Tuesday, June 4, 2019
Analysis of Windows Operating System and Microsoft
Analysis of Windows Ope range System and MicrosoftWhat is Windows?Windows is a individualized computing machine ope range arrangement from Microsoft that, together with some commonly use business applications such as Microsoft PowerPoint, Word and Excel, has become a de facto standard for individual drug users in to the highest degree corporations as well as in most homes. It adds a graphical user interface (GUI), virtual memory management, multitasking, and support for umteen peripheral devices. According to OneStat.com, as of August, 2006, Windows as a whole dominates the personal computer foundation, stretch outning on about 97% of the run system market sh atomic number 18, with XP accounting for about 87% of that. In comparison Mac OS has about 2% and Linux (with all distributions) about .36% The reason why this is so is generally because Windows is much much user fri residuumly and everything comes pre-packaged so user except perplex to run the application and foll ow instructions for it to install.There are many versions of Windows in operation(p) System available namelyWindows 286Windows 386Windows 3.0 and 3.11Windows 95Windows 98Windows NTWindows 2000Windows CE for use in small mobile computersWindows MeWindows XPWindows VistaWindows 7Among all those versions, Windows XP is the most popular one and it is apply by 61.9 percent of Internet users, fit in to info from Net Applications, followed by Windows 7 which has 14.46 percent of users and Vista -14.34 percent.A Brief Story On WindowsWindows mainly concentrated on providing an operating system which was user-friendly, stable and less prone to crashes when they were implementing earlier versions. Now, even though XP is generally referred to being stable and efficient compared to other copies of Windows, it is still critised for being overly amenable to security risks. Therefore the successor of XP- Vista, released in January of 2007 was designed in such a way so as it provides more sec urity. The transition time surrounded by Vista and XP is the longest one between versions of windows.Vulnerabilities Of WindowsWhat is vulnerability? It is a weakness that shams a panic possible. These vulnerabilities are used by attackers who exploits them to convey multiple attack, including stimulate the users to open ill-treatful and malicious media or to visit website which has a lot of viruses.These back end have a lot of consequences. In the worst case, a navvy or attacker displace get in force(p) entrance fee to the computer. Fortunately, windows provide a lot of solution to these vulnerabilities. The user just has to install the appropriate Microsoft patches or they are sometimes installed automatically with the help of Windows Update.Window UpdateVulnerabilities can be compared to holes. They are like holes in the system. Windows periodically releases security patches mostly as Window Updates to fix those defects. There exists different level of security known as the security level system in Windows which describes the different levels of security holesA critical security hole is a vulnerability whose exploitation could allow the propagation of an Internet flex without user action.An important hole is A vulnerability whoses exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing recources.A moderate security rating signifies that Exploitability could result is mitigated to a significant degree by factors such as default configuration, auditing or difficulty of exploitation.And a low hole is A vulnerability whose exploitation is extremely difficult or whose impact is minimal.SourceWindows XP all-in-one desk reference for dummies at a lower smirch is a list of Vulnerabilities in WindowsMS10-033 Two Media Decompression encrypt Execution VulnerabilitiesDescription It involves vulnerabilities in Media Decompression.Windows ships with various components that help it process and play media files, such as videos. According to Microsoft, these media handling components suffer from both unspecified statute execution vulnerabilities, involving the way they handle compressed data within in finical crafted media. Potential effect on system An attacker can exploit these vulnerabilities by encouraging user to open specially crafted media file, download and install harmful bundle, by luring them to a website containing such media or by receiving specially crafted streaming nub from a web site or any application that delivers Web content. In doing so, an attacker can exploit these vulnerabilities to gain the same user rights as the local user. If this happens, then the attacker forget gain the complete go out of that PC. users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Microsoft rating Critical. consequence MS10-033. S ince media files are most often the common targets of exploitation by attackers due to the increase potential for circulation via social group and the fact that it has been publicly been disclosed, it is estimated that the possibility that malware authors will look to exploit these types of vulnerabilities are high and hence, update must be installed.Targeted software scheduleWindows 2000 armed service Pack 4Windows Server 2003 profit Pack 2 Windows Server 2003 x64 mutant attend Pack 2 Windows Server 2003 Itanium based Systems No Pack helper Pack 2Windows XP Service Pack 2 and 3 victor x64 Edition Service Pack 2Windows Server 2008 No Service Pack Service Pack 2 Windows Server 2008 x64 Edition No Service Pack Service Pack 2 Windows Server 2008 for Itanium establish Systems No Pack Service Pack 2Windows Vista Service Pack 1 2 Windows Vista x64 Edition Service Pack 1 2MS10-034 Cumulative ActiveX Kill Bit UpdateDescriptionActiveX controls are small programs or animations th at are downloaded or embedded in web pages which will typically enhance functionality and user experience. Many web design and development tools have built ActiveX support into their products, allowing developers to both create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today.Sourcehttp//msisac.cisecurity.org/advisories/2010/2010-043.cfmPotential effect on system There are several Microsoft and trine party ActiveX controls which particularly suffer from various security vulnerabilities, found by Microsoft and other external researchers. This vulnerability allows remote code execution if a user views malicious website that has an ActiveX control with Internet Explorer. An attacker could exploit any ActiveX controls to execute code on the users computer, with that users privileges. If user has administrative privileges, the attacker will gain full access to the users pc. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Microsoft rating Critical.Solution MS10-008 This updates protects the pc by activating the Kill bit for every vulnerable ActiveX controls, they are this disabled in Windows. Microsoft Internet Explorer provides security experience which will prevent an ActiveX control from being downloaded without the users permission.Targeted SoftwareWindows 2000 Service Pack 4Windows XP Service Pack 2 Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003Windows VistaWindows Server 2008Windows 7 or 32-bit SystemsWindows 7 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems**Windows Server 2008 R2 for Itanium-based SystemsMS10-032 Three Privilege superlative degree Vulnerabilities in the Kernel-mode Driver (Win32k.sys)DescriptionThe kernel is the core component of any computer operating system. In Windows, access to the kerne l is provided via the Windows kernel-mode device driver (Win32k.sys). Win32k.sys suffers from terce elevation of privilege (EoP) vulnerabilities. The flaws are caused due to the way windows kernel-mode driver, improperly allocate memory when copying data from user mode frees objects that are no all-night in use manage kernel-mode driver objects validate input passed from user mode. Potential effect on system By running a specially crafted program on one of your Windows computers, an attacker can leverage any of these flaws to gain complete control of that system, regardless of his original user privileges. However, the attacker needfully to have local access to one of your computers in order to run a malicious program. So these vulnerabilities primarily pose an internal risk.Microsoft rating Important.Solution MS10-032MS10-041 .NET theoretical account Data Tampering VulnerabilityDescription The .NET Framework is software fashion model used by developers to create new Window s and web applications. Among other things, the .NET framework includes capabilities to handle cryptographically signed XML content, to fix unauthorized attackers cant alter XML messages being sent to your application. Unfortunately, the .NET framework doesnt implement XML signature checking properly. As a result, attackers could potentially send maliciously altered XML messages to applications youve created with the .NET frameworkPotential Effect on system The impact of this vulnerability differs greatly depending on the application youve designed, and what type of data you passed in your XML. If user havent been exposed to any web applications that rely on signed XML, then the flaw doesnt meet him at all.Microsoft rating Important.Targeted SoftwareMicrosoft .NET Framework 1.1 Service Pack 1Microsoft .NET Framework 1.0 Service Pack 3Microsoft .NET Framework 2.0 Service Pack 1 2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5 Service Pack 1Microsoft .NET Framework 3.5.1MS 10-037 OpenType Compact Font Format (CFF) Driver Privilege Elevation VulnerabilityDescription This vulnerability mainly occur when a driver that helps to display the OpenType CFF font, does non validate certain data passed from user space to kernel space. Moreover the driver can grant complete control of the affected system to any user who is logged in and is executing code.Potential effect on system By running a specially crafted program on one of your Windows computers, an attacker can exploit this flaw to gain complete control of that system, regardless of the attackers original user privileges. However, the attacker needs to have local access to one of your computers in order to run his malicious program. So this vulnerability primarily poses an internal risk.Microsoft rating Critical.Solution MS10-037Targeted SoftwareMicrosoft Windows 2000 Service Pack 4Windows XP Service Pack 2 3Windows XP Professional x64 Edition Service Pck 2Windows Server 2003 Service Pack 2 x64 Edition S ervice Pack 2Windows Server 2003 for Itanium-based Systems Service Pack 2Windows Vista Service Pack 1 2Windows Vista x64 Edition Service Pack 1 and 2Windows Server 2008 for 32-bit Systems No Service Pack and Service Pack 2Windows Server 2008 for x64-based Systems No Service Pack and Service Pack 2Windows Server 2008 for Itanium-based Systems No Service Pack and Service Pack 2 R2 for x64-based SystemsWindows 7 for 32-bit Systems x64-based SystemsThese are a few examples of vulnerabilities that Windows Operating Systems mainly face. This list keeps on increasing with time, and fortunately Microsoft provides update so as to overcome these problems.Sourcehttp//www.newagedev.net/2010/06/five-vulnerabilities-in-windows-and-its-components-two-critical/http//www.sophos.com/Threats AttacksThere are many types of threats and attacks that Windows has to face. Also the fact that Windows operating system are most common among computer users, they are thus the more targeted by attackers.Threa t V/S AttackWhat is a threat? A potential occurrence malicious or otherwise that may harm an assetWhat is an attack? An action taken to harm an assetFrom the two definitions above, we can say that a threat is more the possibility of doing harm to the Windows system, while attack is mainly the action taken to violate security settings.Types of Threats AttacksBelow is a list of threats and attacks that are most common which can affect your Window Operating Systems.Types Of ThreatsDescriptionCountermeasuresSpoofingIt mainly deals entering a system by stealing the identity of an authorised user.ExampleUsing the tidings and username of a person to enter his account and make changes without his permission.Do not keep password at the reach of other person. (for example in a plain text)Use spyware such as Spybot SDProtect authentication cookies with Secure Sockets Layer (SSL).Do not pass credentials in plaintext over the wire.Use secure and long password which is not easy to guess.Repu diationIt involves the denial of participation in a communication which has occurred or denying that learning has been received.Make use of digital signatures.Create secure audit trails.Tampering with dataIt mainly involves changing data manually to generate unexpected result.ExampleChanging data on a web site.Use data hashing and signing.Use digital signatures.Use strong authorization.Use tamper-resistant protocols across communication links.Secure communication links with protocols that provide message integrity.Denial of servicePrevent legitimate user from accessing a net profit or compuer by saturating it with requests.Use resource and bandwidth throttling techniques.Validate and filter input.Use software available on the net such as Radwares APSolute OSInformation DisclosureIt mainly involves making confidential entropy accessible to public or a group of unauthorised person.Encrypt file where information is stored.Keep back-up in secure places and use strong authorisations.U se passwords to be able to gain access to these informationUse secure network when move information.Malware (malicious Programs)It consists of any program that is installed either with or without permission of user, and whose aim is to cause harm to users pc by either gaining partial or full access to the system. Its impact can vary from slight as changing a folders name to full control of your machine without the ability for the user to easily bob up out.Types of Malicious Programs computer viruses worms Trojan horses spyware Harmful adware alarmware, crimeware, Most rootkits, and other malicious and unwanted software or program.Computer VirusesThey are programs designed to cause harm to our computer system or the applications on the software. They are often attached to files which appear to be harmless to the operating system, but as soon as it is installed, the computer will operate different. There are viruses which even manage to close your computer without your permission.T ypes of Computer Viruses* Boot sector computer virusesThese types of viruses mainly affect the lift sector of the computer which is mainly in the bootable disk or in particular location in user computer hard drive. The boot sector viruses mainly affected the windows 2000 and examples of such viruses are Disk Killer and Michelangelo.* E air virusesEmails viruses are transmitted through email as it name suggest. ordinarily they can be found as attachment and as soon as they are opened the computer gets the virus. Some may even imitate by themselves by forwarding themselves to all the e-mail addresses in the users address book. This type of virus is spread very quickly. Even though most of the mail system provides users with scan, a precaution one can take is opening mail from known-people only.* Companion virusesCompanion viruses mainly affect a computers MS-DOS system. They create good program that appears to be like the other normal files that are found on the computer. When a w rong command is enter into the prompt of the computer, it may end up executing the virus instead of the program that initially wanted to run. Fortunately, Windows like XP prevent such viruses from installing into computer as they do not require to use the MS-Dos command prompt.WormsWorms have the characteristic of self-replicating itself and they are thus spread very quickly. They exploit vulnerability on operating system and provide a gateway for other malware such as Trojan horse. An example of a worm which caused a lot of harm to mainly Window Operating system is the ILOVEYOU virus.According to an article on WordPressTidBits For the Rest Of Us(WPTidBits), the ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), is a computer worm written in VBScript and it is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the fall in States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the damage was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of ILOVEYOU and an attachment LOVE-LETTER-FOR-YOU.TXT.vbs. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most cosmic corporations.The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a users contact list. This particular worm only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an ILOVEYOU e-mail, only Microsoft Windows systems would be infected. The worm propagates by send out copies of itself to all entries in the Microsoft Outlook address book. It also has an additional component, in which it will download and execute an infected program called variously WIN-BUGSFI X.EXE or Microsoftv25.exe. This is a password-stealing program which will e-mail cached passwords.Trojan horseIt is a malware which is difficult to retrieve, since it masquerades itself into files which appear to be normal. It can be on the computer without doing anything, and last one day it can be the reason why your operating system has crashed. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.SpywareSpyware unremarkably a tool used by companies to record web surfing habits Spyware is also known as the Advertising Supported software. They normally do not do any harm to the operating system as such, but they transmit personal identifiable information from a computer to some place in the internet without the permission of the user.Harmful adwareAdwareis the common name used to desc ribe software that is given to the user with advertisements embedded in the application They usually run advertisement or downloads posters without the permission of the user which often cause problem.ScarewareScareware are usually software used for market but which has unethical marketing tactics. For example, software which scans the computer and informs user that his computer is infected, and the later will have to download the following antivirus to be able to remove them. Hence, as its name says scare ware is a software designed to scare people by providing them with inexact information so as to promote a particular software/applications.CrimewareCrimeware consists of an application or a program which helps people to set illegal activities. For example, software to hack windows live messenger password. They normally steal personal information about user of an account.RootkitIt enables an attacker to have root access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the UNIX world and started out as a set of altered utilities such as the Is command, which is used to list file names in the directory (folder).Sourcehttp//www.pcmag.com/encyclopedia_term/0,2542,t=root+kiti=55733,00.aspRootkits are normally inserted by the intruder so that he can again have access to it a later stage. Rather than just being a piece of code, it is a system of many linked programs designed to take control of a machine at the administrator level, and remain hidden to the systems users or legitimate administrators. The purpose of rootkits includecollecting information about computers (including other computers on a network) and their users (such as passwords and financial information), causing such computer s to malfunctionand creating or relaying spam.Prevention against MalwareAntivirusAntivirus should be installed to prevent malware from gaining access to the computer.Anti-spywareIt helps user to identify and remove spyware from Operating system. Moreover it defends users computer from themAnti-adwareIt scans the computer and removes adware. Moreover it can also detect other miscellaneous codes which the antivirus has not detected.FirewallIt is a set of device or devices that can be used to monitor both incoming malware from network or on users pc when he enters an external disk.Window UpdateAllow windows to update automatically, since it provides users computer with required patches to fight against new type of malware.Making Windows more secure1. VirtualisationThis method mainly involves using another computer in your computer. What is meant by that is software like Adware, allow you to install windows and use it. Thus you can connect to any device or any site and if the pc crash, there will still be your main Operating system running.2. User Account ControlIt is a method which is mainly applicable for users of Vista and Windows 7 only. It an effective measure that Microsoft has made to ensure that user does not perform any action which can turn out to be harmful for the system. Also, user is being asked for permission whenever a program is installed. If a virus tries to run without the knowledge of the user or his permission, UAC will pop up with the usual continue or cancel message giving him one last find oneself to stop that particular infection. UAC can be adjusted in the Control Panel under User Accounts.3. BrowserInternet Explorer is not a safe browser. (Not including IE9) and they are the most targeted browser. Firefox, Chrome and Safari have support for extensions, and the options available for each browserInternet Explorer can be used however any version below 7 does not meet the required security level.When using it make sure that the InPrivate an d SmartScreen filters are active. Also, make sure that the activeX and file being downloaded are safe.4. Safe Internet PracticesInternet contains many viruses and one will never know when they might hit. Below is a guideline for a few good practices to follow when using the internetIf its questionable in real life, its probably the same online. Downloading illegal torrents, visiting sites, and looking for bomb-making information is an easy way to ask for a virus infection.Know what is being clicking on. Avoid pop up messages, congratulations message etc..Maintain computer by updating anti-virus. If not maintained, the system becomes slow and vulnerable.Monitor all activity on computer. If the computer is being used by other user, ensure that they too is using the computer correctly.Reach out and ask questions. Its ok not to know if a certain website is safe or if an email is a scam. Ask more knowledgeable people or research the subject to find out if it is or not.OpenDNSOpenDNS -re directs requests through a third party server which is managed and updated to optimize speed and security. Using the OpenDNS server can keep user from visiting known malicious sites or keep malicious scripts from running. This is especially utile for multi-user environments because user can create an account and manage in more detail what sites the computers are allowed to visit (parental controls).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.