Prevent malware infection — Windows security, Microsoft Docs
Prevent malware infection
- 1 Prevent malware infection
- 2 Keep software up to date
- 3 Be wary of links and attachments
- 4 Watch out for malicious or compromised websites
- 5 Don’t attach unfamiliar removable drives
- 6 Use a non-administrator account
- 7 Other safety tips
- 8 Software solutions
- 9 What to do with a malware infection
- 10 IP Enclosure Ratings & Standards Explained
- 11 IP Rating Reference Chart
Malware authors are always looking for new ways to infect computers. Follow the tips below to stay protected and minimize threats to your data and accounts.
Keep software up to date
Exploits typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren’t available to exploits anymore.
To keep Microsoft software up to date, ensure that automatic Microsoft Updates are enabled. Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements.
Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices.
- Use an email service that provides protection against malicious attachments, links, and abusive senders. Microsoft Office 365 has built-in antimalware, link protection, and spam filtering.
For more information, see phishing.
Watch out for malicious or compromised websites
When you visit malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See exploits and exploit kits as an example of how some of these sites can automatically install malware to visiting computers.
To identify potentially harmful websites, keep the following in mind:
The initial part (domain) of a website address should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example .com is spelled examp1e .com, the site you are visiting is suspect.
Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons.
To block malicious websites, use a modern web browser like Microsoft Edge that identifies phishing and malware websites and checks downloads for malware.
If you encounter an unsafe site, click More [вЂ¦] > Send feedback on Microsoft Edge. You can also report unsafe sites directly to Microsoft.
Pirated material on compromised websites
Using pirated content is not only illegal, it can also expose your device to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware.
Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported.
To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as Windows 10 Pro SKU S Mode, which ensures that only vetted apps from the Windows Store are installed.
Don’t attach unfamiliar removable drives
Some types of malware spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives by leaving them in public places for unsuspecting individuals.
Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a cafГ© or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files.
Use a non-administrator account
At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices.
By default, Windows uses User Account Control (UAC) to provide automatic, granular control of privilegesвЂ”it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run.
To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges.
Whenever necessary, log in as an administrator to install apps or make configuration changes that require admin privileges.
Other safety tips
To further ensure that data is protected from malware and other threats:
Backup files. Follow the 3-2-1 rule: make 3 copies, store in at least 2 locations, with at least 1 offline copy. Use OneDrive for reliable cloud-based copies that allow access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware.
Be wary when connecting to public hotspots, particularly those that do not require authentication.
Use strong passwords and enable multi-factor authentication.
Do not use untrusted devices to log on to email, social media, and corporate accounts.
Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk.
Microsoft provides comprehensive security capabilities that help protect against threats. We recommend:
Automatic Microsoft updates keeps software up to date to get the latest protections.
Controlled folder access stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access.
Microsoft Edge browser protects against threats such as ransomware by preventing exploit kits from running. By using Windows Defender SmartScreen, Microsoft Edge blocks access to malicious websites.
Microsoft Exchange Online Protection (EOP) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies.
Microsoft Safety Scanner helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product.
Microsoft 365 includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data.
Office 365 Advanced Threat Protection includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.
OneDrive for Business can back up files, which you would then use to restore files in the event of an infection.
Microsoft Defender Advanced Threat Protection provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender ATP free of charge.
Windows Hello for Business replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.
Earlier than Windows 10 (not recommended)
- Microsoft Security Essentials provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software.
What to do with a malware infection
Microsoft Defender ATP antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects.
IP Enclosure Ratings & Standards Explained
What is an IP Rating?
IP rating is also known as Ingress Protection or International Protection ratings which are defined to the international standard of EN 60529 (British BS EN 60529:1992). This standard is used to define the levels of sealing effectiveness of electrical enclosures against intrusion from foreign bodies such as tools, dirt and moisture.
What do the two digits in an IP Rating mean?
The rating consists of the letters IP followed by two digits, if a number is replaced by X this indicates that the enclosure is not rated for that specification.
IP 6 5 = First Digit — Solids
The first digit indicates the level of protection that the enclosure provides against access to hazardous parts (electrical conductors, moving parts etc) and the ingress of solid foreign objects.
IP6 5 = Second Digit — Liquids
The second digit defines the protection of the equipment inside the enclosure against various forms of moisture (drips, sprays, submersion etc).
|First Digit||Intrusion Protection||Second Digit||Moisture Protection|
|0||No protection.||0||No protection.|
|1||Protected against solid objects over 50mm, e.g. accidental touch by hands.||1||Protected against vertically falling drops of water, e.g. condensation.|
|2||Protected against solid objects over 12mm, e.g. fingers.||2||Protected against direct sprays of water up to 15 0 from the vertical.|
|3||Protected against solid objects over 2.5mm, e.g. tools & wires.||3||Protected against direct sprays of water up to 60 0 from the vertical.|
|4||Protected against solid objects over 1mm, e.g. wires & nails.||4||Protected against water splashed from all directions, limited ingress permitted.|
|5||Protected against dust limited ingress, no harmful deposits.||5||Protected against low pressure jets of water from all directions, limited ingress permitted.|
|6||Totally protected against dust.||6||Protected against strong jets of water, e.g. on ships deck, limited ingress permitted.|
Below is an easy to follow chart to help you decide which IP rating / IP codes you may require for your electrical enclosure, Rainford manufacturers IP rated electrical enclosures including IP54, IP55, IP65 up to IP66.
IP Rating Reference Chart
- Please complete our Enquiry Form for further technical information on our IP Rated Enclosures
Disclaimer: *The information contained in this website is for general purposes only. Whilst we endeavour to keep the information up to date and as accurate as possible we make no representations or warranties of any kind, any reliance you place on such information is strictly at your own risk.»