We will start with the host security, which is also sometimes referred to as desktop or endpoint. Installing an antivirus firewall is important for securing the system but sometimes configuring the desktops also helps to prevent malware infection. Even though these configurations are not directly related to malware detection, they are helpful.

Malware executables sometimes disguise their filenames to trick victims into executing them. If the malware filename is actually invoice.pdf.exe, the victim can only see it as invoice.pdf if he has not changed the default configuration of Windows. By default, Windows does not show the file extension to the user. You can change this in Folder Options; you can get folder options on Windows 7 just by typing Folder Options in the Windows start menu:

You can view the extensions of files by removing the tick in the checkbox in front of Hide extensions for known file types. Sometimes malware hides in the system by changing its file properties to hidden. In the default configuration, you cannot view files with hidden properties. You can view hidden files by clicking on the radio button with the option Show hidden files, folders, and drives in Folder Options.

We mentioned in Chapter 3, Ransomware Distribution, that ransomware can also spread through USB devices using the AutoRun feature. Disabling the AutoRun feature can be an important preventive measure. To get the configuration of AutoRun, you need to type in Gpedit.msc in the Windows search bar. After that, you can expand the following items in the menu Computer Configuration | Administrative Templates | Windows Components:

After reaching the configuration, you can double-click on the Default Behavior for AutoRun and you get a new popup for configuring AutoRun. You can click on Enabled and then select Do not execute any autorun commands:

Preventing malware infection on a desktop does not end here. Desktops should have antivirus and firewall for both malware prevention and detection.