Windows Virus and Malware

Troubleshooting
DEFENDING WINDOWS PCS AGAINST MALWARE

Mike Halsey
MVP

@PC Support tv www.PC Support.tv

 Module Overview

Malware and Virus Removing

Defending PCs
Resources and Malware and
against Malware
Tools Viruses from PCs
This Course Covers Three Windows Versions

7 8.1 10

Windows 7 Windows 8.1 Windows 10

Mainstream Support Expired Mainstream Support Jan 9, 2018 Mainstream Support 10 years+
Extended Support Jan 14, 2020 Extended Support Jan 10, 2023 Extended Support 10 years+
 Module Content

Different types of Configuring

The psychology of
malware and virus Windows desktop
attack malware attacks security

Browsing the web Restricting the

Using Secure Boot
securely Surface for attack
Different Types of Malware and Virus Attack
 The best known types of malware
Viruses spread from one machine to
another via physical contact or sharing
Viruses and
Worms burrow from one machine to
Worms another across a network
Viruses and worms will perform one of the
actions described later in this section
 One of the most innocuous forms of
malware
Stores and transmits records of your
Spyware activities online
Similar to software used by major web
companies and advertisers
 The most innocuous form of malware
Adware Serves adverts to you in the form of pop up
windows or through an adware app plug-in
 A package that seems innocuous, but that
carries a hidden payload
Commonly hides a keylogger, bot, or
Trojans backdoor
Commonly disguised as a video playback
codec, a game, app, plug-in, or document
 Bots are usually found for sale on the Dark
Web, as a Botnet
They are used to perform mass activities
such as Distributed Denial of Service
(DDoS) attacks
Bots
Other activities performed by Bots include
the sending of spam or phishing emails
Bots can contain additional payloads, such
as a keylogger, or backdoor
 Rootkits and Bootkits will attempt to gain
control of the PCs Boot Sector, and install
themselves there
Once in place they can hide themselves
Rootkits from security and anti-virus software, by
running the OS in a Hypervisor, or by
patching an Application Programming
Interface (API) that has an exploitable
vulnerability
 Backdoors offer similar functionality to
remote support and remote desktop
software
They allow criminals remote access into a
Backdoors PC
Once access to the PC has been granted, all
files, documents and resources are
available, such as viewing the users
webcam, or listening via their microphone
 Ransomeware is the nastiest form of
malware (currently) available
It will encrypt your files and documents,
and demand you pay a ransom (usually in
the online currency Bitcoin) for the unlock
package
Ransomware
The unlock package will commonly contain
an additional malware payload
Ransomware hits thousands of major
business, organisations and academic
institutions every year, many of whom
secretly pay the ransom
The Psychology of Malware Attacks
Security Awareness
Configuring Windows Desktop Security
 A clearly-defined, and easy to follow set of
on and off-premises policies covering

Data protection
Privacy
Organizational File and Data storage
File and Data transport
Level Security Removable and portable media
Encryption
Biometrics
Password enforcement
BYOD access
Guest device access
 Windows 7 Windows 8.1 Windows 10

Security Center
Windows Defender Download
Windows Defender Offline Download Download
Windows Firewall
Advanced Firewall
User Account Control
SmartScreen
Malicious Software Removal Tool Option Option
Secure Boot
Trusted Boot
App Containers Limited
Early Launch Anti-Malware
Mandatory Security Updates Option Option
Using Secure Boot
Secure Boot first verifies that the
motherboard UEFI firmware is digitally
signed
It then queries the digital signature of the
Boot loader, checking it matches a
cryptographic signature stored in the UEFI
firmware
If both signatures match, the Operating
System is permitted to load
Secure Boot is required on all consumer
PCs sold with Windows 8.1 and Windows 10
from all Official Microsoft OEM Partners
Custom PCs, and some business PCs may
not come with Secure Boot support, or
with Secure Boot enabled
Some UEFI systems support disabling
Secure Boot in the firmware
Some Linux distros support Secure Boot,
check the website for the distro you wish to
install
Some UEFI systems allow you to mark a
non-Secure Boot OS as safe
 Trusted Boot takes over once the OS has
begun to load
It checks the OS Kernel, and all other OS
components, drivers, start-up files, Early
Launch Anti-Malware to see if they have
been modified
Trusted Boot
If a component has been modified,
Trusted Boot will refuse to load that
component, and Windows automatic
system repair will attempt to repair the
damaged or modified component in the
background
Browsing the Web Securely
Never click anything just
because an app or
website asks you to!
 Windows 7 Windows 8.1 Windows 10

Microsoft Internet Explorer

Microsoft Edge
Google Chrome Download Download Download
 123456 1234567890
password letmein
12345678 photoshop
qwerty 1234
abc123 monkey
123456789 shadow
111111 sunshine
1234567 12345
iloveyou password1
adobe123 princess
123123 azerty
admin trustno1
000000
password
pAssword
pA5sword
pA5sw()rd
sEcurepA5sw()rd
5Ecur3pA5sw()rd
mOr35Ecur3pA5sw()rd
uNiqu3Ecur3pA5sw()rdpaYpaL
 Always use
Two-Factor
Authentication
if available
Restricting the Surface for Attack
Only give users access to the files,
documents, and cloud and network
resources they MUST have access to
Keep all files, and customer (and other)
data encrypted at all times
Have a thorough backup routine in place,
with both onsite, offsite/cloud backups,
and backups taking place at different times
and on different schedules
Keep your PCs and device firmware
updated at all times
Consider the avenues for attack. Do you
have IoT devices, and what username and
password does your router use?
Create a guest Wi-Fi network, so that
visitors to your organisation can get online
without getting network access
Use Group Policy on PCs to determine what
people can download, share and transfer to
mobile devices
Never assume that anything is secure
ever!
 A common mistake that
people make when trying to
design something
completely foolproof is to
underestimate the ingenuity
of complete fools.
Douglas Adams, Mostly Harmless (Harmony Books, 1992)
 Be aware of the psychology of attack
Set up Security Awareness Training
Summary Set Organizational Level Security Policies
Ensure your PCs use Secure Boot
Set an appropriate backup policy
Enforce Strong Password Policies
Only give access to what people need
Plan for the worst, and hope for the best