Many small- and medium-sized organizations use antivirus software, and yet new viruses, worms, and other forms of malicious software (malware) continue to infect large numbers of computers in these organizations. Malware proliferates at alarming speed and in many different ways, which makes it particularly widespread today. This guide is intended for IT Generalists who want information and recommendations that they can use to effectively address and limit malware that infects computers in small- and medium-sized organizations. This guidance provides a set of tasks that licensed Windows® users can perform at no cost to create the Malware Removal Starter Kit. Recommendations for free malware-scanning tools are included. You can use these tools in combination with the kit to conduct scans, detect problems, and remove malware from your computer. This guidance includes the following sections:  Note The guidance for this kit is intended for use with other anti-malware tools. This kit is not a replacement for other malware prevention methods. On This PageMalware ThreatsThe first step toward containing the spread of malware is to understand the various technologies and techniques that malware authors can use to attack your computer. Malware threats directly target both users and computers. However, it is also important to know that the majority of threats come from malware that targets the user rather than the computer. If a user with administrator-level user rights can be tricked into launching an attack, the malicious code has more power to perform its tasks. Such an attack can frequently cause more damage than one that has to rely on a security hole or vulnerability in an application or the operating system. The "Planning Your Response" section of this starter kit focuses on the ways in which your computer can be at risk to malware attacks, and how you can prepare to address a malware attack by using the Windows Preinstallation Environment (Windows PE) kit that this guidance recommends in combination with other free anti-malware programs. Note The recommendations and prescriptive information in this guidance are not intended for complex environments that require Infrastructure Specialists. For more comprehensive information about this subject, see the Antivirus Defense-in-Depth Guide. How Does Malware Get In?Malware uses many different methods to try and replicate among computers. The following table lists common malware threats to organizations and provides examples of tools that you can use to mitigate them. Table 1: Malware Threats and Mitigations E-mail | E-mail is the transport mechanism of choice for many malware attacks. | | • | Spam filters | | • | Real-time antivirus and antispyware scanners | | • | User education |
| Phishing | Phishing attacks try to trick people into revealing personal details such as credit card numbers or other financial or personal information. Although these attacks are rarely used to deliver malware, they are a major security concern because of the information that may be disclosed. | | • | Spam filters | | • | Pop-up blockers | | • | Antiphishing filters | | • | User education |
| Removable media | This threat includes floppy disks, CD-ROM or DVD-ROM discs, Zip drives, USB drives, and memory (media) cards, such as those used in digital cameras and mobile devices. | | • | Real-time antivirus and antispyware scanners | | • | User education |
| Internet downloads | Malware can be downloaded directly from Internet Web sites such as social networking sites. | | • | Browser security | | • | Real-time antivirus and antispyware scanners | | • | User education |
| Instant messaging | Most instant messaging programs let users share files with members of their contact list, which provides a means for malware to spread. In addition, a number of malware attacks have targeted these programs directly. | | • | Real-time antivirus and antispyware scanners | | • | Personal firewall | | • | Restrict unauthorized programs | | • | User education |
| Peer-to-peer (P2P) networks | To start file sharing, the user first installs a client component of the P2P program through an approved network port, such as port 80. Numerous P2P programs are readily available on the Internet. | | • | Real-time antivirus and antispyware scanners | | • | Restrict unauthorized programs | | • | User education |
| File shares | A computer that is configured to allow files to be shared through a network share provides another transport mechanism for malicious code. | | • | Real-time antivirus and antispyware scanners | | • | Personal firewall | | • | User education |
| Rogue Web sites | Malicious Web site developers can use the features of a Web site to attempt to distribute malware or inappropriate material. | | • | Browser security | | • | Pop-up blockers | | • | Antiphishing filters | | • | User education |
| Remote exploit | Malware might attempt to exploit a particular vulnerability in a service or application to replicate itself. Internet worms often use this technique. | | • | Security updates | | • | Personal firewall |
| Network scanning | Malware writers use this mechanism to scan networks for vulnerable computers that have open ports or to randomly attack IP addresses. | | • | Software updates | | • | Personal firewall |
| Dictionary attack | Malware writers use this method of guessing a user's password by trying every word in the dictionary until they are successful. | | • | Strong password policy | | • | User education |
|
From a security perspective, it would seem best to block all these malware transport methods, but this would significantly limit the usefulness of the computers in your organization. It is more likely that you will need to allow some or all of these methods, but also to restrict them. There is no single anti-malware solution that will fit all organizations, so evaluate the computer requirements and risks for your organization, and then decide how best to defend against malware that attempts to exploit them. Microsoft remains strongly committed to securing its software and services by working with partners to combat malware threats. Recent Microsoft efforts to reduce the impact of malware threats include: | • | Developing defense tools such as Windows Defender, Microsoft Forefront, Windows Live™ OneCare safety scanner, the Malicious Software Removal Tool, and other resources available through the Windows Security Center. For more information about these and other security tools, see the TechNet Security Center or the Security at Home page on Microsoft.com. | | • | The Microsoft Malware Protection Center that provides the latest information on top desktop and e-mail threats to computers running Windows. | | • | The Microsoft Security Response Alliance, which provides information about the Microsoft Virus Initiative (MVI), the Virus Information Alliance (VIA), and other member organizations. | | • | Supporting legislation to eliminate spam and working with law enforcement officials and Internet service providers (ISPs) to help prosecute spam operations. For information about an alliance dedicated to this effort, see America Online, Microsoft and Yahoo! Join Forces Against Spam. |
| |
