Historically, many malware installations occurred because the user visited a malicious Web site, and the Web site exploited a vulnerability in the Web browser to install the malware . In some cases, users received no warning that software was being installed. In other cases, users were prompted to confirm the installation, but the prompt might have been misleading or incomplete .
Windows 7 provides four layers of protection against this type of malware installation:
■ Automatic Updates, enabled by default, helps keep Internet Explorer and the rest of the operating system up to date with security updates that can fix many security vulnerabilities. Automatic Updates can obtain security updates from either Microsoft, com or from an internal WSUS server. For more information, read Chapter 23, "Managing Software Updates "
■ Internet Explorer Protected Mode provides only extremely limited rights to processes launched by Internet Explorer, even if the user is logged on as an administrator. Any process launched from Internet Explorer has access only to the Temporary Internet Files directory. Any file written to that directory cannot be executed.
■ For administrators, UAC prompts the user to confirm before computer-wide configuration changes are made For standard users, the limited privileges block most permanent per-computer changes unless the user can provide administrative credentials
■ Windows Defender notifies the user if malware attempts to install itself as a browser helper object, start itself automatically after a reboot, or modify another monitored aspect of the operating system.
These levels of protection are illustrated in Figure 2-2 .
figure 2-2 Windows 7 uses defense-in-depth to protect against browser exploit malware installations .
Was this article helpful?