Because of the incredible variety and complexity of a malware infection, prevention is the most effective way to battle malware. In previous chapters of this Windows Security Threats All-in-One Guide, we discussed the different types of malware and the different methods to remove them. Since removal can be a tedious -- and potentially impossible -- endeavor, taking any and all steps necessary to prevent infection can save both administrators...
and users a lot of time and trouble.
The most obvious way of preventing malware infection is to keep a Windows system patched. Most malware exploits flaws or vulnerabilities to infect Windows and its applications. An up-to-date and fully patched Windows computer will greatly reduce malware infection possibilities. Of course, there is always concern about the dreaded zero-day infection, a malware strain that exploits an unknown flaw or recently discovered vulnerability without a published patch.
Another way of preventing malware infections is to run applications that are not as susceptible to infection. The fact of the matter is that malware targets the most commonly used operating system (OS) and its native applications. Since the OS and applications are so closely linked, malware can often cause more damage than if the applications and OS were not so closely linked during development. For instance, using third-party Web browsers is a good way to cut down on the number of potential threats.
Anti-malware prevention tools are another option for added protection. Nearly all antivirus and antispyware tools compile malware signatures -- detailed descriptions of malware characteristics and behaviors. These applications either block identified threats as they attack a system or quarantine or remove them if the threat has managed to slip by the first line of defense. The downside of these tools is that they require constant updating of their signature libraries -- libraries that might be missing a malware description here and there. To increase the effectiveness of signature-based applications, it is usually a good idea to run multiple types to cover as many malware signatures as possible.
The best anti-malware tools use an anomaly detection technique as well as signature-based defense methods. These tools can adapt to new types of malware. They take frequent snapshots of Windows system images and compare them to previous images to look for differences. These methods rely on the applications heuristic attributes -- the ability to learn to identify new threats. This is still a developing malware prevention technique and its effectiveness is less than 100%, but these applications do provide an added measure of defense.
Technology-based prevention methods are rarely 100% effective by themselves. In addition, many threats still rely on social engineering tactics that can circumvent even the most advanced anti-malware technologies. For these malware threats, the best -- and sometimes only -- prevention method is user education. Better knowledge about what not to accept, where not to surf and who not to trust is ultimately the best malware prevention method.