Analysis of Windows Operating System and Microsoft

Analysis of windowpanes run System and MicrosoftWhat is Windows?Windows is a personal ready reckoner run agreement of rules from Microsoft that, together with some unremarkably manipulationd business operations such as Microsoft PowerPoint, Word and Excel, has become a de facto standard for individual substance ab drug exploiters in to a greater extent or less corporations as well as in most homes. It provides a graphical drug user interface (GUI), realistic memory management, multit reading, and support for m some(prenominal) peripheral devices. According to OneStat.com, as of August, 2006, Windows as a w mess dominates the personal electronic calculating machine realism, set outning on or so 97% of the operating system market sh atomic number 18, with XP accounting for about 87% of that. In comparison Mac OS has about 2% and Linux (with each distri scarceions) about .36% The reason why this is so is gener solelyy because Windows is much to a greater extent user friendly and e reallything comes pre-packaged so user serious have to run the action and quest for instructions for it to inst on the whole.There atomic number 18 m some(prenominal) versions of Windows in operation(p) System forthcoming namelyWindows 286Windows 386Windows 3.0 and 3.11Windows 95Windows 98Windows NTWindows 2000Windows CE for use in small mobile computersWindows MeWindows XPWindows thoughtWindows 7Among all those versions, Windows XP is the most popular nonpareil and it is employ by 61.9 percent of mesh users, accord to data from Net Applications, followed by Windows 7 which has 14.46 percent of users and medical prognosis -14.34 percent.A Brief Story On WindowsWindows chiefly concentrated on providing an operating system which was user-friendly, stable and less prone to crashes when they were lend oneselfing earlier versions. Now, even though XP is generally referred to being stable and efficient compared to other copies of Windows, it is still critis ed for being all overly susceptible to hostage risks. Therefore the successor of XP- Vista, released in January of 2007 was designed in such a way so as it provides more(prenominal) security. The transition time mingled with Vista and XP is the longest one between versions of windows.Vulnerabilities Of WindowsWhat is vulnerability? It is a weakness that makes a threat possible. These vulnerabilities are utilize by assailants who exploits them to convey multiple flak, including enticing the users to open ill and twatchy media or to visit web order which has a solidifying of viruses.These bottomland have a lot of consequences. In the worst case, a hacker or assailant substructure get integral access to the computer. Fortunately, windows provide a lot of solution to these vulnerabilities. The user just has to install the appropriate Microsoft patches or they are sometimes installed automatically with the help of Windows update.Window UpdateVulnerabilities can be compa red to holes. They are wish holes in the system. Windows periodically releases security patches mostly as Window Updates to fix those defects. There exists different level of security cognize as the security level system in Windows which describes the different levels of security holesA critical security hole is a vulnerability whose developing could allow the propagation of an Internet wrench without user action.An important hole is A vulnerability whoses exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing recources.A moderate security rating signifies that Exploitability could result is mitigated to a meaning(a) degree by factors such as default configuration, auditing or impediment of exploitation.And a low hole is A vulnerability whose exploitation is passing difficult or whose impact is minimal.SourceWindows XP all-in-one desk reference for dummiesBelow is a list of V ulnerabilities in WindowsMS10-033 Two Media Decompression Code Execution Vulnerabilities rendering It involves vulnerabilities in Media Decompression.Windows ships with various components that help it process and play media filing cabinets, such as videos. According to Microsoft, these media handling components suffer from two unspecified law performance vulnerabilities, involving the way they handle compressed data within oddly crafted media. effectiveness effect on system An approachinger can exploit these vulnerabilities by encouraging user to open specially crafted media file, bundleload and install harmful software, by luring them to a website containing such media or by receiving specially crafted stream content from a web site or any application that de spiritedrs Web content. In doing so, an attacker can exploit these vulnerabilities to fool the homogeneous user rights as the local user. If this happens, past the attacker will gain the complete control of that PC. riding habitrs whose accounts are configured to have someer user rights on the system could be less impacted than users who operate with administrative user rights.Microsoft rating Critical.Solution MS10-033. Since media files are most oftentimes the familiar targets of exploitation by attackers due to the increased potential for circulation via social assembly and the fact that it has been publicly been dis button upd, it is estimated that the possibility that malware authors will look to exploit these types of vulnerabilities are high and hence, update must be installed.Targeted packetWindows 2000 armed service block 4Windows emcee 2003 help conduct 2 Windows legion 2003 x64 fluctuation portion face pack 2 Windows Server 2003 Itanium based Systems No summer camp swear out family 2Windows XP profit Pack 2 and 3 Professional x64 variate serve well Pack 2Windows Server 2008 No re ferment Pack Service Pack 2 Windows Server 2008 x64 Edition No Service Pack Se rvice Pack 2 Windows Server 2008 for Itanium Based Systems No Pack Service Pack 2Windows Vista Service Pack 1 2 Windows Vista x64 Edition Service Pack 1 2MS10-034 Cumulative ActiveX Kill Bit Update definitionActiveX controls are small computer curriculummes or animations that are downloaded or engraft in web pages which will typically enhance functionality and user experience. more web design and development lances have built ActiveX support into their products, allowing developers to some(prenominal) create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today.Sourcehttp//msisac.cisecurity.org/advisories/2010/2010-043.cfmpotence effect on system There are several Microsoft and third party ActiveX controls which peculiar(prenominal)ly suffer from various security vulnerabilities, found by Microsoft and other impertinent researchers. This vulnerability allows remote code execution if a user views vic ious website that has an ActiveX control with Internet venturer. An attacker could exploit any ActiveX controls to execute code on the users computer, with that users exemptions. If user has administrative privileges, the attacker will gain full access to the users pc. routiners whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Microsoft rating Critical.Solution MS10-008 This updates protects the pc by activating the Kill bit for every vulnerable ActiveX controls, they are this disabled in Windows. Microsoft Internet Explorer provides security feature which will proceed an ActiveX control from being downloaded without the users leave.Targeted SoftwareWindows 2000 Service Pack 4Windows XP Service Pack 2 Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003Windows VistaWindows Server 2008Windows 7 or 32-bit SystemsWindows 7 for x64-based Syste msWindows Server 2008 R2 for x64-based Systems**Windows Server 2008 R2 for Itanium-based SystemsMS10-032 Three Privilege Elevation Vulnerabilities in the Kernel-mode number one wood (Win32k.sys) renderingThe kernel is the core component of any computer operating system. In Windows, access to the kernel is provided via the Windows kernel-mode device driver (Win32k.sys). Win32k.sys suffers from three elevation of privilege (EoP) vulnerabilities. The flaws are ca utilise due to the way windows kernel-mode driver, improperly allocate memory when facsimile data from user mode frees objects that are no longer in use manage kernel-mode driver objects validate input passed from user mode. Potential effect on system By outpouring a specially crafted program on one of your Windows computers, an attacker can leverage any of these flaws to gain complete control of that system, regardless of his skipper user privileges. However, the attacker needs to have local access to one of your comp uters in companionship to run a malicious program. So these vulnerabilities in the first spotlight pose an intrinsic risk.Microsoft rating Important.Solution MS10-032MS10-041 .NET mannikin Data fiddle VulnerabilityDescription The .NET Framework is software framework used by developers to create stark naked Windows and web applications. Among other things, the .NET framework includes capabilities to handle cryptographically signed XML content, to run across unauthorized attackers cant alter XML messages being sent to your application. Unfortunately, the .NET framework doesnt implement XML signature checking properly. As a result, attackers could potentially send maliciously adapted XML messages to applications youve created with the .NET frameworkPotential Effect on system The impact of this vulnerability differs greatly depending on the application youve designed, and what type of data you passed in your XML. If user havent been exposed to any web applications that rely on signed XML, then the flaw doesnt propel him at all.Microsoft rating Important.Targeted SoftwareMicrosoft .NET Framework 1.1 Service Pack 1Microsoft .NET Framework 1.0 Service Pack 3Microsoft .NET Framework 2.0 Service Pack 1 2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5 Service Pack 1Microsoft .NET Framework 3.5.1MS10-037 OpenType Compact Font Format (CFF) Driver Privilege Elevation VulnerabilityDescription This vulnerability mainly overtake when a driver that helps to display the OpenType CFF font, does non validate certain data passed from user space to kernel space. Moreover the driver can portion complete control of the affected system to any user who is logged in and is executing code.Potential effect on system By running a specially crafted program on one of your Windows computers, an attacker can exploit this flaw to gain complete control of that system, regardless of the attackers original user privileges. However, the attacker needs to have local access to one of your computers in order to run his malicious program. So this vulnerability primarily poses an internal risk.Microsoft rating Critical.Solution MS10-037Targeted SoftwareMicrosoft Windows 2000 Service Pack 4Windows XP Service Pack 2 3Windows XP Professional x64 Edition Service Pck 2Windows Server 2003 Service Pack 2 x64 Edition Service Pack 2Windows Server 2003 for Itanium-based Systems Service Pack 2Windows Vista Service Pack 1 2Windows Vista x64 Edition Service Pack 1 and 2Windows Server 2008 for 32-bit Systems No Service Pack and Service Pack 2Windows Server 2008 for x64-based Systems No Service Pack and Service Pack 2Windows Server 2008 for Itanium-based Systems No Service Pack and Service Pack 2 R2 for x64-based SystemsWindows 7 for 32-bit Systems x64-based SystemsThese are a few examples of vulnerabilities that Windows Operating Systems mainly face. This list haves on increasing with time, and fortunately Microsoft provides update so as to overcome these problems.So urcehttp//www.newagedev.net/2010/06/five-vulnerabilities-in-windows-and-its-components-two-critical/http//www.sophos.com/Threats AttacksThere are many types of threats and attacks that Windows has to face. Also the fact that Windows operating system are most putting surface among computer users, they are indeed the more targeted by attackers.Threat V/S AttackWhat is a threat? A potential incident malicious or otherwise that may harm an assetWhat is an attack? An action taken to harm an assetFrom the two definitions above, we can maintain that a threat is more the possibility of doing harm to the Windows system, while attack is mainly the action taken to violate security settings.Types of Threats AttacksBelow is a list of threats and attacks that are most common which can affect your Window Operating Systems.Types Of ThreatsDescriptionCountermeasuresSpoofingIt mainly deals entering a system by stealing the identity of an authorised user.ExampleUsing the password and username of a person to enter his account and make changes without his permission.Do non time lag password at the reach of other person. (for example in a plain text) call spyware such as Spybot SDProtect authentication cookies with good Sockets Layer (SSL).Do not pass credentials in plaintext over the wire.Use strong and long password which is not easy to guess. renouncementIt involves the denial of participation in a communication which has occurred or denying that information has been received.Make use of digital signatures.Create procure audit trails.Tampering with dataIt mainly involves changing data manually to generate surprising result.ExampleChanging data on a web site.Use data hashing and signing.Use digital signatures.Use strong authorization.Use tamper-resistant protocols across communication links.Secure communication links with protocols that provide message integrity. defensive structure of servicePrevent legitimate user from accessing a network or compuer by saturating i t with requests.Use resource and bandwidth throttling techniques.Validate and filter input.Use software available on the net such as Radwares APSolute OSInformation DisclosureIt mainly involves making confidential information come-at-able to public or a group of unauthorised person.Encrypt file where information is stored.Keep back-up in secure places and use strong authorisations.Use passwords to be able to gain access to these informationUse secure network when sending information.Malware (malicious Programs)It consists of any program that is installed either with or without permission of user, and whose aim is to cause harm to users pc by either gaining fond(p) or full access to the system. Its impact can vary from excellent as changing a folders name to full control of your cable car without the ability for the user to easily welcome out.Types of Malicious Programs computer viruses twists fifth column horses spyware Harmful adware scareware, crimeware, just about stem t urnkits, and other malicious and unwanted software or program.Computer VirusesThey are programs designed to cause harm to our computer system or the applications on the software. They are often attached to files which appear to be harmless to the operating system, but as soon as it is installed, the computer will operate different. There are viruses which even manage to close your computer without your permission.Types of Computer Viruses* Boot sector computer virusesThese types of viruses mainly affect the boot sector of the computer which is mainly in the bootable disk or in situation location in user computer tight drive. The boot sector viruses mainly affected the windows 2000 and examples of such viruses are record book Killer and Michelangelo.* Email virusesEmails viruses are enthralted through email as it name suggest. Normally they can be found as adhesion and as soon as they are opened the computer gets the virus. some may even replicate by themselves by forwarding th emselves to all the e-mail addresses in the users address book. This type of virus is spread very quickly. Even though most of the mail system provides users with scan, a cautiousness one can take is opening mail from cognise-people only.* brother virusesCompanion viruses mainly affect a computers MS-DOS system. They create dangerous program that appears to be like the other normal files that are found on the computer. When a wrong command is enter into the prompt of the computer, it may end up executing the virus instead of the program that initially wanted to run. Fortunately, Windows like XP prevent such viruses from installing into computer as they do not require to use the MS-Dos command prompt.WormsWorms have the characteristic of self-replicating itself and they are thus spread very quickly. They exploit vulnerability on operating system and provide a gateway for other malware such as fifth column horse. An example of a worm which caused a lot of harm to mainly Window Ope rating system is the ILOVEYOU virus.According to an article on WordPressTidBits For the delay Of Us(WPTidBits), the ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), is a computer worm scripted in VBScript and it is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and ca employ about $5.5 billion in damage. Most of the damage was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of ILOVEYOU and an attachment LOVE-LETTER-FOR-YOU.TXT.vbs. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It in any case sent the worm to everyone on a users co ntact list. This particular worm only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an ILOVEYOU e-mail, only Microsoft Windows systems would be infected. The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. It also has an additional component, in which it will download and execute an infected program called variously WIN-BUGSFIX.EXE or Microsoftv25.exe. This is a password-stealing program which will e-mail cached passwords.Trojan horseIt is a malware which is difficult to detect, since it masquerades itself into files which appear to be normal. It can be on the computer without doing anything, and finally one day it can be the reason why your operating system has crashed. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.SpywareSpyware normally a tool used by companies to record web surfing habits Spyware is also write outn as the Advertising Supported software. They normally do not do any harm to the operating system as such, but they transmit personal identifiable information from a computer to some place in the internet without the permission of the user.Harmful adwareAdwareis the common name used to describe software that is given to the user with advertisements embedded in the application They usually run advertisement or downloads posters without the permission of the user which often cause problem.ScarewareScareware are usually software used for marketing but which has unethical marketing tactics. For example, software which scans the computer and informs user that his computer is infected, and the afterward will have to download the following antivirus to be able to pull back them. Hence, as its name says scare ware is a software d esigned to scare people by providing them with inexact information so as to promote a particular software/applications.CrimewareCrimeware consists of an application or a program which helps people to perform illegal activities. For example, software to hack windows live messenger password. They normally steal personal information about user of an account.RootkitIt enables an attacker to have root access to the computer, which means it runs at the final level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the UNIX world and started out as a set of altered utilities such as the Is command, which is used to list file names in the directory (folder).Sourcehttp//www.pcmag.com/encyclopedia_term/0,2542,t=root+kiti=55733,00.aspRootkits are normally inserted by the intrud er so that he can again have access to it a later stage. Rather than just being a piece of code, it is a system of many linked programs designed to take control of a machine at the executive level, and remain hidden to the systems users or legitimate administrators. The purpose of rootkits include hoard information about computers (including other computers on a network) and their users (such as passwords and financial information), causing such computers to malfunctionand creating or relaying spam.Prevention against MalwareAntivirusAntivirus should be installed to prevent malware from gaining access to the computer.Anti-spywareIt helps user to identify and remove spyware from Operating system. Moreover it defends users computer from themAnti-adwareIt scans the computer and removes adware. Moreover it can also detect other confused codes which the antivirus has not detected.FirewallIt is a set of device or devices that can be used to monitor both incoming malware from network or o n users pc when he enters an external disk.Window UpdateAllow windows to update automatically, since it provides users computer with required patches to fight against new type of malware.Making Windows more secure1. VirtualisationThis method mainly involves using another computer in your computer. What is meant by that is software like Adware, allow you to install windows and use it. thus you can connect to any device or any site and if the pc crash, there will still be your main Operating system running.2. User Account ControlIt is a method which is mainly applicable for users of Vista and Windows 7 only. It an effective measure that Microsoft has made to downstairsstand that user does not perform any action which can turn out to be harmful for the system. Also, user is being asked for permission whenever a program is installed. If a virus tries to run without the knowledge of the user or his permission, UAC will pop up with the usual continue or nullify message giving him one last chance to stop that particular infection. UAC can be adjusted in the Control Panel under User Accounts.3. BrowserInternet Explorer is not a skilful browser. (Not including IE9) and they are the most targeted browser. Firefox, Chrome and Safari have support for extensions, and the options available for each browserInternet Explorer can be used however any version below 7 does not touch on the required security level.When using it make sure that the InPrivate and SmartScreen filters are fighting(a). Also, make sure that the activeX and file being downloaded are safe.4. Safe Internet PracticesInternet contains many viruses and one will never know when they great power hit. Below is a guideline for a few good practices to follow when using the internetIf its questionable in real life, its probably the uniform online. Downloading illegal torrents, visiting sites, and looking for bomb-making information is an easy way to ask for a virus infection.Know what is being clicking on. Avoid pop up messages, congratulations message etc..Maintain computer by updating anti-virus. If not maintained, the system becomes slow and vulnerable.Monitor all activity on computer. If the computer is being used by other user, ensure that they too is using the computer correctly.Reach out and ask questions. Its ok not to know if a certain website is safe or if an email is a scam. take in more knowledgeable people or research the subject to find out if it is or not.OpenDNSOpenDNS -redirects requests through a third party emcee which is managed and updated to optimize speed and security. Using the OpenDNS server can keep user from visiting known malicious sites or keep malicious scripts from running. This is particularly useful for multi-user environments because user can create an account and manage in more detail what sites the computers are allowed to visit (parental controls).