Windows Vista malware protection features
Image 1 of 17
Malware is any program or file that is intended to be harmful to your computer. Microsoft has become more dedicated in protecting computers against malware attacks as in evident in the release of Windows Vista.
Windows Vista includes several technologies, that when used together, enhance protection against various forms of malware. These technologies include: User Account Control, Windows Defender, Malicious Software Removal Tool, IE 7 security, Windows Firewall and the Security Center.
Credit: Diana Huggins
User Account Control (UAC)
User Account Control (UAC)
User Account Control (UAC) is the feature that enables Vista to be able to run more reliably without giving the user local admin rights to the system. This does result in some additional dialog boxes and warnings that pop up for users but in the end can reduce the damage that malware can do to a computer.
Credit: Diana Huggins
UAC on by default
UAC on by default
User Account Control is enabled by default in Windows Vista. Microsoft recommends leaving it enabled to protect against the installation of malicious software. The Security Center will indicate whether UAC is turned on.
Credit: Diana Huggins
Customizing UAC through local computer policy
Customizing UAC through local computer policy
Further to enabling/disabling this feature, you can control the behavior of UAC through the local computer policy.
Open the Local Computer Policy and navigate to the following locations: Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
Credit: Diana Huggins
UAC Admin Approval Mode
UAC Admin Approval Mode
User Account Control: Admin Approval Mode for the Built-in Administrator Account
The default value for the UAC policy setting is Disabled for new installations and upgrades when the built-in Administrator is not the only active local administrator account on the computer.
Credit: Diana Huggins
UAC Elevation prompt for admins
UAC Elevation prompt for admins
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.
This security setting determines the type of prompt an admin-level user will receive when they attempt to perform an admin-level task. The default value is Prompt for Consent. You can increase security by setting the value to Prompt for Credentials. Doing so means the admin-level user will need to enter their admin-level username and password.
Credit: Diana Huggins
UAC Elevation prompt for standard users
UAC Elevation prompt for standard users
User Account Control: Behavior of the elevation prompt for standard users
This security setting determines the type of prompt a standard user will receive when they attempt to perform an admin-level task. The default value is Prompt for Credentials.
You can increase security by setting the value to Automatically deny elevation requests. Standard users will then have to perform admin-level tasks using the Run command or by logging in with an admin-level account.
Credit: Diana Huggins
Windows Defender scan scheduling
Windows Defender scan scheduling
Windows Defender is configured to scan your computer every day at 2:00 AM. This schedule should be changed if the scan can not be performed at this time.
You should enable the Check for updated definitions before scanning option. This is your best bet for ensuring the software is up-to-date with the latest definitions. Otherwise you must be diligent enough to manually check for updates on a regular basis.
Note: Windows Defender should be used in conjunction with third party anti-virus software.
Credit: Diana Huggins
Configuring Windows Defender with Local Computer Policy
Configuring Windows Defender with Local Computer Policy
There are several settings within the Local Computer Policy for controlling how Windows Defender behaves. The settings you configure will be specific to your requirements of your computing environment.
For example, if WSUS is used to deploy updates to Windows Defender, you should consider enabling the Turn on definition updates through both WSUS and Windows Update. In the event that the WSUS server in your environment is unavailable, Vista will use Windows Update to check for new definitions.
Credit: Diana Huggins
Malicious Software Removal Tool
Malicious Software Removal Tool
Even with the appropriate security measures in plan, there is still the risk that an instance of malware can go undetected by your anti-virus software or even disable it. The Malicious Software Removal Tool is designed for such situations. When the tool is run, it detects and removes any malicious software it finds on your computer.
Although the tool is not necessary if you are running up-to-date anti-virus software, it does provide another layer of protection.
Credit: Diana Huggins
Malicious Software Removal Tool scan options
Malicious Software Removal Tool scan options
The tool is installed with Windows Vista and is available as a free download for Windows XP. You can locate the tool by typing mrt.exe in the Search field on the Start menu.
When the tool is run, you can choose the type of scan to perform. As you can see from the exhibit, you can perform a Quick, Full or Custom scan.
Credit: Diana Huggins
Malicious Software Removal Tool - Quick Scan
Malicious Software Removal Tool - Quick Scan
If you choose a Quick scan, the Malicious Software Removal Tool will scan the areas of a computer that are likely to contain malicious software.
With a Full scan, the entire system is checked for malware. You should perform a Full scan every once in a while but be advised that it can take up to a few hours depending on your system.
Finally, you can opt to perform a Custom scan and choose the folders or areas of your computer that you want the Malicious Software Removal Tool to scan.
Credit: Diana Huggins
Malicious Software Removal Tool scan results
Malicious Software Removal Tool scan results
The results of the scan will indicate whether any malicious software was found on your computer.
Credit: Diana Huggins
Software Restriction Policies
Software Restriction Policies
Software Restriction Policies are yet another way that you can protect your computer from malware. You can use them to control what software users can run on a computer and prevent certain executables from running.
Credit: Diana Huggins
Internet Explorer 7 Security Tab
Internet Explorer 7 Security Tab
Internet Explorer has its own set of security options that can be used in conjunction with the other technologies discussed to protect your computer. IE7 in Vista now operates in a quarantined corner of the OS, where it can no longer allow spyware, adware, and various malware threats to have an open door into the throne room.
From the Security tab, you can enable Protected Mode. This feature prevents malicious users from changing any files or settings without your explicit permission. It is enabled by default for all security zones, except the Trusted Site zone.
Credit: Diana Huggins
Internet Explorer 7 Phishing Filter
Internet Explorer 7 Phishing Filter
IE 7 protects against phishing scams through the Phishing Filter. It is designed to protect against phony Web sites that attempt to gather personal information about you when you are online.
The tool requires little to no configuration. Once it is enabled through the Internet Properties window, it will run in the background without your intervention.
Credit: Diana Huggins
Windows Firewall profiles
Windows Firewall profiles
In Windows Vista, the firewall is now more advanced because it lets you create and apply specialized rules depending on the type of network you are connected to.
Windows Firewall with Advanced Security supports three different profiles that are based on three common environments: Domain, Public and Private.
The profile that you apply will be based on the network you are connected to. If you connect your computer directly to a Public network such as the Internet, the Public profile should be applied.
Credit: Diana Huggins
