Windows Malware

Security threats have constantly changed to adapt to each new generation of operating system. In the past several years, the prevalence of malware (a broad term that encompasses viruses, worms, Trojan horses, and rootkits, as well as spyware and other potentially unwanted software) has soared.

Microsoft uses the term spyware and potentially unwanted software to refer to software that is unwanted but not unambiguously harmful. In this book, the definition of malware includes both clearly malicious viruses and worms and the more ambiguous spyware and potentially unwanted software.

Viruses, worms, and Trojan horses can spread from computer to computer by exploiting software vulnerabilities, guessing user credentials, or tricking users with social engineering techniques. Spyware and potentially unwanted software spread via these techniques and also by legitimate installations initiated by users. Users can install an application, unaware of the undesired functionality of the program or of a program that is bundled with the application. Because of the challenges in identifying malware, it might be impossible to eliminate the threat completely. However, Windows Vista and Windows 7 have many new security features to help protect computers from malware.

Many malware infections can be prevented by installing updates on a mobile computer or by adjusting the security configuration. Group Policy, Windows Server Update Services
(WSUS), and other management technologies have greatly simplified the task of rapidly distributing updates and security changes. However, these changes take effect only when client computers connect to the internal network. When users travel, mobile computers might go days, weeks, or months without connecting to the internal network. DirectAccess, a new technology introduced with Windows 7 and Windows Server 2008 R2, automatically connects computers to the internal network any time they have an Internet connection. Therefore, DirectAccess can keep Windows 7 mobile client computers up to date more regularly than earlier versions of Windows, giving IT the control they need to mitigate newly discovered vulnerabilities by distributing updates or configuration changes.

Originally introduced with Windows Vista, UAC limits the ability of malware to install by enabling IT professionals to deploy users as standard users rather than as administrators. This helps prevent users from making potentially dangerous changes to their computers without limiting their ability to control other aspects on their computers, such as time zone or power settings. For anyone who does log on as an administrator, UAC makes it more difficult for malware to have a computer-wide impact. Windows 7 includes improvements to UAC by reducing the number of prompts that users experience. Additionally, administrators can adjust consent prompt behavior. By making UAC more usable, Windows 7 reduces the cost of deploying Windows using a protected desktop environment. Similarly, the Protected Mode of Internet Explorer runs it without the necessary privileges to install software (or even write files outside of the Temporary Internet Files directory), thereby reducing the risk that Internet Explorer can be abused to install malware without the user’s consent.

Windows Defender detects many types of spyware and other potentially unwanted software and prompts the user before applications can make potentially malicious changes. In Windows 7, Windows Defender includes significantly improved performance for real-time monitoring. By reducing the performance penalty of real-time monitoring, more IT departments can leave real-time monitoring enabled, thus realizing the security benefits. Additionally, Windows Defender uses the Action Center to notify users of potential problems. Windows Service Hardening limits the damage attackers can do in the event that they are able to successfully compromise a service, thereby reducing the risk of attackers making permanent changes to the operating system or attacking other computers on the network. Although Windows 7 cannot eliminate malware, these new technologies can significantly reduce the impact of malware.

Windows 7 is designed to block many types of common malware installation techniques.
The sections that follow describe how Windows Vista and Windows 7 protect against malware that attempts to install without the user’s knowledge through bundling and social engineering, browser exploits, and network worms.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press