How to protect a Windows 10 host against malware
Contrary to popular belief, malware is not a Space Cowboy costume — that would be “Mal Wear.” Malware is the shortened form of “Malicious Software”, a term that can cover an enormous amount of possible attacks but can be boiled down to a specific premise: programs that perform actions without informed consent that can be considered destructive and/or intrusive. Therefore, most times we are going to want to try to keep our systems clear of as many of them as we can.
Today we’re going to be going over how to protect a Windows 10 host against malware and dividing protection methods up into specific categories- software protections, hardware protections and browser-based protections.
Protecting the system: Software
Viruses predate most known other malware types with the first known case of a software virus occurring in the early 1970s with the Creeper Virus. Unlike “Software Bugs“, these were never their classic counterparts where an actual biological virus interacted with a computer system.
Antivirus applications first started to appear on the scene in 1987 with McAfee and NOD both releasing the first versions of their products along with a number of others for various platforms. These utilities began entering the public consciousness in the early ’90s, with multiple competing products for the home and enterprise markets emerging around roughly the same time. These include names that can be still quite common today such as Panda, Norton, AVG and F-Secure.
As malware continued to evolve its distribution methods and overall complexity, standard anti-virus applications began to show that they were not enough. Software Firewalls began to become standard, with Microsoft’s built-in Windows Firewall representing a major shift in preventing unauthorized connections to the present day. While there are many different software firewall vendors, such as pfSense, Checkpoint, and Sophos, anything is better than nothing.
The methods of detection also needed an update, as regularly scheduled scans were proving to be not enough. With the added processing power of newer and more powerful systems, anti-virus and anti-malware programs began to develop always-on scanning- leading to detections at the very moment of contact. This meant that anti-malware programs were able to move towards prevention in addition to detection — utilities such as Spybot: Search and Destroy and Malwarebytes for example have their detection abilities along with system hardening options that can help prevent certain kinds of infections from being able to phone home for updates and instructions.
Protecting the system: Hardware
Historically the most prominent distribution method in the pre-internet era was through physical objects such as floppies. This has since progressed through to USB sticks, memory cards and other forms of removable media which for a very long time Windows was told by default to automatically run. This meant that simply plugging the device into the system could be enough to cause an infection. So this means that two things we can check right off the bat are disabling autorun, and- if possible in our environment- disable USB ports for data transfer.
In situations where we still are going to have to allow certain users access to USB data transfer, we can create an air-gapped scanning system- designed to check for and eliminate any potentially hostile software on removable media. Once it is verified as clean, the data can then be given to the user through whatever means our organization decides to use.
In the case of larger organizations as well, we may choose to offload some of the more intensive applications such as firewalls to dedicated appliances or servers. Hardware Firewalls such as those from Cisco, Fortinet and Sonicwall can reduce the load on individual systems while keeping those same systems protected along with reducing the amount of updating and maintenance required.
Protecting the system: Browser
Despite having both hardware and software protections, we may still need some additional help when it comes to preventing infections through the browser. Major browsers try to help as much as they can when it comes to notifying users about potentially dangerous downloads and update frequently in order to fix as many issues as they can.
However, this applies most times only to times when users are deliberately trying to download something. When it comes to items such as “drive-by downloads”- data automatically handled by the browser itself due to standard practices- these infections may still be able to get through our normal protections. If we can block extraneous content from being displayed in the browser to begin with, this can radically increase the speed of browsing as well as improve our security. Disabling Java and Flash by default can be a good start, but we can go further through the use of extensions such as Adblock Plus, Ghostery and NoScript. These sorts of extensions can help stop scripts and other sorts of dynamic content from being loaded by default, which can give users a more secure browsing experience at the cost of possibly not being as shiny as they are expecting when they first load a page.
It may seem like an uphill battle to prevent malware infections on Windows 10. Yet even out of the box, Microsoft has done its best to try to make the Operating System as secure as it can. Sometimes this means we have to modify certain settings to reactivate legacy compatibility while other times these outdated standards have been simply blocked. Despite this, however, system security continues to be a priority and what we choose to deploy depends greatly on our usage cases.
Whatever you decide to implement, however, be sure to read up on how to use it safely and configure it correctly as best practices can mean the difference between a successful security plan and a paperweight.
- What is Malware?, Infosec Resources
- How to configure Windows 10 Firewall, Infosec Resources
- The Security Awareness Hazards of Removable Media, Infosec Resources
- What is a “Drive-By” Download?, McAfee