Hire or appoint a dedicated security resource and establish an emergency response team.

Create, communicate, and update a comprehensive, company-wide set of security policies. These policies should address everything from appropriate use of company resources to treatment and handling of confidential data.

Perform a vulnerability assessment and, based on that assessment, establish a business continuity and disaster recovery plan.

Newer versions are less susceptible to vulnerabilities. Our own data shows that Windows XP SP2 users are 13 to 15 times less likely to be infected by the latest malware. In addition, in the first 635 days after product release, Windows Server 2003 had 67 percent less critical and important bulletins than Windows Server 2000.

Having security at multiple layers within the network is important so that if one defense measure fails, there are more layers behind it for continuous protection.

Make sure you have all the latest updates and patches.

Install a firewall.

If you’re running Windows XP or Windows Server 2003, make sure you have Windows Firewall enabled. For enterprise network configurations requiring multiple firewall arrays in different locations, ISA Server contains an application-layer aware firewall that helps protect organizations of all sizes from attack by both external and internal threats.

Install software tools that protect against spyware, viruses, and other malicious software.

The beta version of Microsoft Windows AntiSpyware is a security technology that helps protect Windows users from spyware and other potentially unwanted software.

For computers running Windows XP, Windows 2000, and Windows Server 2003, the Microsoft Windows Malicious Software Removal Tool is updated monthly and checks for infections by specific, malicious software including Blaster, Sasser, and Mydoom and helps remove any infections found.

As always, be sure you have antivirus software installed and regularly updated.

Ensure you have a good edge or quarantine solution in place. For example, the VPN quarantine service in Windows Server 2003 SP1 allows you to verify that individual computers are clean before they are reconnected to your network via remote access.

Complete an inventory of all your computing assets and software and identify threats and weaknesses in your infrastructure.

Automate update management. For consumers and small businesses Microsoft update consolidates software updates from Windows Update, Office Update and others. For larger organizations, Windows Server Update Services (WSUS) helps centrally manage the distribution of updates.

Be sure to sign up for regular notifications of newly released Microsoft Security Bulletins, and patches, updates, or service packs that are available for download.

Evaluate and plan the deployment of software updates. These updates are now released on the second Tuesday of the month.

Have a plan for fast patch roll-outs, less than 24 hours if needed.

Determine an appropriate time interval to track system compliance (weekly is recommended) and then determine how you will scan and report within that interval.

For mid-sized businesses, leverage tools such as Windows Server Update Services (WSUS) with simplified patch management capabilities. For larger enterprises, use Systems Management Services (SMS) 2003 with the Inventory Tool for Microsoft Updates for overall change and configuration management to maintain an inventory of compliance levels of each managed computer, including but not limited to updates.

Develop a plan for all levels of the organization including administrators, end-users, and developers, on their role and responsibility for information security within the company.

Ensure that your executives will follow up and act appropriately when notified of a policy violation and accept the potential business interruption to correct vulnerable systems.

These are just some suggestions and policies you can implement to help reduce the problem of malicious software.

Resources for Reducing Malware
View these security resources to learn about malware-related planning, protection, detection, and response.

The Antivirus Defense-in-Depth Guide
Review this overview of different types of malware, or malicious software, including information about the risks they pose, malware characteristics, means of replication, and payloads.

Security at Home: Protect Your PC
Learn more about the symptoms of spyware and other unwanted software and how you can help protect your computer.