diff --git a/windows/security/intelligence/TOC.md b/windows/security/threat-protection/intelligence/TOC.md similarity index 96% rename from windows/security/intelligence/TOC.md rename to windows/security/threat-protection/intelligence/TOC.md index 0a1ea10cd1..32935a6c54 100644 --- a/windows/security/intelligence/TOC.md +++ b/windows/security/threat-protection/intelligence/TOC.md @@ -1,47 +1,47 @@ -# [Understand malware & other threats](index.md) - -## [Prevent malware infection](prevent-malware-infection.md) - -## [Malware names](malware-naming.md) - -## [Coin miners](coinminer-malware.md) - -## [Exploits and exploit kits](exploits-malware.md) - -## [Macro malware](macro-malware.md) - -## [Phishing](phishing.md) - -## [Ransomware](ransomware-malware.md) - -## [Rootkits](rootkits-malware.md) - -## [Supply chain attacks](supply-chain-malware.md) - -## [Tech support scams](support-scams.md) - -## [Trojans](trojans-malware.md) - -## [Unwanted software](unwanted-software.md) - -## [Worms](worms-malware.md) - -# [How Microsoft identifies malware and PUA](criteria.md) - -# [Submit files for analysis](submission-guide.md) - -# [Safety Scanner download](safety-scanner-download.md) - -# [Industry collaboration programs](cybersecurity-industry-partners.md) - -## [Virus information alliance](virus-information-alliance-criteria.md) - -## [Microsoft virus initiative](virus-initiative-criteria.md) - -## [Coordinated malware eradication](coordinated-malware-eradication.md) - -# [Information for developers](developer-info.md) - -## [Software developer FAQ](developer-faq.md) - -## [Software developer resources](developer-resources.md) +# [Understand malware & other threats](index.md) + +## [Prevent malware infection](prevent-malware-infection.md) + +## [Malware names](malware-naming.md) + +## [Coin miners](coinminer-malware.md) + +## [Exploits and exploit kits](exploits-malware.md) + +## [Macro malware](macro-malware.md) + +## [Phishing](phishing.md) + +## [Ransomware](ransomware-malware.md) + +## [Rootkits](rootkits-malware.md) + +## [Supply chain attacks](supply-chain-malware.md) + +## [Tech support scams](support-scams.md) + +## [Trojans](trojans-malware.md) + +## [Unwanted software](unwanted-software.md) + +## [Worms](worms-malware.md) + +# [How Microsoft identifies malware and PUA](criteria.md) + +# [Submit files for analysis](submission-guide.md) + +# [Safety Scanner download](safety-scanner-download.md) + +# [Industry collaboration programs](cybersecurity-industry-partners.md) + +## [Virus information alliance](virus-information-alliance-criteria.md) + +## [Microsoft virus initiative](virus-initiative-criteria.md) + +## [Coordinated malware eradication](coordinated-malware-eradication.md) + +# [Information for developers](developer-info.md) + +## [Software developer FAQ](developer-faq.md) + +## [Software developer resources](developer-resources.md) diff --git a/windows/security/intelligence/coinminer-malware.md b/windows/security/threat-protection/intelligence/coinminer-malware.md similarity index 100% rename from windows/security/intelligence/coinminer-malware.md rename to windows/security/threat-protection/intelligence/coinminer-malware.md diff --git a/windows/security/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md similarity index 98% rename from windows/security/intelligence/coordinated-malware-eradication.md rename to windows/security/threat-protection/intelligence/coordinated-malware-eradication.md index 643ffa1769..95f08cac80 100644 --- a/windows/security/intelligence/coordinated-malware-eradication.md +++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md @@ -1,35 +1,35 @@ ---- -title: Coordinated Malware Eradication -description: Information and criteria regarding CME -keywords: security, malware -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 07/12/2018 ---- -# Coordinated Malware Eradication - -![coordinated-malware-eradication](images/CoordinatedMalware.png) - -Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive. - -CME calls for organizations to pool their tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to drive efficient and long lasting results for better protection of our collective communities, customers, and businesses. - -## Combining our tools, information, and actions - -Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. For instance, while security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry, online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action. - -In addition to telemetry and analysis data, Microsoft is planning to contribute cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in to these campaigns. - -## Coordinated campaigns for lasting results - -Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can initiate a campaign and invite others to join it. The members then have the option to accept or decline the invitations they receive. - -## Join the effort - -Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware). - +--- +title: Coordinated Malware Eradication +description: Information and criteria regarding CME +keywords: security, malware +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 07/12/2018 +--- +# Coordinated Malware Eradication + +![coordinated-malware-eradication](images/CoordinatedMalware.png) + +Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive. + +CME calls for organizations to pool their tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to drive efficient and long lasting results for better protection of our collective communities, customers, and businesses. + +## Combining our tools, information, and actions + +Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. For instance, while security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry, online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action. + +In addition to telemetry and analysis data, Microsoft is planning to contribute cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in to these campaigns. + +## Coordinated campaigns for lasting results + +Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can initiate a campaign and invite others to join it. The members then have the option to accept or decline the invitations they receive. + +## Join the effort + +Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware). + Please apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx) to get started. \ No newline at end of file diff --git a/windows/security/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md similarity index 100% rename from windows/security/intelligence/criteria.md rename to windows/security/threat-protection/intelligence/criteria.md diff --git a/windows/security/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md similarity index 97% rename from windows/security/intelligence/cybersecurity-industry-partners.md rename to windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md index 3d0d902663..52a769a8b5 100644 --- a/windows/security/intelligence/cybersecurity-industry-partners.md +++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md @@ -1,39 +1,39 @@ ---- -title: Industry collaboration programs -description: Describing the 3 industry collaboration programs -keywords: security, malware -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 07/12/2018 ---- -# Industry collaboration programs - -Microsoft has several industry-wide collaboration programs with different objectives and requirements. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or assist in disrupting the malware ecosystem. - -## Virus Information Alliance (VIA) - -The VIA program gives members access to information that will help improve protection for Microsoft customers. Malware telemetry and samples can be provided to security teams to help identify gaps in their protection, prioritize new threat coverage, or better respond to threats. - -**You must be a member of VIA if you want to apply for membership to the other programs.** - -Go to the [VIA program page](virus-information-alliance-criteria.md) for more information. - -## Microsoft Virus Initiative (MVI) - -MVI is open to organizations who build and own a Real Time Protection (RTP) antimalware product of their own design, or one developed using a third-party antivirus SDK. - -Members get access to Microsoft client APIs for the Windows Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Antimalware products are submitted to Microsoft for performance testing on a regular basis. - -Go to the [MVI program page](virus-initiative-criteria.md) for more information. - -## Coordinated Malware Eradication (CME) - -CME is open to organizations who are involved in cybersecurity and antimalware or interested in fighting cybercrime. - -The program aims to bring organizations in cybersecurity and other industries together to pool tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our collective communities, customers, and businesses. - +--- +title: Industry collaboration programs +description: Describing the 3 industry collaboration programs +keywords: security, malware +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 07/12/2018 +--- +# Industry collaboration programs + +Microsoft has several industry-wide collaboration programs with different objectives and requirements. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or assist in disrupting the malware ecosystem. + +## Virus Information Alliance (VIA) + +The VIA program gives members access to information that will help improve protection for Microsoft customers. Malware telemetry and samples can be provided to security teams to help identify gaps in their protection, prioritize new threat coverage, or better respond to threats. + +**You must be a member of VIA if you want to apply for membership to the other programs.** + +Go to the [VIA program page](virus-information-alliance-criteria.md) for more information. + +## Microsoft Virus Initiative (MVI) + +MVI is open to organizations who build and own a Real Time Protection (RTP) antimalware product of their own design, or one developed using a third-party antivirus SDK. + +Members get access to Microsoft client APIs for the Windows Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Antimalware products are submitted to Microsoft for performance testing on a regular basis. + +Go to the [MVI program page](virus-initiative-criteria.md) for more information. + +## Coordinated Malware Eradication (CME) + +CME is open to organizations who are involved in cybersecurity and antimalware or interested in fighting cybercrime. + +The program aims to bring organizations in cybersecurity and other industries together to pool tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our collective communities, customers, and businesses. + Go to the [CME program page](coordinated-malware-eradication.md) for more information. \ No newline at end of file diff --git a/windows/security/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md similarity index 100% rename from windows/security/intelligence/developer-faq.md rename to windows/security/threat-protection/intelligence/developer-faq.md diff --git a/windows/security/intelligence/developer-info.md b/windows/security/threat-protection/intelligence/developer-info.md similarity index 100% rename from windows/security/intelligence/developer-info.md rename to windows/security/threat-protection/intelligence/developer-info.md diff --git a/windows/security/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md similarity index 100% rename from windows/security/intelligence/developer-resources.md rename to windows/security/threat-protection/intelligence/developer-resources.md diff --git a/windows/security/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md similarity index 100% rename from windows/security/intelligence/exploits-malware.md rename to windows/security/threat-protection/intelligence/exploits-malware.md diff --git a/windows/security/intelligence/images/CoordinatedMalware.png b/windows/security/threat-protection/intelligence/images/CoordinatedMalware.png similarity index 100% rename from windows/security/intelligence/images/CoordinatedMalware.png rename to windows/security/threat-protection/intelligence/images/CoordinatedMalware.png diff --git a/windows/security/intelligence/images/ExploitKit.png b/windows/security/threat-protection/intelligence/images/ExploitKit.png similarity index 100% rename from windows/security/intelligence/images/ExploitKit.png rename to windows/security/threat-protection/intelligence/images/ExploitKit.png diff --git a/windows/security/intelligence/images/NamingMalware1.png b/windows/security/threat-protection/intelligence/images/NamingMalware1.png similarity index 100% rename from windows/security/intelligence/images/NamingMalware1.png rename to windows/security/threat-protection/intelligence/images/NamingMalware1.png diff --git a/windows/security/intelligence/images/PrevalentMalware-67-percent.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png similarity index 100% rename from windows/security/intelligence/images/PrevalentMalware-67-percent.png rename to windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png diff --git a/windows/security/intelligence/images/PrevalentMalware0818.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png similarity index 100% rename from windows/security/intelligence/images/PrevalentMalware0818.png rename to windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png diff --git a/windows/security/intelligence/images/RealWorld-67-percent.png b/windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png similarity index 100% rename from windows/security/intelligence/images/RealWorld-67-percent.png rename to windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png diff --git a/windows/security/intelligence/images/RealWorld0818.png b/windows/security/threat-protection/intelligence/images/RealWorld0818.png similarity index 100% rename from windows/security/intelligence/images/RealWorld0818.png rename to windows/security/threat-protection/intelligence/images/RealWorld0818.png diff --git a/windows/security/intelligence/images/SupplyChain.png b/windows/security/threat-protection/intelligence/images/SupplyChain.png similarity index 100% rename from windows/security/intelligence/images/SupplyChain.png rename to windows/security/threat-protection/intelligence/images/SupplyChain.png diff --git a/windows/security/intelligence/images/URLhover.png b/windows/security/threat-protection/intelligence/images/URLhover.png similarity index 100% rename from windows/security/intelligence/images/URLhover.png rename to windows/security/threat-protection/intelligence/images/URLhover.png diff --git a/windows/security/intelligence/images/WormUSB_flight.png b/windows/security/threat-protection/intelligence/images/WormUSB_flight.png similarity index 100% rename from windows/security/intelligence/images/WormUSB_flight.png rename to windows/security/threat-protection/intelligence/images/WormUSB_flight.png diff --git a/windows/security/intelligence/images/av-comparatives-logo-3.png b/windows/security/threat-protection/intelligence/images/av-comparatives-logo-3.png similarity index 100% rename from windows/security/intelligence/images/av-comparatives-logo-3.png rename to windows/security/threat-protection/intelligence/images/av-comparatives-logo-3.png diff --git a/windows/security/intelligence/images/av-test-logo.png b/windows/security/threat-protection/intelligence/images/av-test-logo.png similarity index 100% rename from windows/security/intelligence/images/av-test-logo.png rename to windows/security/threat-protection/intelligence/images/av-test-logo.png diff --git a/windows/security/intelligence/images/netflix.png b/windows/security/threat-protection/intelligence/images/netflix.png similarity index 100% rename from windows/security/intelligence/images/netflix.png rename to windows/security/threat-protection/intelligence/images/netflix.png diff --git a/windows/security/intelligence/images/wdatp-pillars2.png b/windows/security/threat-protection/intelligence/images/wdatp-pillars2.png similarity index 100% rename from windows/security/intelligence/images/wdatp-pillars2.png rename to windows/security/threat-protection/intelligence/images/wdatp-pillars2.png diff --git a/windows/security/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md similarity index 96% rename from windows/security/intelligence/index.md rename to windows/security/threat-protection/intelligence/index.md index 7a1ed4edc0..728743ad35 100644 --- a/windows/security/intelligence/index.md +++ b/windows/security/threat-protection/intelligence/index.md @@ -1,39 +1,39 @@ ---- -title: Understand malware & other threats -description: Learn about the different types of malware, how they work, and what you can do to protect yourself. -keywords: security, malware -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 08/17/2018 ---- -# Understanding malware & other threats - -Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more. - -Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims. - -As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Windows Defender Advanced Threat Protection (Windows Defender ATP), businesses can stay protected with next-generation protection and other security capabilities. - -For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic. - -There are many types of malware, including: - -- [Coin miners](coinminer-malware.md) -- [Exploits and exploit kits](exploits-malware.md) -- [Macro malware](macro-malware.md) -- [Phishing](phishing.md) -- [Ransomware](ransomware-malware.md) -- [Rootkits](rootkits-malware.md) -- [Supply chain attacks](supply-chain-malware.md) -- [Tech support scams](support-scams.md) -- [Trojans](trojans-malware.md) -- [Unwanted software](unwanted-software.md) -- [Worms](worms-malware.md) - -Keep up with the latest malware news and research. Check out our [Windows security blogs](http://aka.ms/wdsecurityblog) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. - +--- +title: Understand malware & other threats +description: Learn about the different types of malware, how they work, and what you can do to protect yourself. +keywords: security, malware +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 08/17/2018 +--- +# Understanding malware & other threats + +Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more. + +Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims. + +As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Windows Defender Advanced Threat Protection (Windows Defender ATP), businesses can stay protected with next-generation protection and other security capabilities. + +For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic. + +There are many types of malware, including: + +- [Coin miners](coinminer-malware.md) +- [Exploits and exploit kits](exploits-malware.md) +- [Macro malware](macro-malware.md) +- [Phishing](phishing.md) +- [Ransomware](ransomware-malware.md) +- [Rootkits](rootkits-malware.md) +- [Supply chain attacks](supply-chain-malware.md) +- [Tech support scams](support-scams.md) +- [Trojans](trojans-malware.md) +- [Unwanted software](unwanted-software.md) +- [Worms](worms-malware.md) + +Keep up with the latest malware news and research. Check out our [Windows security blogs](http://aka.ms/wdsecurityblog) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. + Learn more about [Windows security](https://docs.microsoft.com/en-us/windows/security/index). \ No newline at end of file diff --git a/windows/security/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md similarity index 100% rename from windows/security/intelligence/macro-malware.md rename to windows/security/threat-protection/intelligence/macro-malware.md diff --git a/windows/security/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md similarity index 96% rename from windows/security/intelligence/malware-naming.md rename to windows/security/threat-protection/intelligence/malware-naming.md index 5787d0e09c..35db2cac2b 100644 --- a/windows/security/intelligence/malware-naming.md +++ b/windows/security/threat-protection/intelligence/malware-naming.md @@ -1,176 +1,176 @@ ---- -title: Malware names -description: Identifying malware vocabulary -keywords: security, malware, names -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 08/17/2018 ---- -# Malware names - -We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format: - -![coordinated-malware-eradication](images/NamingMalware1.png) - -When our analysts research a particular threat, they will determine what each of the components of the name will be. - -## Type - -Describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware. - -* Adware -* Backdoor -* Behavior -* BrowserModifier -* Constructor -* DDoS -* Exploit -* Hacktool -* Joke -* Misleading -* MonitoringTool -* Program -* PWS -* Ransom -* RemoteAccess -* Rogue -* SettingsModifier -* SoftwareBundler -* Spammer -* Spoofer -* Spyware -* Tool -* Trojan -* TrojanClicker -* TrojanDownloader -* TrojanNotifier -* TrojanProxy -* TrojanSpy -* VirTool -* Virus -* Worm - -## Platforms - -Indicates the operating system (such as Windows, Mac OS X, and Android) that the malware is designed to work on. The platform is also used to indicate programming languages and file formats. - -### Operating systems - -* AndroidOS: Android operating system -* DOS: MS-DOS platform -* EPOC: Psion devices -* FreeBSD: FreeBSD platform -* iPhoneOS: iPhone operating system -* Linux: Linux platform -* MacOS: MAC 9.x platform or earlier -* MacOS_X: MacOS X or later -* OS2: OS2 platform -* Palm: Palm operating system -* Solaris: System V-based Unix platforms -* SunOS: Unix platforms 4.1.3 or lower -* SymbOS: Symbian operating system -* Unix: general Unix platforms -* Win16: Win16 (3.1) platform -* Win2K: Windows 2000 platform -* Win32: Windows 32-bit platform -* Win64: Windows 64-bit platform -* Win95: Windows 95, 98 and ME platforms -* Win98: Windows 98 platform only -* WinCE: Windows CE platform -* WinNT: WinNT - -### Scripting languages - -* ABAP: Advanced Business Application Programming scripts -* ALisp: ALisp scripts -* AmiPro: AmiPro script -* ANSI: American National Standards Institute scripts -* AppleScript: compiled Apple scripts -* ASP: Active Server Pages scripts -* AutoIt: AutoIT scripts -* BAS: Basic scripts -* BAT: Basic scripts -* CorelScript: Corelscript scripts -* HTA: HTML Application scripts -* HTML: HTML Application scripts -* INF: Install scripts -* IRC: mIRC/pIRC scripts -* Java: Java binaries (classes) -* JS: Javascript scripts -* LOGO: LOGO scripts -* MPB: MapBasic scripts -* MSH: Monad shell scripts -* MSIL: .Net intermediate language scripts -* Perl: Perl scripts -* PHP: Hypertext Preprocessor scripts -* Python: Python scripts -* SAP: SAP platform scripts -* SH: Shell scripts -* VBA: Visual Basic for Applications scripts -* VBS: Visual Basic scripts -* WinBAT: Winbatch scripts -* WinHlp: Windows Help scripts -* WinREG: Windows registry scripts - -### Macros - -* A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros -* HE: macro scripting -* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint -* PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros -* V5M: Visio5 macros -* W1M: Word1Macro -* W2M: Word2Macro -* W97M: Word 97, 2000, XP, 2003, 2007, and 2010 macros -* WM: Word 95 macros -* X97M: Excel 97, 2000, XP, 2003, 2007, and 2010 macros -* XF: Excel formulas -* XM: Excel 95 macros - -### Other file types - -* ASX: XML metafile of Windows Media .asf files -* HC: HyperCard Apple scripts -* MIME: MIME packets -* Netware: Novell Netware files -* QT: Quicktime files -* SB: StarBasic (Staroffice XML) files -* SWF: Shockwave Flash files -* TSQL: MS SQL server files -* XML: XML files - -## Family - -Grouping of malware based on common characteristics, including attribution to the same authors. Security software providers sometimes use different names for the same malware family. - -## Variant letter - -Used sequentially for every distinct version of a malware family. For example, the detection for the variant ".AF" would have been created after the detection for the variant ".AE". - -## Suffixes - -Provides extra detail about the malware, including how it is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T. - -* .dam: damaged malware -* .dll: Dynamic Link Library component of a malware -* .dr: dropper component of a malware -* .gen: malware that is detected using a generic signature -* .kit: virus constructor -* .ldr: loader component of a malware -* .pak: compressed malware -* .plugin: plug-in component -* .remnants: remnants of a virus -* .worm: worm component of that malware -* !bit: an internal category used to refer to some threats -* !cl: an internal category used to refer to some threats -* !dha: an internal category used to refer to some threats -* !pfn: an internal category used to refer to some threats -* !plock: an internal category used to refer to some threats -* !rfn: an internal category used to refer to some threats -* !rootkit: rootkit component of that malware -* @m: worm mailers +--- +title: Malware names +description: Identifying malware vocabulary +keywords: security, malware, names +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 08/17/2018 +--- +# Malware names + +We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format: + +![coordinated-malware-eradication](images/NamingMalware1.png) + +When our analysts research a particular threat, they will determine what each of the components of the name will be. + +## Type + +Describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware. + +* Adware +* Backdoor +* Behavior +* BrowserModifier +* Constructor +* DDoS +* Exploit +* Hacktool +* Joke +* Misleading +* MonitoringTool +* Program +* PWS +* Ransom +* RemoteAccess +* Rogue +* SettingsModifier +* SoftwareBundler +* Spammer +* Spoofer +* Spyware +* Tool +* Trojan +* TrojanClicker +* TrojanDownloader +* TrojanNotifier +* TrojanProxy +* TrojanSpy +* VirTool +* Virus +* Worm + +## Platforms + +Indicates the operating system (such as Windows, Mac OS X, and Android) that the malware is designed to work on. The platform is also used to indicate programming languages and file formats. + +### Operating systems + +* AndroidOS: Android operating system +* DOS: MS-DOS platform +* EPOC: Psion devices +* FreeBSD: FreeBSD platform +* iPhoneOS: iPhone operating system +* Linux: Linux platform +* MacOS: MAC 9.x platform or earlier +* MacOS_X: MacOS X or later +* OS2: OS2 platform +* Palm: Palm operating system +* Solaris: System V-based Unix platforms +* SunOS: Unix platforms 4.1.3 or lower +* SymbOS: Symbian operating system +* Unix: general Unix platforms +* Win16: Win16 (3.1) platform +* Win2K: Windows 2000 platform +* Win32: Windows 32-bit platform +* Win64: Windows 64-bit platform +* Win95: Windows 95, 98 and ME platforms +* Win98: Windows 98 platform only +* WinCE: Windows CE platform +* WinNT: WinNT + +### Scripting languages + +* ABAP: Advanced Business Application Programming scripts +* ALisp: ALisp scripts +* AmiPro: AmiPro script +* ANSI: American National Standards Institute scripts +* AppleScript: compiled Apple scripts +* ASP: Active Server Pages scripts +* AutoIt: AutoIT scripts +* BAS: Basic scripts +* BAT: Basic scripts +* CorelScript: Corelscript scripts +* HTA: HTML Application scripts +* HTML: HTML Application scripts +* INF: Install scripts +* IRC: mIRC/pIRC scripts +* Java: Java binaries (classes) +* JS: Javascript scripts +* LOGO: LOGO scripts +* MPB: MapBasic scripts +* MSH: Monad shell scripts +* MSIL: .Net intermediate language scripts +* Perl: Perl scripts +* PHP: Hypertext Preprocessor scripts +* Python: Python scripts +* SAP: SAP platform scripts +* SH: Shell scripts +* VBA: Visual Basic for Applications scripts +* VBS: Visual Basic scripts +* WinBAT: Winbatch scripts +* WinHlp: Windows Help scripts +* WinREG: Windows registry scripts + +### Macros + +* A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros +* HE: macro scripting +* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint +* PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros +* V5M: Visio5 macros +* W1M: Word1Macro +* W2M: Word2Macro +* W97M: Word 97, 2000, XP, 2003, 2007, and 2010 macros +* WM: Word 95 macros +* X97M: Excel 97, 2000, XP, 2003, 2007, and 2010 macros +* XF: Excel formulas +* XM: Excel 95 macros + +### Other file types + +* ASX: XML metafile of Windows Media .asf files +* HC: HyperCard Apple scripts +* MIME: MIME packets +* Netware: Novell Netware files +* QT: Quicktime files +* SB: StarBasic (Staroffice XML) files +* SWF: Shockwave Flash files +* TSQL: MS SQL server files +* XML: XML files + +## Family + +Grouping of malware based on common characteristics, including attribution to the same authors. Security software providers sometimes use different names for the same malware family. + +## Variant letter + +Used sequentially for every distinct version of a malware family. For example, the detection for the variant ".AF" would have been created after the detection for the variant ".AE". + +## Suffixes + +Provides extra detail about the malware, including how it is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T. + +* .dam: damaged malware +* .dll: Dynamic Link Library component of a malware +* .dr: dropper component of a malware +* .gen: malware that is detected using a generic signature +* .kit: virus constructor +* .ldr: loader component of a malware +* .pak: compressed malware +* .plugin: plug-in component +* .remnants: remnants of a virus +* .worm: worm component of that malware +* !bit: an internal category used to refer to some threats +* !cl: an internal category used to refer to some threats +* !dha: an internal category used to refer to some threats +* !pfn: an internal category used to refer to some threats +* !plock: an internal category used to refer to some threats +* !rfn: an internal category used to refer to some threats +* !rootkit: rootkit component of that malware +* @m: worm mailers * @mm: mass mailer worm \ No newline at end of file diff --git a/windows/security/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md similarity index 100% rename from windows/security/intelligence/phishing.md rename to windows/security/threat-protection/intelligence/phishing.md diff --git a/windows/security/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md similarity index 98% rename from windows/security/intelligence/prevent-malware-infection.md rename to windows/security/threat-protection/intelligence/prevent-malware-infection.md index cc9d9ee9e4..012725bac4 100644 --- a/windows/security/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -1,117 +1,117 @@ ---- -title: Prevent malware infection -description: Malware prevention best practices -keywords: security, malware, prevention, infection, tips -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 08/17/2018 ---- -# Prevent malware infection - -Malware authors are always looking for new ways to infect computers. Follow the simple tips below to stay protected and minimize threats to your data and accounts. - -You can also browse the many [software and application solutions](https://review.docs.microsoft.com/en-us/windows/security/intelligence/prevent-malware-infection?branch=wdsi-migration-stuff#software-solutions) available to you. - -## Keep software up-to-date - -[Exploits](exploits-malware.md) typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren't available to exploits anymore. - -To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements. - -## Be wary of links and attachments - -Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails will give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. - -* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering. - -For more information, see [Phishing](phishing.md). - -## Watch out for malicious or compromised websites - -By visiting malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers. - -To identify potentially harmful websites, keep the following in mind: - -* The initial part (domain) of a website address should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example.com is spelled examp1e.com, the site you are visiting is suspect. - -* Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons. - -To block malicious websites, use a modern web browser like [Microsoft Edge](http://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which identifies phishing and malware websites and checks downloads for malware. - -If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site). - -### Pirated material on compromised websites - -Using pirated content is not only illegal, it can also expose your device to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware. - -Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. - -To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/windows-10-s?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. - -## Don't attach unfamiliar removable drives - -Some types of malware can spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. - -Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files. - -## Use a non-administrator account - -At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. - -By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/access-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. - -To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. - -Whenever necessary, log in as an administrator to install apps or make configuration changes that require admin privileges. - -[Read about creating user accounts and giving administrator privileges](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) - -## Other safety tips - -To further ensure that data is protected from malware as well as other threats: - -* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about/?ocid=cx-wdsi-articles) for reliable cloud-based copies that allows access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. - -* Be wary when connecting to public hotspots, particularly those that do not require authentication. - -* Use [strong passwords](https://support.microsoft.com/help/12410/microsoft-account-help-protect-account) and enable multi-factor authentication. - -* Do not use untrusted devices to log on to email, social media, and corporate accounts. - -## Software solutions - -Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: - -* [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up-to-date to get the latest protections. - -* [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. - -* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using Microsoft [SmartScreen](https://docs.microsoft.com/en-us/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites. - -* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. - -* [Microsoft Safety Scanner](https://www.microsoft.com/wdsi/products/scanner) helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product. - -* [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/#pivot=itadmin&panel=it-security) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data. - -* [Office 365 Advanced Threat Protection](https://technet.microsoft.com/library/exchange-online-advanced-threat-protection-service-description.aspx) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders. - -* [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection. - -* [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge. - -* [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account. - -### Earlier than Windows 10 (not recommended) - -* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software. - -## What to do with a malware infection - -Windows Defender ATP antivirus capabilities helps reduce the chances of infection and will automatically remove threats that it detects. - +--- +title: Prevent malware infection +description: Malware prevention best practices +keywords: security, malware, prevention, infection, tips +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 08/17/2018 +--- +# Prevent malware infection + +Malware authors are always looking for new ways to infect computers. Follow the simple tips below to stay protected and minimize threats to your data and accounts. + +You can also browse the many [software and application solutions](https://review.docs.microsoft.com/en-us/windows/security/intelligence/prevent-malware-infection?branch=wdsi-migration-stuff#software-solutions) available to you. + +## Keep software up-to-date + +[Exploits](exploits-malware.md) typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren't available to exploits anymore. + +To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements. + +## Be wary of links and attachments + +Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails will give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. + +* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering. + +For more information, see [Phishing](phishing.md). + +## Watch out for malicious or compromised websites + +By visiting malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers. + +To identify potentially harmful websites, keep the following in mind: + +* The initial part (domain) of a website address should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example.com is spelled examp1e.com, the site you are visiting is suspect. + +* Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons. + +To block malicious websites, use a modern web browser like [Microsoft Edge](http://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which identifies phishing and malware websites and checks downloads for malware. + +If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site). + +### Pirated material on compromised websites + +Using pirated content is not only illegal, it can also expose your device to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware. + +Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. + +To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/windows-10-s?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. + +## Don't attach unfamiliar removable drives + +Some types of malware can spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. + +Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files. + +## Use a non-administrator account + +At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. + +By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/access-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. + +To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. + +Whenever necessary, log in as an administrator to install apps or make configuration changes that require admin privileges. + +[Read about creating user accounts and giving administrator privileges](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) + +## Other safety tips + +To further ensure that data is protected from malware as well as other threats: + +* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about/?ocid=cx-wdsi-articles) for reliable cloud-based copies that allows access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. + +* Be wary when connecting to public hotspots, particularly those that do not require authentication. + +* Use [strong passwords](https://support.microsoft.com/help/12410/microsoft-account-help-protect-account) and enable multi-factor authentication. + +* Do not use untrusted devices to log on to email, social media, and corporate accounts. + +## Software solutions + +Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: + +* [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up-to-date to get the latest protections. + +* [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. + +* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using Microsoft [SmartScreen](https://docs.microsoft.com/en-us/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites. + +* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. + +* [Microsoft Safety Scanner](https://www.microsoft.com/wdsi/products/scanner) helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product. + +* [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/#pivot=itadmin&panel=it-security) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data. + +* [Office 365 Advanced Threat Protection](https://technet.microsoft.com/library/exchange-online-advanced-threat-protection-service-description.aspx) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders. + +* [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection. + +* [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge. + +* [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account. + +### Earlier than Windows 10 (not recommended) + +* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software. + +## What to do with a malware infection + +Windows Defender ATP antivirus capabilities helps reduce the chances of infection and will automatically remove threats that it detects. + In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection). \ No newline at end of file diff --git a/windows/security/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md similarity index 100% rename from windows/security/intelligence/ransomware-malware.md rename to windows/security/threat-protection/intelligence/ransomware-malware.md diff --git a/windows/security/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md similarity index 100% rename from windows/security/intelligence/rootkits-malware.md rename to windows/security/threat-protection/intelligence/rootkits-malware.md diff --git a/windows/security/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md similarity index 100% rename from windows/security/intelligence/safety-scanner-download.md rename to windows/security/threat-protection/intelligence/safety-scanner-download.md diff --git a/windows/security/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md similarity index 100% rename from windows/security/intelligence/submission-guide.md rename to windows/security/threat-protection/intelligence/submission-guide.md diff --git a/windows/security/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md similarity index 100% rename from windows/security/intelligence/supply-chain-malware.md rename to windows/security/threat-protection/intelligence/supply-chain-malware.md diff --git a/windows/security/intelligence/support-scams - Copy.md b/windows/security/threat-protection/intelligence/support-scams - Copy.md similarity index 100% rename from windows/security/intelligence/support-scams - Copy.md rename to windows/security/threat-protection/intelligence/support-scams - Copy.md diff --git a/windows/security/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md similarity index 100% rename from windows/security/intelligence/support-scams.md rename to windows/security/threat-protection/intelligence/support-scams.md diff --git a/windows/security/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md similarity index 100% rename from windows/security/intelligence/transparency-report.md rename to windows/security/threat-protection/intelligence/transparency-report.md diff --git a/windows/security/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md similarity index 100% rename from windows/security/intelligence/trojans-malware.md rename to windows/security/threat-protection/intelligence/trojans-malware.md diff --git a/windows/security/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md similarity index 100% rename from windows/security/intelligence/unwanted-software.md rename to windows/security/threat-protection/intelligence/unwanted-software.md diff --git a/windows/security/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md similarity index 97% rename from windows/security/intelligence/virus-information-alliance-criteria.md rename to windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index 1e296fa1fd..fdf32ac7d8 100644 --- a/windows/security/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -1,51 +1,51 @@ ---- -title: Virus Information Alliance -description: Information and criteria regarding VIA -keywords: security, malware -ms.prod: w10 -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: ellevin -author: levinec -ms.date: 07/12/2018 ---- -# Virus Information Alliance - -The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime. - -Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft, with the goal of improving protection for Microsoft customers. - -## Better protection for customers against malware - -The VIA program gives members access to information that will help improve protection for Microsoft customers. For example, the program provides malware telemetry and samples to security product teams to identify gaps in their protection and prioritize new threat coverage. - -Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets and setting scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity. - -Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers. - -## Becoming a member of VIA - -Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA). The criteria is designed to ensure that Microsoft is able to work with security software providers, security service providers, antimalware testing organizations, and other organizations involved in the fight against cybercrime to protect a broad range of customers. - -Members will receive information to facilitate effective malware detection, deterrence, and eradication. This includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable. - -VIA has an open enrollment for potential members. - -### Initial selection criteria - -To be eligible for VIA your organization must: - -1. Be willing to sign a non-disclosure agreement with Microsoft. - -2. Fit into one of the following categories: - * Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available. - * Your organization provides security services to Microsoft customers or for Microsoft products. - * Your organization publishes antimalware testing reports on a regular basis. - * Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public. - -3. Be willing to sign and adhere to the VIA membership agreement. - -If your organization wants to apply and meets this criteria, you can apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx). - +--- +title: Virus Information Alliance +description: Information and criteria regarding VIA +keywords: security, malware +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 07/12/2018 +--- +# Virus Information Alliance + +The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime. + +Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft, with the goal of improving protection for Microsoft customers. + +## Better protection for customers against malware + +The VIA program gives members access to information that will help improve protection for Microsoft customers. For example, the program provides malware telemetry and samples to security product teams to identify gaps in their protection and prioritize new threat coverage. + +Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets and setting scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity. + +Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers. + +## Becoming a member of VIA + +Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA). The criteria is designed to ensure that Microsoft is able to work with security software providers, security service providers, antimalware testing organizations, and other organizations involved in the fight against cybercrime to protect a broad range of customers. + +Members will receive information to facilitate effective malware detection, deterrence, and eradication. This includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable. + +VIA has an open enrollment for potential members. + +### Initial selection criteria + +To be eligible for VIA your organization must: + +1. Be willing to sign a non-disclosure agreement with Microsoft. + +2. Fit into one of the following categories: + * Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available. + * Your organization provides security services to Microsoft customers or for Microsoft products. + * Your organization publishes antimalware testing reports on a regular basis. + * Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public. + +3. Be willing to sign and adhere to the VIA membership agreement. + +If your organization wants to apply and meets this criteria, you can apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx). + If you have any questions, you can also contact us using our [partnerships contact form](http://www.microsoft.com/security/portal/partnerships/contactus.aspx). \ No newline at end of file diff --git a/windows/security/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md similarity index 100% rename from windows/security/intelligence/virus-initiative-criteria.md rename to windows/security/threat-protection/intelligence/virus-initiative-criteria.md diff --git a/windows/security/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md similarity index 100% rename from windows/security/intelligence/worms-malware.md rename to windows/security/threat-protection/intelligence/worms-malware.md