Everything You Need to Know About Malware and Microsoft’s Defense
By on July 20th, 2011

Malware, popular term for malicious software, is a software program designed to damage a user’s computer, a server, or network; or to steal personal or sensitive information of a user or defrauding the user through online scams.

What are Different Types of Malware?

  • Rogue security software: Rogue security software masquerades as legitimate security software or Microsoft Update user interface. Fake alerts scare users into thinking that their computer has been compromised and clicking the suggested link to resolve the issue which instead stealthily   downloads malware to the computer.
  • Password stealers: A password stealer transmits personal information such as user names and passwords that an unsuspicious user enters while browsing the web or using applications on the computer.
  • Keyloggers: A keylogger sends keystrokes or screenshots to an attacker. The information can be then used to ascertain passwords, bank account numbers, or any sensitive information that a user types.
  • Rootkits: A rootkit performs functions that a system administrator cannot easily detect or undo. A rootkit is often installed as part of a bundle of malware, where it hides itself and other malware that performs a more
    dangerous activity.
  • Viruses: Viruses are malware that replicate by infecting other files on the computer, thus allowing the execution of the malware code, and its propagation when those files are activated.
  • Worms: A worm is a self-propagating program that can automatically distribute itself from one computer to another.
  • Trojan horses: A trojan horse is an application that appears legitimate and useful, but performs malicious and illicit activity on an affected computer.
  • Spyware: Spyware collects information, such as the websites that a user visits, without user’s knowledge.

Why is Malware a Serious Problem?

Malware is a common weapon for cyber-criminals against individuals and organizations. Malware writers use constantly evolving techniques to make detecting and removing their software difficult. Often malware are deployed together as part of a large, sophisticated assault to recruit vulnerable computers into botnets. Botnets are attractive to criminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of attacked computers to generate vast amounts of spam, hack websites, and commit online frauds.

Microsoft’s Approach to Combat Malware

Microsoft’s approach to combat malware is based on the antimalware engine, a core component that works with several Microsoft products and services. The antimalware engine scans client computers for signs of malware at every possible level of infection, from the browser or application level down to system files. The antimalware engine scans files on more than 600 million computers every month and is extremely robust.

Microsoft’s antimalware engine works with several Microsoft products, such as:

  • Microsoft Security Essentials
  • Microsoft Forefront Protection Manager
  • Microsoft Forefront Endpoint Protection
  • Microsoft Forefront Online Protection for Exchange
  • Microsoft Forefront Threat Management Gateway (TMG)
  • Malicious Software Removal Tool
  • Microsoft Safety Scanner

Also, the technology and reporting in the antimalware engine is used in Windows 7 security features and Windows Defender scanning and removal features. The antimalware engine also underlies the filters that help protect Windows Live services.

Microsoft Malware Protection Center (MMPC) constantly accrues and analyzes global data to help protect Microsoft customers. The MMPC publishes an analysis of the evolving threat landscape in the Microsoft Security Intelligence Report (SIR). Having a broad view of the malware ecosystem enables Microsoft to better understand, react to, and interdict malware threats. Through the antimalware engine, the various Microsoft products gather anonymous telemetry data about malware and potential malware from client computers and from web crawlers. In addition, Microsoft partners with external industry organizations to share information and trends.  MMPC has established an extensive, highly detailed, and searchable malware encyclopaedia that is constantly updated and expanded. The encyclopaedia contains descriptions of malware behavior, triggers, infection techniques, and removal steps.

Scanning is the first task that the antimalware engine performs. The engine then detects, classifies, and removes any threats that it finds. Microsoft antimalware solutions provide on-demand, scheduled, and on-access (real-time) scanning options. After the antimalware engine has identified an item that requires further examination, it must determine whether malware is present. The engine uses various techniques like heuristics, static analysis, dynamic translation, and behavior monitoring to detect malware. The final step is for the antimalware engine to take action against the files that are identified as a type of malware. The antimalware engine allows for holistic removal of malware.

An important step in combating malware that Microsoft encourages is to keep computers up to date. Microsoft antimalware products can be configured to automatically download new definition files as they are released by MMPC. The updates are distributed through several channels like Windows Update, Microsoft Update, and Windows Server Update Services (WSUS). Microsoft also provides alternate download locations from where the specific definition files can be downloaded.

Tags: , ,
Author: Abhishek Baxi
Abhishek Baxi is an independent technology columnist for several international publications and a digital consultant. He speaks incessantly on Twitter (@baxiabhishek) and dons the role of Editor-in-Chief here at Techie Buzz.

Abhishek Baxi has written and can be contacted at abhishek@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN