What Is Windows operating system from Microsoft
What is Windows?
Windows is a personal computer operating system from Microsoft that, together with some commonly used business applications such as Microsoft PowerPoint, Word and Excel, has become a de facto “standard” for individual users in most corporations as well as in most homes. It provides a graphical user interface (GUI), virtual memory management, multitasking, and support for many peripheral devices. According to OneStat.com, as of August, 2006, Windows as a whole dominates the personal computer world, running on about 97% of the operating system market share, with XP accounting for about 87% of that. In comparison Mac OS has about 2% and Linux (with all distributions) about .36% The reason why this is so is mainly because Windows is much more user friendly and everything comes pre-packaged so user just have to run the application and follow instructions for it to install.
There are many versions of Windows Operating System available namely:
- Windows 286
- Windows 386
- Windows 3.0 and 3.11
- Windows 95
- Windows 98
- Windows NT
- Windows 2000
- Windows CE for use in small mobile computers
- Windows Me
- Windows XP
- Windows Vista
- Windows 7
Among all those versions, Windows XP is the most popular one and it is used by 61.9 percent of Internet users, according to data from Net Applications, followed by Windows 7 which has 14.46 percent of users and Vista -14.34 percent.
A Brief Story On Windows
Windows mainly concentrated on providing an operating system which was user-friendly, stable and less prone to crashes when they were implementing earlier versions. Now, even though XP is generally referred to being stable and efficient compared to other copies of Windows, it is still critised for being overly susceptible to security risks. Therefore the successor of XP- Vista, released in January of 2007 was designed in such a way so as it provides more security. The transition time between Vista and XP is the longest one between versions of windows.
Vulnerabilities Of Windows
What is vulnerability? – â€œIt is a weakness that makes a threat possible. â€œ
These vulnerabilities are used by attackers who exploits them to convey multiple attack, including enticing the users to open harmful and malicious media or to visit website which has a lot of viruses.
These can have a lot of consequences. In the worst case, a hacker or attacker can get full access to the computer. Fortunately, windows provide a lot of solution to these vulnerabilities. The user just has to install the appropriate Microsoft patches or they are sometimes installed automatically with the help of Windows Update.
Vulnerabilities can be compared to holes. They are like holes in the system. Windows periodically releases security patches mostly as Window Updates to fix those defects. There exists different level of security known as the â€œsecurity level systemâ€ in Windows which describes the different levels of security holes:
A critical security hole is â€œa vulnerability whose exploitation could allow the propagation of an Internet worm without user action.â€
An important hole is â€œ A vulnerability whoses exploitation could result in compromise of the confidentiality, integrity, or availability of user’s data, or of the integrity or availability of processing recources.â€
A moderate security rating signifies that â€œExploitability could result is mitigated to a significant degree by factors such as default configuration, auditing or difficulty of exploitation.
And a low hole is â€œA vulnerability whose exploitation is extremely difficult or whose impact is minimal.â€
Windows XP all-in-one desk reference for dummies
Below is a list of Vulnerabilities in Windows
MS10-033: Two Media Decompression Code Execution Vulnerabilities
Description: It involves vulnerabilities in Media Decompression.
â€œWindows ships with various components that help it process and play media files, such as videos. According to Microsoft, these media handling components suffer from two unspecified code execution vulnerabilities, involving the way they handle compressed data within specially crafted media. â€œ
Potential effect on system: An attacker can exploit these vulnerabilities by encouraging user to open specially crafted media file, download and install harmful software, by luring them to a website containing such media or by receiving specially crafted streaming content from a web site or any application that delivers Web content. In doing so, an attacker can exploit these vulnerabilities to gain the same user rights as the local user. If this happens, then the attacker will gain the complete control of that PC. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft rating: Critical.
Solution: MS10-033. Since media files are most often the common targets of exploitation by attackers due to the increased potential for circulation via social group and the fact that it has been publicly been disclosed, it is estimated that the possibility that malware authors will look to exploit these types of vulnerabilities are high and hence, update must be installed.
- Windows 2000 Service Pack 4
- Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 Itanium based Systems No Pack & Service Pack 2
- Windows XP Service Pack 2 and 3 & Professional x64 Edition Service Pack 2
- Windows Server 2008 No Service Pack & Service Pack 2
Windows Server 2008 x64 Edition No Service Pack & Service Pack 2
Windows Server 2008 for Itanium Based Systems No Pack& Service Pack 2
Windows Vista Service Pack 1& 2
Windows Vista x64 Edition Service Pack 1 & 2
MS10-034: Cumulative ActiveX Kill Bit Update
Description:â€œActiveX controls are small programs or animations that are downloaded or embedded in web pages which will typically enhance functionality and user experience. Many web design and development tools have built ActiveX support into their products, allowing developers to both create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today.â€
Potential effect on system: There are several Microsoft and third party ActiveX controls which particularly suffer from various security vulnerabilities, found by Microsoft and other external researchers. This vulnerability allows remote code execution if a user views malicious website that has an ActiveX control with Internet Explorer. An attacker could exploit any ActiveX controls to execute code on the user’s computer, with that user’s privileges. If user has administrative privileges, the attacker will gain full access to the user’s pc. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft rating: Critical.
Solution: MS10-008 This updates protects the pc by activating the Kill bit for every vulnerable ActiveX controls, they are this disabled in Windows. Microsoft Internet Explorer provides security feature which will prevent an ActiveX control from being downloaded without the user’s permission.
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2 & Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7 or 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems**
- Windows Server 2008 R2 for Itanium-based Systems
- MS10-032: Three Privilege Elevation Vulnerabilities in the Kernel-mode Driver (Win32k.sys)
Description:â€The kernel is the core component of any computer operating system. In Windows, access to the kernel is provided via the Windows kernel-mode device driver (Win32k.sys). Win32k.sys suffers from three elevation of privilege (EoP) vulnerabilitiesâ€.â€ The flaws are caused due to the way windows kernel-mode driver,
– improperly allocate memory when copying data from user mode
– frees objects that are no longer in use
– manage kernel-mode driver objects
– validate input passed from user mode. â€œ
Potential effect on system: â€œBy running a specially crafted program on one of your Windows computers, an attacker can leverage any of these flaws to gain complete control of that system, regardless of his original user privileges. However, the attacker needs to have local access to one of your computers in order to run a malicious program. So these vulnerabilities primarily pose an internal risk.â€
Microsoft rating: Important.
MS10-041: .NET Framework Data Tampering Vulnerability
Description: â€œThe .NET Framework is software framework used by developers to create new Windows and web applications. Among other things, the .NET framework includes capabilities to handle cryptographically signed XML content, to ensure unauthorized attackers can’t alter XML messages being sent to your application. Unfortunately, the .NET framework doesn’t implement XML signature checking properly. As a result, attackers could potentially send maliciously altered XML messages to applications you’ve created with the .NET frameworkâ€
Potential Effect on system: The impact of this vulnerability differs greatly depending on the application you’ve designed, and what type of data you passed in your XML. If user haven’t been exposed to any web applications that rely on signed XML, then the flaw doesn’t affect him at all.
Microsoft rating: Important.
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 1.0 Service Pack 3
- Microsoft .NET Framework 2.0 Service Pack 1 & 2
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5 Service Pack 1
- Microsoft .NET Framework 3.5.1
- MS10-037: OpenType Compact Font Format (CFF) Driver Privilege Elevation Vulnerability
Description: This vulnerability mainly occur when a driver that helps to display the OpenType CFF font, does not validate certain data passed from user space to kernel space. Moreover the driver can grant complete control of the affected system to any user who is logged in and is executing code.
Potential effect on system: â€œBy running a specially crafted program on one of your Windows computers, an attacker can exploit this flaw to gain complete control of that system, regardless of the attacker’s original user privileges. However, the attacker needs to have local access to one of your computers in order to run his malicious program. So this vulnerability primarily poses an internal risk.â€
Microsoft rating: Critical.
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 &3
- Windows XP Professional x64 Edition Service Pck 2
- Windows Server 2003 Service Pack 2 & x64 Edition Service Pack 2
- Windows Server 2003 for Itanium-based Systems Service Pack 2
- Windows Vista Service Pack 1 & 2
- Windows Vista x64 Edition Service Pack 1 and 2
- Windows Server 2008 for 32-bit Systems No Service Pack and Service Pack 2
- Windows Server 2008 for x64-based Systems No Service Pack and Service Pack 2
- Windows Server 2008 for Itanium-based Systems No Service Pack and Service Pack 2 & R2 for x64-based Systems
- Windows 7 for 32-bit Systems & x64-based Systems
These are a few examples of vulnerabilities that Windows Operating Systems mainly face. This list keeps on increasing with time, and fortunately Microsoft provides update so as to overcome these problems.
Threats & Attacks
There are many types of threats and attacks that Windows has to face. Also the fact that Windows operating system are most common among computer users, they are thus the more targeted by attackers.
Threat V/S Attack
What is a threat? – â€œA potential occurrence malicious or otherwise that may harm an assetâ€
What is an attack? – â€œAn action taken to harm an assetâ€
From the two definitions above, we can say that a threat is more the possibility of doing harm to the Windows system, while attack is mainly the action taken to violate security settings.
Types of Threats & Attacks
Below is a list of threats and attacks that are most common which can affect your Window Operating Systems.
Types Of Threats
It mainly deals entering a system by stealing the identity of an authorised user.
Using the password and username of a person to enter his account and make changes without his permission.
Do not keep password at the reach of other person. (for example in a plain text)
Use spyware such as Spybot SD
â€œProtect authentication cookies with Secure Sockets Layer (SSL).â€
â€œDo not pass credentials in plaintext over the wire.â€
Use strong and long password which is not easy to guess.
It involves the denial of participation in a communication which has occurred or denying that information has been received.
Make use of digital signatures.
Create secure audit trails.
Tampering with data
It mainly involves changing data manually to generate unexpected result.
Changing data on a web site.
â€œUse data hashing and signing.
Use digital signatures.
Use strong authorization.
Use tamper-resistant protocols across communication links.
Secure communication links with protocols that provide message integrity.â€
Denial of service
Prevent legitimate user from accessing a network or compuer by saturating it with requests.
â€œUse resource and bandwidth throttling techniques.
Validate and filter input.â€
Use software available on the net such as Radware’s APSolute OS
It mainly involves making confidential information accessible to public or a group of unauthorised person.
Encrypt file where information is stored.
Keep back-up in secure places and use strong authorisations.
Use passwords to be able to gain access to these information
Use secure network when sending information.
Malware (malicious Programs)
It consists of any program that is installed either with or without permission of user, and whose aim is to cause harm to user’s pc by either gaining partial or full access to the system. Its impact can vary from slight as changing a folder’s name to full control of your machine without the ability for the user to easily find out.
Types of Malicious Programs:
– computer viruses
– Trojan horses
– Harmful adware
– Most rootkits, and other malicious and unwanted software or program.
They are programs designed to cause harm to our computer system or the applications on the software. They are often attached to files which appear to be harmless to the operating system, but as soon as it is installed, the computer will operate different. There are viruses which even manage to close your computer without your permission.
Types of Computer Viruses:
* Boot sector computer viruses
These types of viruses mainly affect the boot sector of the computer which is mainly in the bootable disk or in particular location in user computer hard drive. The boot sector viruses mainly affected the windows 2000 and examples of such viruses are: Disk Killer and Michelangelo.
* Email viruses
Emails viruses are transmitted through email as it name suggest. Normally they can be found as attachment and as soon as they are opened the computer gets the virus. Some may even replicate by themselves by forwarding themselves to all the e-mail addresses in the user’s address book. This type of virus is spread very quickly. Even though most of the mail system provides users with scan, a precaution one can take is opening mail from known-people only.
* Companion viruses
Companion viruses mainly affect a computer’s MS-DOS system. They create dangerous program that appears to be like the other normal files that are found on the computer. When a wrong command is enter into the prompt of the computer, it may end up executing the virus instead of the program that initially wanted to run. Fortunately, Windows like XP prevent such viruses from installing into computer as they do not require to use the MS-Dos command prompt.
Worms have the characteristic of self-replicating itself and they are thus spread very quickly. They exploit vulnerability on operating system and provide a gateway for other malware such as Trojan horse. An example of a worm which caused a lot of harm to mainly Window Operating system is: the ILOVEYOU virus.
According to an article on WordPressTidBits For the Rest Of Us(WPTidBits), the ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), is a computer worm written in VBScript and it is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the â€œdamageâ€ was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of â€œILOVEYOUâ€ and an attachment â€œLOVE-LETTER-FOR-YOU.TXT.vbsâ€. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.
The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user’s contact list. This particular worm only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an â€œILOVEYOUâ€ e-mail, only Microsoft Windows systems would be infected. The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. It also has an additional component, in which it will download and execute an infected program called variously â€œWIN-BUGSFIX.EXEâ€ or â€œMicrosoftv25.exeâ€. This is a password-stealing program which will e-mail cached passwords.
It is a malware which is difficult to detect, since it masquerades itself into files which appear to be normal. It can be on the computer without doing anything, and finally one day it can be the reason why your operating system has crashed. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Spyware normally a tool used by companies to record web surfing habits Spyware is also known as the Advertising Supported software. They normally do not do any harm to the operating system as such, but they transmit personal identifiable information from a computer to some place in the internet without the permission of the user.
â€œAdwareis the common name used to describe software that is given to the user with advertisements embedded in the applicationâ€ They usually run advertisement or downloads posters without the permission of the user which often cause problem.
Scareware are usually software used for marketing but which has unethical marketing tactics. For example, software which scans the computer and informs user that his computer is infected, and the later will have to download the following antivirus to be able to remove them. Hence, as its name says â€œscareâ€ ware is a software designed to scare people by providing them with inexact information so as to promote a particular software/applications.
Crimeware consists of an application or a program which helps people to perform illegal activities. For example, software to hack windows live messenger password. They normally steal personal information about user of an account.
â€œIt enables an attacker to have “root” access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the UNIX world and started out as a set of altered utilities such as the Is command, which is used to list file names in the directory (folder).â€
Rootkits are normally inserted by the intruder so that he can again have access to it a later stage. Rather than just being a piece of code, it is a system of many linked programs designed to take control of a machine at the administrator level, and remain hidden to the system’s users or legitimate administrators. The purpose of rootkits include
- collecting information about computers (including other computers on a network) and their users (such as passwords and financial information),
- causing such computers to malfunction
- and creating or relaying spam.
Prevention against Malware
Antivirus should be installed to prevent malware from gaining access to the computer.
It helps user to identify and remove spyware from Operating system. Moreover it defends user’s computer from them
It scans the computer and removes adware. Moreover it can also detect other miscellaneous codes which the antivirus has not detected.
It is a set of device or devices that can be used to monitor both incoming malware from network or on user’s pc when he enters an external disk.
Allow windows to update automatically, since it provides user’s computer with required patches to fight against new type of malware.
Making Windows more secure
This method mainly involves using another computer in your computer. What is meant by that is software like Adware, allow you to install windows and use it. Thus you can connect to any device or any site and if the pc crash, there will still be your main Operating system running.
2. User Account Control
It is a method which is mainly applicable for users of Vista and Windows 7 only. It an effective measure that Microsoft has made to ensure that user does not perform any action which can turn out to be harmful for the system. Also, user is being asked for permission whenever a program is installed. If a virus tries to run without the knowledge of the user or his permission, UAC will pop up with the usual continue or cancel message giving him one last chance to stop that particular infection.
UAC can be adjusted in the Control Panel under User Accounts.
Internet Explorer is not a safe browser. (Not including IE9) and they are the most targeted browser.
Firefox, Chrome and Safari have support for extensions, and the options available for each browser
Internet Explorer can be used however any version below 7 does not meet the required security level.
When using it make sure that the â€œInPrivate and SmartScreen filters are activeâ€. Also, make sure that the activeX and file being downloaded are safe.
4. Safe Internet Practices
Internet contains many viruses and one will never know when they might hit. Below is a guideline for a few good practices to follow when using the internet:
- If it’s questionable in real life, it’s probably the same online. Downloading illegal torrents, visiting sites, and looking for bomb-making information is an easy way to ask for a virus infection.
- Know what is being clicking on. Avoid pop up messages, congratulations message etc..
- Maintain computer by updating anti-virus. If not maintained, the system becomes slow and vulnerable.
- Monitor all activity on computer. If the computer is being used by other user, ensure that they too is using the computer correctly.
- Reach out and ask questions. It’s ok not to know if a certain website is safe or if an email is a scam. Ask more knowledgeable people or research the subject to find out if it is or not.
OpenDNS -redirects requests through a third party server which is managed and updated to optimize speed and security. Using the OpenDNS server can keep user from visiting known malicious sites or keep malicious scripts from running. This is especially useful for multi-user environments because user can create an account and manage in more detail what sites the computers are allowed to visit (parental controls).Order Now