transmission Control Protocol Internet Protocol (TCP IP) packets as they are being processed by the TCP IP networking stack. WFP is the engine that implements packet-filtering logic, and it is accessible through a collection of public APIs which provide hooks into the networking stack and the underlying filtering logic upon which Windows Firewall is built. Independent Software Vendors (ISVs) can also use WFP to develop third-party firewalls, network diagnostic software, antivirus software, and other types of network applications . Using these APIs, a WFP-aware filtering application can access a packet anywhere in the processing path to view or modify its contents. Third-party vendors and network application developers should utilize the WFP APIs only for filtering applications or security applications
A common performance problem occurs when Windows automatically loads an excessive number of programs at startup . The result, especially on systems with minimal memory, can be unpleasant startup takes an unnecessarily long time, applications that you never use steal memory from programs you use frequently, and the page file gets more of a workout than it should. Some programs, such as antivirus utilities, need to start up automatically. But in many cases, you're better served by running programs when you need them and closing them when they're not needed
You can enable or disable proxy settings on a per-connection basis as well as for the LAN. You should enable proxy settings only when using a proxy is required. If you enable proxy settings and a proxy is not required, you won't be able to use the related connection to access the Internet or resources on your network. This happens because your computer will look for a proxy that isn't there. Malware programs sometimes target your proxy settings, and you may have to enable or disable these settings as a result.
A recurring cause of instability in Windows machines is attributable to what's sometimes called drive-by downloads from the Web. How many times have you visited a website only to see a popup dialog box saying you need to install software for the website to work on your browser Sometimes it's clearly stated why this is necessary (for playing a video, a proprietary sound file, or Flash animation, for example), and other times, the reason is not so clear. All you know is that you are faced with the decision of letting some (typically) unknown source install software on your computer so you can enjoy the web page, or opting out and moving on. Maybe you assume it can do no harm because it's only an addition to IE and not to your operating system. But because IE is often the back door through which viruses, adware, spyware, Trojan horses, and other malware infect your computer, being cautious at this juncture is extremely important.
Services are long-running applications that run in the background, typically start up on boot, and run independently of users who log on. Services handle low-level tasks such as managing authentication and networking and other tasks that need little or no user interaction to function. Third-party services, such as firewalls and antivirus software, can also run on Windows.
If you search for themes elsewhere on the internet, be sure to download theme files only from people or companies you know and trust. Some theme elements (most notably, screen savers, which include executable program code) have long been notorious vectors for viruses and spyware. (A study released in 2009 by the security software vendor McAfee found screen savers to be the web's most dangerous search term, because the results pages often lead to malware downloads . As Windows 7 gains in popularity, searches for free themes are likely to produce risky results too. You can read the study at w7io.com 0403.) Also, other types of malware could be disguised as a theme pack . (That is, you think that by double-clicking a file you're installing a theme, but you could in fact be installing a nefarious program instead .)
Unlike EFS, BitLocker can encrypt entire volumes, including the page file, hibernation file, registry, and temporary files, which might hold confidential information. EFS can encrypt only user files . Additionally, when used with TPM hardware, BitLocker can help protect your system integrity by ensuring that critical Windows startup files have not been modified (which might occur if a rootkit or other malware was installed). Also, if the hard disk is moved to a different computer (a common method for extracting data from a stolen hard disk), the user will be forced to enter a recovery password before gaining access to the protected volumes .
Because System Image backups must rewrite the entire contents of the disk, you can restore System Image backups only by booting from the Windows 7 DVD and loading System Recovery tools . Restoring a System Image backup from System Recovery tools allows you to quickly get a computer running after replacing a failed hard disk or when the previous operating system installation has been corrupted (for example, by an irreparable malware installation).
Although the UAC prompts are sometimes intrusive, that's the point. First, they provide a not-so-subtle reminder that what you're about to do has a systemwide effect. But most importantly, UAC prevents a malicious application from silently installing without your knowledge . Most spyware, viruses, and other malware get installed as a direct, albeit unintended, result of a user action, such as clicking a link . When you click a link that you think is going to display some pretty pictures, wouldn't you be pleased to have UAC tell you that it's attempting to install a program
Security in Task Scheduler 2 . 0 is greatly improved over the previous version Task Scheduler 1.0 (Windows XP and earlier versions). Task Scheduler now supports a security isolation model in which each set of tasks running in a specific security context starts in a separate session. Tasks executed for different users are started in separate window sessions, in complete isolation from one other and from tasks running in the machine (system) context. Passwords are stored (when needed) with the CredMan service . Using CredMan prevents malware from retrieving the stored password, tightening security further.
Windows 7 includes low-level integrity checks not included with earlier versions of Windows to reduce the risk of overruns . Malware frequently uses different types of overruns to run elevated privileges and code without the user's consent. Essentially, Windows 7 double-checks the contents of memory in the pool a portion of memory that applications use temporarily but which is managed by the operating system . If the pool has been modified or corrupted, Windows 7 initiates a bug check that prevents more code from running.
Has included antispyware capabilities in the box with Windows 7. Windows Defender evolved from Microsoft's 2005 free beta release of Microsoft AntiSpyware and is built with technology gained from Microsoft's acquisition of Giant Company Software, Inc. Spyware protection is its chief focus, but as the name implies, Windows Defender does not limit itself exclusively to spyware protection and takes on the remainder of malware that antivirus programs can leave untreated. After spyware gets onto a system, it can be difficult to remove. Let's assume you have a cousin named Heather who, after admittedly visiting suspicious links on MySpace, is convinced something bad has happened to her computer. Performance has degraded noticeably. Pop-ups abound. Like many, Heather is an avid fan of toolbars and neat programs that do wonderfully cute things. They have cute names such as BearShare and Bonzi Buddy, and at first seem to make the computer more fun than it ever deserved to be. If her suspicion...
Microsoft announced the release of Windows Defender (then called Microsoft AntiSpyware) at the 2005 RSA security conference. With the announcement, it stated that the product was freely available to all valid licensed users of the Windows 2000, XP, and Server 2003 products. It championed Microsoft AntiSpyware as a product to help users worldwide in the fight against spyware and malware. Windows Defender offers even greater capability than the older versions, helping to ward off infection by employing several real-time security agents monitoring well-known areas of Windows that spyware and malware change regularly. Microsoft has also integrated support for Microsoft SpyNet into the Windows Defender product. This support allows users to report spyware and malware to Microsoft in an effort to help update a centralized database that Microsoft houses to thwart the spread of spyware and malware. Microsoft uses these reports to determine the validity of the
Even running as a standard user doesn't provide complete protection. Malware can be installed in your user profile, without triggering any system alarms . It can log your keystrokes, steal your passwords, and send out e-mail using your identity. Even if you reset UAC to its highest level you could fall victim to malware that lies in wait for you to elevate and then does its own dirty work alongside you. As we said, enabling UAC is only one part of a multi-layered security strategy. It works best when supplemented by a healthy skepticism and up-to-date antivirus software.
The infamous Internet Worm, launched in 1988 by then Cornell University student Robert Morris, was the first worm to publicly demonstrate the risk of buffer overflow attacks. It infected thousands of systems on the Internet, frustrating military and university researchers at the time. Modern malware writers continue to exploit the same type of vulnerability on a much larger scale. The Internet has grown exponentially, connecting banks, corporations, government agencies, and private homes. The recent generation of worms, such as MS Blaster and Sasser, have attracted mass media attention because they delayed British Airways flights and affected networks from public hospitals in Hong Kong to the Sydney train system all made possible by a single category of security vulnerability.
The list of Internet Explorer security features is vast, although you won't likely run into most of them unless you're truly unlucky. IE8 integrates with Windows Defender to provide live scanning of Web downloads to ensure that you're not infecting your system with spyware, and it integrates with Windows 7's parental controls as well as Windows Live Family Safety (both described in Chapter 8) to ensure that your children are accessing only those parts of the Web you deem safe. In addition, various low-level changes prevent increasingly common cross-domain or cross-window scripting attacks and blocks malicious malware installation attempts.
When a User consents to having a Helper share control of her computer during a Remote Assistance session, the User has the option of allowing the Helper to respond to UAC prompts (Figure 22-1) Typically, UAC prompts appear on the Secure Desktop (which is not remoted), and consequently the Helper cannot see or respond to Secure Desktop prompts. The Secure Desktop mode is the same mode that a user sees when she logs on to her computer or presses the Secure Attention Sequence (SAS) keystroke (Ctrl+Alt+Delete). UAC elevation prompts are displayed on the Secure Desktop instead of the user's normal desktop to protect the user from unknowingly allowing malware to run with elevated privileges on her computer. The User must provide consent to a UAC prompt to return to her normal desktop and continue working. This consent requires either clicking Continue (if the user is a local administrator on her computer) or by entering local administrative credentials (if she is a standard user on her...
In the Action Center window that appears (see Figure 15-7), check to see whether the Security item states whether Windows found any antivirus software on your computer. It's very important that you have antivirus and antispyware software installed on your computer, and that you run updates to them on a regular basis. These types of programs help you avoid downloading malware to your computer that could cause advertising pop-ups, slow your computer's performance, damage computer files, track your keystrokes while you type to steal your identity, and more. If you don't want to pay for such a program, consider a free solution, such as Spyware Terminator (www. spyware terminator. com).
Install Antivirus Software Register Your Antivirus Given the severity of risk viruses pose to your security, you'll be surprised that Windows 7 doesn't include antivirus software, although the company that sold your computer may have added some. In this chapter, you find out how to download, install, and run this vital software. 1. If you see the Action Center icon (the image of a flag) in the taskbar's notification area, hover your mouse pointer over that icon for a summary tooltip. When the icon also has an X over the flag image, you know that the Action Center has a message for you. Click the icon to see a list of the Action Center messages. In Figure 18-1, the Action Center notification pop-up indicates one important message (finding an antivirus program) and a second, presumably less-important issue (setting up a backup). Find an antivirus program online (Important) Virus Protection Having virus protection for your computer is essential. See the task Install Antivirus Software,...
Commercial products called personal firewalls are designed for use on PCs. These types of products, Norton Internet Security 2009 (www.symantec.com) for instance, range in price from free to about 60. Now that Windows includes an integral firewall, add-on products might no longer be necessary, and I don't think that it's worth paying for a software firewall program for Windows. Windows Firewall is good enough, it's free, and it's built in. It's far more important that you keep Windows and all of your add-on applications up-to-date, and use Windows Defender or a third-party antivirus antispyware program.
Windows Service Hardening, a feature of Windows Vista and Windows 7, restricts all Windows services from performing abnormal activities in the file system, registry, network, or other resources that can be used to allow malware to install itself or attack other computers. For example, the Remote Procedure Call (RPC) service is restricted to performing network communications on defined ports only, eliminating the possibility of abusing it to, for instance, replace system files or modify the registry (which is what the Blaster worm did). Essentially, Windows Service Hardening enforces the security concept of least privilege on services, granting them only enough permission to perform their required tasks .
If you do not see this listing, you will see Windows Defender is turned off and a button labeled Turn on now. Click the button to turn on the Windows Defender feature and allow the program to scan the computer for spyware or malware infections. You will then see an On entry, showing that the feature is enabled on the computer. If you continue to have problems getting Windows Defender to work correctly, you may need to run an antivirus program on the computer to determine if a computer file was corrupted, or you may need to contact a computer service company. Calling in a
As with malware, viruses that take the place of programs used by the operating system may cause instability of the host computer. This can cause crashes, hangs, and intermittent lock-ups. Trojans fall into this category as well, but they work slightly differently than viruses. Trojans follow true to their name. Trojans are also referred to as Trojan horses, relating to the famous story told by Homer in The Iliad of the great battle between the Greeks and the Trojans over Princess Helen. To get a Trojan on your computer, you must invite the program onto your computer. Usually you do this by loading a utility or other program that has a purported valid use on the computer. Unbeknownst to you, the program includes a Trojan, which gives an external user the ability to use the computer remotely. The remote user can then cause great harm to the data on the computer or expose its use for personal gain. As you can see, the lines between malware and viruses are very blurry in terms of the...
IMPORTANT If you install antivirus software as part of the task sequence, be sure to carefully test how the antivirus software interacts with the deployment process before moving to a production environment. Antivirus software can prevent MDT 2010 from successfully deploying Windows 7 and applications. If necessary, you can always disable the antivirus software and then re-enable it at the end of the task sequence.
Make sure protections are up to date. By enabling a firewall to keep your computer safe from outsiders and also keeping Windows up to date, you can avoid several kinds of attacks on your data. Windows can also let you know whether a computer you're using is protected by an antivirus program.
You cannot download an ActiveX control, scan it for viruses, and install it separately ActiveX controls must be installed on the fly. Although the inability to scan for viruses in advance might sound like a security risk, you're protected from known viruses if you've configured your antivirus software to perform real-time scanning for hostile code. If the ActiveX control contains the signature of a known virus or worm or engages in suspicious behavior, the antivirus software will intercept it and refuse to allow the installation to proceed. As with any program you download and install, of course, you need to exercise caution and ensure that the download is safe before allowing it on your computer.
Install Antivirus Register Your Antivirus Part VI Staying Safe and Keeping Windows 7 Healthy. In Chapter 17, keep Windows 7 up-to-date. In Chapter 18, protect your computer against bad software (called malware), such as viruses. (Another thing you should do sooner, rather than later.) In Chapter 19, back up the documents and photos you'd hate to lose.
A problem I've experienced several times with Automatic Updates occurs due to a conflict between McAfee Security Center and Automatic Updates. As this is an equal opportunity conflict, I've also seen it occur due to a conflict between Norton Security and Automatic Updates. Normally, when you shut down your computer and there are updates to install, these updates are installed automatically. The problem I've experienced is that the update process gets locked when I shut down my computer, and there are multiple updates that affect components protected by McAfee or Norton as part of their antivirus or antimalware protection.
Extending the protections against malware at the browser level, Windows Defender helps prevent malware from entering the computer via a piggyback download, a common mechanism by which spyware is distributed and installed silently along with other applications. Although the improvements in Internet Explorer 7 cannot stop non-browser-based spyware from infecting the computer, using it with Windows Defender will provide a solid defense on several levels. For more information about Windows Defender, read Chapter 24, Managing Client Protection
IE8's SmartScreen Filter is the new version of the anti-phishing filter that debuted in IE7. It's been renamed to reflect the fact that it now performs both anti-phishing and anti-malware functions, protecting you and your PC from electronic attacks. So if you attempt to browse to a site that is known to deliver malware, or you attempt to download a known bad file, IE8 will prompt you with a warning, as shown in Figure 7-8.
In addition to security improvements that can be configured, several improvements in Windows 7 might go unnoticed to all but software developers, including malware writers. Microsoft adheres more closely to the well-known security Principle of Least Privilege, which means that people or things should have access only to what they need, and nothing more. It's a sound idea that, had it been followed more closely in earlier version of Windows, would have prevented numerous security exploits.
Over the years, the most common security threats have changed from viruses to worms and, most recently, to spyware and Trojan horses. To help protect users from these types of malicious software, Microsoft recommends using accounts with limited privileges (known as standard user accounts in Windows Vista or Limited user accounts in Windows XP). Standard user accounts help prevent malware from making system-wide changes, such as installing software that affects multiple users if a user lacks permission to install a new application to a shared location, such as SystemRoot Program Files, any malware the user accidentally runs is also prevented from making those changes. In other words, malware run in the context of the user account has the same security restrictions as the user. Although logging on to your computer as a standard user offers better protection from malware, working with this type of account has been so difficult in the past that many organizations choose to give users...
In this chapter, you will learn how to choose anti-virus, anti-malware, and firewall software how to take ownership of your files how to encrypt your sensitive data and how to protect your privacy online and in Windows Media Player 11. While there are many PC security options available, this section should give you a good start.
AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that replaces Software Restriction Policies in earlier versions of Windows Like Software Restriction Policies, AppLocker gives administrators control over which applications standard users can run Restricting the applications that users can run not only gives greater control over the desktop environment, but it is one of the best ways to reduce the risk of malware infections, limit the
Administrators can use System Restore to return Windows to an earlier configuration. System Restore is vital for resolving complex problems such as malware installations, but restoring configuration settings to an earlier state can cause applications that were installed since the restore point was made to fail.
Web applications are capable of doing almost anything a standard Windows application can do, including interacting with the desktop, installing software, and changing your computer's settings. However, if Web browsers allowed Web sites to take these types of actions, some Web sites would abuse the capabilities to install malware or perform other malicious acts on computers
With Windows XP and earlier versions of Windows, any process started by a user logged on as an administrator would be run with administrative privileges . This situation was troublesome because malware could make system-wide changes, such as installing software, without confirmation from the user. In Windows Vista and Windows 7, members of the Administrators group run in Admin Approval Mode, which (by default) prompts administrators to confirm actions that require more than Standard privileges . For example, even though a user might log on as an administrator, Windows Messenger and Windows Mail will run only with standard user privileges .
It's been a tough decade for Windows users. As Microsoft's operating system entered the dominant phase of its existence, hackers began focusing almost solely on Windows, as that's where all the users are. As a result, various Windows versions have suffered through a seemingly never-ending series of electronic attacks, security vulnerabilities, and high-profile malware breakouts.
Microsoft has taken a firm stance with security in Windows 7. It has added many new security features in this release, alleviating some of the most common security threats used against Windows users. This chapter discusses the nature of many common security threats, and the applications Microsoft offers to eliminate them. I will discuss malware, viruses, spyware, and the tools available to eliminate these threats from your Windows 7 installation. I will also discuss Windows Defender and the Windows Firewall. Please take the time to read this chapter and understand how to use the products Windows 7 offers to help you retain the data on your computer, reduce security problems, and eliminate programs that may try to leech computer resources or exploit your personal data. Malware, viruses, and spyware are serious problems, and protecting against them is vital to the use of a computer housing any type of confidential or private information.
Windows Update has been made to be seamless to its users. Let's say a newly installed update requires a restart while you are in the process of doing important work. You can postpone that restart easily without any disruptions. Also a great feature to Windows Update is the way it handles updates for already running programs. If Windows Update has an update that needs to be installed on an already running program or service, Windows will safely stop the program or service, install the update, and then restart it. This doesn't apply to every program, such as Microsoft Office applications or games, but it does cover antivirus software running continuously in the background and similar programs.
|FixBrowserRedirect Remove Internet Browser Hijacked Redirect Virusmalware||www.fixbrowserredirect.com|