Microsoft

Windows Vista malware protection features

By · January 2, 2007, 3:41 AM PST · billdetwiler

Image 1 of 20

  • Malware is any program or file that is intended to be harmful to your computer. Microsoft has become more dedicated in protecting computers against malware attacks as in evident in the release of Windows Vista.

    Windows Vista includes several technologies, that when used together, enhance protection against various forms of malware. These technologies include: User Account Control, Windows Defender, Malicious Software Removal Tool, IE 7 security, Windows Firewall and the Security Center.

    Credit: Diana Huggins

  • User Account Control (UAC)

    User Account Control (UAC) is the feature that enables Vista to be able to run more reliably without giving the user local admin rights to the system. This does result in some additional dialog boxes and warnings that pop up for users but in the end can reduce the damage that malware can do to a computer.

    Credit: Diana Huggins

  • UAC on by default

    User Account Control is enabled by default in Windows Vista. Microsoft recommends leaving it enabled to protect against the installation of malicious software. The Security Center will indicate whether UAC is turned on.

    Credit: Diana Huggins

  • Customizing UAC through local computer policy

    Further to enabling/disabling this feature, you can control the behavior of UAC through the local computer policy.

    Open the Local Computer Policy and navigate to the following locations: Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

    Credit: Diana Huggins

  • UAC Admin Approval Mode

    User Account Control: Admin Approval Mode for the Built-in Administrator Account

    The default value for the UAC policy setting is Disabled for new installations and upgrades when the built-in Administrator is not the only active local administrator account on the computer.

    Credit: Diana Huggins

  • UAC Elevation prompt for admins

    User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.

    This security setting determines the type of prompt an admin-level user will receive when they attempt to perform an admin-level task. The default value is Prompt for Consent. You can increase security by setting the value to Prompt for Credentials. Doing so means the admin-level user will need to enter their admin-level username and password.

    Credit: Diana Huggins

  • UAC Elevation prompt for standard users

    User Account Control: Behavior of the elevation prompt for standard users

    This security setting determines the type of prompt a standard user will receive when they attempt to perform an admin-level task. The default value is Prompt for Credentials.

    You can increase security by setting the value to Automatically deny elevation requests. Standard users will then have to perform admin-level tasks using the Run command or by logging in with an admin-level account.

    Credit: Diana Huggins

  • Windows Defender

    Windows Defender is a spyware scanning application that looks for potential threats and shuts them down and alerts you when applications engage in suspicious activities.

    Credit: Diana Huggins

  • Windows Defender scan scheduling

    Windows Defender is configured to scan your computer every day at 2:00 AM. This schedule should be changed if the scan can not be performed at this time.

    You should enable the Check for updated definitions before scanning option. This is your best bet for ensuring the software is up-to-date with the latest definitions. Otherwise you must be diligent enough to manually check for updates on a regular basis.

    Note: Windows Defender should be used in conjunction with third party anti-virus software.

    Credit: Diana Huggins

  • Configuring Windows Defender with Local Computer Policy

    There are several settings within the Local Computer Policy for controlling how Windows Defender behaves. The settings you configure will be specific to your requirements of your computing environment.

    For example, if WSUS is used to deploy updates to Windows Defender, you should consider enabling the Turn on definition updates through both WSUS and Windows Update. In the event that the WSUS server in your environment is unavailable, Vista will use Windows Update to check for new definitions.

    Credit: Diana Huggins

  • Malicious Software Removal Tool

    Even with the appropriate security measures in plan, there is still the risk that an instance of malware can go undetected by your anti-virus software or even disable it. The Malicious Software Removal Tool is designed for such situations. When the tool is run, it detects and removes any malicious software it finds on your computer.

    Although the tool is not necessary if you are running up-to-date anti-virus software, it does provide another layer of protection.

    Credit: Diana Huggins

  • Malicious Software Removal Tool scan options

    The tool is installed with Windows Vista and is available as a free download for Windows XP. You can locate the tool by typing mrt.exe in the Search field on the Start menu.

    When the tool is run, you can choose the type of scan to perform. As you can see from the exhibit, you can perform a Quick, Full or Custom scan.

    Credit: Diana Huggins

  • Malicious Software Removal Tool - Quick Scan

    If you choose a Quick scan, the Malicious Software Removal Tool will scan the areas of a computer that are likely to contain malicious software.

    With a Full scan, the entire system is checked for malware. You should perform a Full scan every once in a while but be advised that it can take up to a few hours depending on your system.

    Finally, you can opt to perform a Custom scan and choose the folders or areas of your computer that you want the Malicious Software Removal Tool to scan.

    Credit: Diana Huggins

  • Malicious Software Removal Tool scan results

    The results of the scan will indicate whether any malicious software was found on your computer.

    Credit: Diana Huggins

  • Software Restriction Policies

    Software Restriction Policies are yet another way that you can protect your computer from malware. You can use them to control what software users can run on a computer and prevent certain executables from running.

    Credit: Diana Huggins

  • Internet Explorer 7 Security Tab

    Internet Explorer has its own set of security options that can be used in conjunction with the other technologies discussed to protect your computer. IE7 in Vista now operates in a quarantined corner of the OS, where it can no longer allow spyware, adware, and various malware threats to have an open door into the throne room.

    From the Security tab, you can enable Protected Mode. This feature prevents malicious users from changing any files or settings without your explicit permission. It is enabled by default for all security zones, except the Trusted Site zone.

    Credit: Diana Huggins

  • Internet Explorer 7 Phishing Filter

    IE 7 protects against phishing scams through the Phishing Filter. It is designed to protect against phony Web sites that attempt to gather personal information about you when you are online.

    The tool requires little to no configuration. Once it is enabled through the Internet Properties window, it will run in the background without your intervention.

    Credit: Diana Huggins

  • Windows Firewall

    The Windows Firewall is a crucial component of your defense strategy. This is becoming more and more important as people store personal information on their computers such as bank account numbers, credit card data, tax information, and so on.

    By implementing a firewall, you can close the door to your local computer and private network so intruders can not get in, but you can still get out. The Windows Firewall with Advanced Security allows you to filter both inbound and outbound traffic.

    Credit: Diana Huggins

  • Windows Firewall profiles

    In Windows Vista, the firewall is now more advanced because it lets you create and apply specialized rules depending on the type of network you are connected to.

    Windows Firewall with Advanced Security supports three different profiles that are based on three common environments: Domain, Public and Private.

    The profile that you apply will be based on the network you are connected to. If you connect your computer directly to a Public network such as the Internet, the Public profile should be applied.

    Credit: Diana Huggins

  • Windows Security Center

    The Windows Security Center should be your first stop in checking your defense against malware.

    The Security Center provides a quick way of checking the status of various security options and all the pertinent security settings used to protect your computer against malware are available from this interface.

    Credit: Diana Huggins

Malware is any program or file that is intended to be harmful to your computer. Microsoft has become more dedicated in protecting computers against malware attacks as in evident in the release of Windows Vista.

Windows Vista includes several technologies, that when used together, enhance protection against various forms of malware. These technologies include: User Account Control, Windows Defender, Malicious Software Removal Tool, IE 7 security, Windows Firewall and the Security Center.

Credit: Diana Huggins
Related Topics:
Microsoft Enterprise Software Software Collaboration Mobility Cloud Hardware

By Bill Detwiler

Bill Detwiler is Editor in Chief of TechRepublic and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the ...

Show Comments