防止惡意程式碼感染Prevent malware infection

惡意程式碼作者一直在尋找感染電腦的新方法。Malware authors are always looking for new ways to infect computers. 請遵循下列秘訣,以保持受到保護,並將您的資料和帳戶的威脅降至最低。Follow the tips below to stay protected and minimize threats to your data and accounts.

將軟體保持在最新狀態Keep software up to date

入侵通常會使用流行軟體中的漏洞,例如網頁瀏覽器、JAVA、Adobe Flash Player 及 Microsoft Office 來感染裝置。Exploits typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. 軟體更新修補程式漏洞,因此不再提供漏洞。Software updates patch vulnerabilities so they aren't available to exploits anymore.

若要讓 Microsoft 軟體保持在最新狀態,請確定已啟用自動 Microsoft 更新To keep Microsoft software up to date, ensure that automatic Microsoft Updates are enabled. 此外,請升級到最新版本的 Windows,以利用內建的安全性增強功能的主機。Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements.

電子郵件和其他訊息工具是您的裝置可能受到感染的一些最常見的方式。Email and other messaging tools are a few of the most common ways your device can get infected. 郵件中的附件或連結可以直接開啟惡意程式碼,也可以 stealthily 觸發下載。Attachments or links in messages can open malware directly or can stealthily trigger a download. 某些電子郵件會提供指示,讓您可以更輕鬆地在惡意程式碼中感染您的裝置。Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices.

  • 使用電子郵件服務,針對惡意附件、連結和濫用的寄件者提供保護。Use an email service that provides protection against malicious attachments, links, and abusive senders. Microsoft Office 365具有內建反惡意程式碼、連結保護和垃圾郵件篩選。Microsoft Office 365 has built-in antimalware, link protection, and spam filtering.

如需詳細資訊,請參閱網路釣魚For more information, see phishing.

留意惡意或遭到破壞的網站Watch out for malicious or compromised websites

當您造訪惡意或遭到破壞的網站時,您的裝置可能會自動受到惡意程式碼感染,或者您可能會被欺騙地下載及安裝惡意程式碼。When you visit malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. 如需其中一些網站如何自動安裝惡意程式碼以供來訪電腦使用的範例,請參閱利用方式與 exploit 套件See exploits and exploit kits as an example of how some of these sites can automatically install malware to visiting computers.

若要找出可能有害的網站,請記住下列事項:To identify potentially harmful websites, keep the following in mind:

  • 網站位址的初始部分(網域)應該代表擁有您要造訪之網站的公司。The initial part (domain) of a website address should represent the company that owns the site you are visiting. 檢查網域是否有拼寫錯誤。Check the domain for misspellings. 例如,惡意網站通常會使用以零(0)或字母 L (1))交換字母 O 的功能變數名稱。For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). 如果 example是 examp1e的拼寫,就是您要造訪的網站是可疑的。If example.com is spelled examp1e.com, the site you are visiting is suspect.

  • 積極開啟快顯視窗並顯示誤導性按鈕的網站,通常會誘騙使用者透過常數快顯視窗或 mislabeled 按鈕接受內容。Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons.

若要封鎖惡意網站,請使用新式網頁瀏覽器(例如Microsoft Edge )來識別網路釣魚網站和惡意程式碼,並檢查是否有惡意程式碼下載。To block malicious websites, use a modern web browser like Microsoft Edge that identifies phishing and malware websites and checks downloads for malware.

如果您遇到不安全的網站,請按一下 [更多] [...] > 傳送Microsoft Edge 的意見反應。If you encounter an unsafe site, click More […] > Send feedback on Microsoft Edge. 您也可以將不安全的網站直接舉報給 MicrosoftYou can also report unsafe sites directly to Microsoft.

遭到破壞的網站上的盜版材料Pirated material on compromised websites

使用盜版內容不僅不合法,也可以將您的裝置暴露在惡意程式碼中。Using pirated content is not only illegal, it can also expose your device to malware. 提供盜版軟體和媒體的網站,通常也會在網站被訪問時用來散佈惡意程式碼。Sites that offer pirated software and media are also often used to distribute malware when the site is visited. 有時,盜版軟體會與惡意程式碼及其他不需要的軟體(包括侵入式瀏覽器外掛程式和廣告軟體)捆綁在一起。Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware.

使用者不公開對這些網站的造訪,所以任何 untoward 體驗都很可能會保持未報告狀態。Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported.

若要保持安全,請從正式的發行者網站或商店下載電影、音樂和應用程式。To stay safe, download movies, music, and apps from official publisher websites or stores. 考慮執行精簡的作業系統(例如windows 10 專業 SKU S 模式),確保只安裝來自 Windows 市集中的 vetted 應用程式。Consider running a streamlined OS such as Windows 10 Pro SKU S Mode, which ensures that only vetted apps from the Windows Store are installed.

不要附加不熟悉的抽取式磁碟磁碟機Don't attach unfamiliar removable drives

某些類型的惡意程式碼透過將自己複製到 USB 快閃磁碟機或其他抽取式磁碟磁碟機來傳播。Some types of malware spread by copying themselves to USB flash drives or other removable drives. 有惡意的人有意準備並散佈受感染的磁碟機,只要將其留在公共場所,就能供不知情的人使用。There are malicious individuals that intentionally prepare and distribute infected drives by leaving them in public places for unsuspecting individuals.

只使用您熟悉或來自受信任來源的抽取式磁碟磁碟機。Only use removable drives that you are familiar with or that come from a trusted source. 如果您使用的是可公開存取的裝置(例如咖啡館或文件庫中的電腦),請先確定您已在電腦上執行反惡意程式碼,然後再使用此磁碟機。If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. 避免開啟您在可疑硬碟上找到的不熟悉檔案,包括 Office 和 PDF 檔及可執行檔。Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files.

使用非系統管理員帳戶Use a non-administrator account

在啟動時(無論是由使用者無意間或自動),大部分的惡意程式碼都是以與作用中使用者相同的許可權執行。At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. 這表示透過限制帳戶許可權,您可以防止惡意程式碼在任何裝置上進行後果性變更。This means that by limiting account privileges, you can prevent malware from making consequential changes any devices.

根據預設,Windows 會使用使用者帳戶控制(UAC)來提供自動、精確的許可權控制,即暫時限制許可權,並在每次應用程式嘗試對系統進行可能的間接變更時,提示使用中的使用者。By default, Windows uses User Account Control (UAC) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. 雖然 UAC 可協助限制管理員使用者的許可權,但在出現提示時,使用者可以覆寫此限制。Although UAC helps limit the privileges of admin users, users can override this restriction when prompted. 因此,系統管理員很容易不小心允許惡意程式碼執行。As a result, it is quite easy for an admin user to inadvertently allow malware to run.

為了協助確保日常活動不會導致惡意程式碼感染及其他可能的災難性變更,建議您使用非系統管理員帳戶來進行一般使用。To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. 使用非系統管理員帳戶,您可以避免安裝未經授權的 app,並防止系統設定的意外變更。By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. 避免使用具有系統管理員許可權的帳戶流覽網頁或檢查電子郵件。Avoid browsing the web or checking email using an account with administrator privileges.

必要時,請以系統管理員身分登入,以安裝 app,或進行需要系統管理員許可權的設定變更。Whenever necessary, log in as an administrator to install apps or make configuration changes that require admin privileges.

閱讀建立使用者帳戶並給予系統管理員許可權的相關資訊Read about creating user accounts and giving administrator privileges

其他安全提示Other safety tips

若要進一步確定資料是否受到惡意程式碼及其他威脅的保護:To further ensure that data is protected from malware and other threats:

  • 備份檔案。Backup files. 遵循3-2-1 規則:製作3 份複本,至少儲存在2 個位置,至少要有1 個離線複本Follow the 3-2-1 rule: make 3 copies, store in at least 2 locations, with at least 1 offline copy. 使用OneDrive以取得可靠的雲端複本,允許從多個裝置存取檔案,並協助復原損毀或遺失的檔案,包括勒索軟體鎖定的檔案。Use OneDrive for reliable cloud-based copies that allow access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware.

  • 在連線至公用熱點時請務必小心,尤其是那些不需要驗證的人。Be wary when connecting to public hotspots, particularly those that do not require authentication.

  • 使用強式密碼並啟用多重要素驗證。Use strong passwords and enable multi-factor authentication.

  • 請勿使用不受信任的裝置登入電子郵件、社交媒體及公司帳戶。Do not use untrusted devices to log on to email, social media, and corporate accounts.

  • 避免下載或執行繼承應用程式。Avoid downloading or running older apps. 有些應用程式可能會有漏洞。Some of these apps might have vulnerabilities. 此外,Office 2003 (.doc、.pps 及 .xls)的舊版檔案格式允許宏或執行。Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. 這可能會造成安全風險。This could be a security risk.

軟體解決方案Software solutions

Microsoft 提供全面的安全性功能,可協助防範威脅。Microsoft provides comprehensive security capabilities that help protect against threats. 我們建議:We recommend:

  • 自動 Microsoft 更新會將軟體保持在最新狀態,以取得最新的保護。Automatic Microsoft updates keeps software up to date to get the latest protections.

  • 受管理的資料夾存取會防止未經許可存取您的重要檔案,在其蹤跡中停止勒索軟體。Controlled folder access stops ransomware in its tracks by preventing unauthorized access to your important files. 受控資料夾存取鎖定資料夾,只允許已授權的 app 存取檔案。Controlled folder access locks down folders, allowing only authorized apps to access files. 未授權的 app,包括勒索軟體及其他惡意的可執行檔、Dll 及腳本,都會遭到拒絕存取。Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access.

  • Microsoft Edge瀏覽器可防止入侵套件執行,以防止威脅(例如勒索軟體)。Microsoft Edge browser protects against threats such as ransomware by preventing exploit kits from running. 透過使用Windows Defender SmartScreen,Microsoft Edge 會封鎖惡意網站的存取權。By using Windows Defender SmartScreen, Microsoft Edge blocks access to malicious websites.

  • Microsoft Exchange Online 防護(EOP)可提供企業級的可靠性及防範垃圾郵件和惡意程式碼,同時維持緊急情況期間和之後的電子郵件存取權。Microsoft Exchange Online Protection (EOP) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies.

  • Microsoft 安全掃描程式可協助您從電腦中移除惡意軟體。Microsoft Safety Scanner helps remove malicious software from computers. 注意:此工具不會取代您的反惡意程式碼產品。NOTE: This tool does not replace your antimalware product.

  • Microsoft 365包含 Office 365、Windows 10 及企業行動 + 安全性。Microsoft 365 includes Office 365, Windows 10, and Enterprise Mobility + Security. 這些資源的能源生產力,同時跨使用者、裝置和資料提供智慧安全性。These resources power productivity while providing intelligent security across users, devices, and data.

  • [Office 365 的 高級威脅防護] 包含可封鎖危險電子郵件的電腦學習功能,包括傳送勒索軟體下載程式的上百萬封電子郵件。Office 365 Advanced Threat Protection includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.

  • 商務用 OneDrive可以備份檔案,然後在感染事件時用來還原檔案。OneDrive for Business can back up files, which you would then use to restore files in the event of an infection.

  • Microsoft Defender 高級威脅防護提供完整的端點保護、偵測及回應功能,協助防範勒索軟體。Microsoft Defender Advanced Threat Protection provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. 在遭到破壞的情況下,Microsoft Defender ATP 會提醒安全操作小組關於可疑活動,並自動嘗試解決問題。In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. 這包括可疑 PowerShell 命令、連線至 TOR 網站、啟動自複製複本,以及刪除卷影複本的警示。This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. 請免費試用 Microsoft Defender ATP。Try Microsoft Defender ATP free of charge.

  • Windows Hello 企業版會以強雙因素驗證取代您裝置上的密碼。Windows Hello for Business replaces passwords with strong two-factor authentication on your devices. 此驗證包含新型的使用者認證,此認證會繫結至裝置並使用生物特徵辨識或 PIN。This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. 它可讓使用者驗證 Active Directory 或 Azure Active Directory 帳戶。It lets user authenticate to an Active Directory or Azure Active Directory account.

  • Microsoft Security Essentials可為您的家用或小型企業裝置提供即時保護,以抵禦病毒、間諜軟體及其他惡意軟體。Microsoft Security Essentials provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software.

惡意程式碼感染的處理方式What to do with a malware infection

Microsoft Defender ATP 防病毒功能可協助減少感染的機率,並會自動移除它所偵測到的威脅。Microsoft Defender ATP antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects.

如果威脅移除失敗,請參閱疑難排解惡意程式碼偵測及移除問題In case threat removal is unsuccessful, read about troubleshooting malware detection and removal problems.