This paper provides a better understanding of how network traffic is processed by Microsoft Windows operating systems, and how various security tools such as personal firewalls and host intrusion prevention systems monitor network activity to protect a system. It also explores how malware can attack the networking architecture of Windows to disable or circumvent some of these security tools and steal information. The paper focuses on the processing path of TCP/IP network traffic, although most other protocols follow a similar path.
