How to keep Windows systems protected from malware

Protecting Windows systems from malware is a cat-and-mouse game. The virus authors find an attack vector and exploit it until the security administrators and antivirus companies devise an effective defense. But when the door gets shut on that attack, the virus authors don't just quit and go home. They look for the open window to find a new vulnerability to exploit.

Even more devious (or creative depending on your point of view) malware authors will try to attack through the door, the window and coming down the chimney all at the same time. If one attack vector is good, then two are better and the malware has a much better chance to propagate. When malware uses two attack vector at the same time, you have a bi-modal or bipartite attack. When it uses three or more simultaneous attack vectors, it is a multipartite attack.

Some threats attack computer systems in multiple ways simultaneously. In the case of the Nimda worm, the threat propagated as an e-mail attachment, exploited vulnerabilities in Web browsers, spread to Web servers through a Microsoft Internet Information Server (IIS) weakness and moved through open network shares while modifying various local system files on infected machines.

How should you protect your systems from these multi-faceted threats? Your antivirus software may be guarding the door so to speak, but you also have to protect other methods of entry into your systems. While your strategy will depend on what the attack vectors are, you should employ some basic, common sense steps to protect systems regardless of the type of threat.

Aside from the obvious steps to implement antivirus software and establish a process that ensures AV software is updated frequently, there are various other steps you can take. Below is a list of key steps to proactively defend against bi-modal or multipartite attacks.

Table of Contents
1. Block e-mail file attachments
2. Restrict outbound SMTP traffic
3. Manage patch deployment
4. Use IPsec to protect critical servers
5. Lock down user access and privileges
6. Training, training and more training

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.

More information from SearchWindowsSecurity.com

  • Tip: Combat security threats with user education
  • Checklist: Make sure you design Group Policy with security in mind
  • School: Take a lesson at Hardening Windows School


    • This was first published in June 2005

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.

      Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

      Back to top