My son’s Windows 7 laptop was recently infected with some malware (adware/spyware). Mind you, I try to follow the generally-accepted recommendations for trying to prevent this sort of thing:
- My son uses Mozilla Firefox (not Internet Explorer) with all updates installed.
- I keep Windows 7 patched with updates from Microsoft.
- He runs as a non-administrative user, and doesn’t know the administrator credentials.
- The Windows 7 firewall is enabled and configured with a fairly strict set of rules.
- The network has open source proxy server with content filters, so I can be reasonably confident he’s not visiting the really nasty sites. Obviously, content filters are never perfect and always in need to be updated, but they’re better than nothing.
- The network itself is protected by a hardware firewall (not a simple NAT router, but a true stateful firewall), which requires that all web traffic go through the proxy (so he can’t bypass the proxy).
- I installed Microsoft Security Essentials on his laptop to protect against malware, adware, etc., and I keep it updated.
Yet, despite all these layers of protection, I find that my son’s laptop was still infected with malware.
So I ask, in all seriousness—meaning I’m not trying to start some sort of flame war about how Mac OS X or Linux is better than Windows or vice versa—how does one protect their Windows installations against this sort of thing? I mean, what does it take, anyway? I feel like I am taking some pretty serious steps to protect Windows, and yet it still gets infected. What am I missing here?