Because of the incredible variety and complexity of a malware
infection, prevention is the most effective way to battle malware.
In
previous chapters of this Windows Security Threats All-in-One
Guide, we discussed the different types of malware and the
different methods to remove them. Since removal can be a tedious --
and potentially impossible -- endeavour, taking any and all steps
necessary to prevent infection can save both security
administrators and users a lot of time and trouble.
Unlike malware removal, which often requires specific
understanding of how a malware infection can impact a given system,
various security prevention techniques will effectively block
malware regardless of its particular characteristics. Of course,
some types of malware can sneak past any defenses, so it is best to
apply as many prevention techniques as possible.
Patching
The most obvious way of preventing malware infection is to keep a
Windows system patched. Most malware exploits flaws or
vulnerabilities to infect Windows and its applications. An
up-to-date and fully patched Windows computer will greatly reduce
malware infection possibilities. Of course, there is always concern
about the dreaded zero-day infection, a malware strain that
exploits an unknown flaw or recently discovered vulnerability
without a published patch.
Another way of preventing malware infections is to run
applications that are not as susceptible to infection. The fact of
the matter is that malware targets the most commonly used operating
system (OS) and its native applications. Since the OS and
applications are so closely linked, malware can often cause more
damage than if the applications and OS were not so closely linked
during development. For instance, using third-party Web browsers is
a good way to cut down on the number of potential threats.
Prevention tools
Anti-malware prevention tools are another option for added
protection. Nearly all antivirus and antispyware tools compile
malware signatures -- detailed descriptions of malware
characteristics and behaviours. These applications either block
identified threats as they attack a system or quarantine or remove
them if the threat has managed to slip by the first line of
defense. The downside of these tools is that they require constant
updating of their signature libraries -- libraries that might be
missing a malware description here and there. To increase the
effectiveness of signature-based applications, it is usually a good
idea to run multiple types to cover as many malware signatures as
possible.
The best anti-malware tools use an anomaly detection technique
as well as signature-based defense methods. These tools can adapt
to new types of malware. They take frequent snapshots of Windows
system images and compare them to previous images to look for
differences. These methods rely on the applications heuristic
attributes -- the ability to learn to identify new threats. This is
still a developing malware prevention technique and its
effectiveness is less than 100%, but these applications do provide
an added measure of defense.
User education
Technology-based prevention methods are rarely 100% effective by
themselves. In addition, many threats still rely on social
engineering tactics that can circumvent even the most advanced
anti-malware technologies. For these malware threats, the best --
and sometimes only -- prevention method is user education. Better
knowledge about what not to accept, where not to surf and who not
to trust is ultimately the best malware prevention method.