Monday, August 5, 2019
Analysis of Windows Operating System and Microsoft
Analysis of Windows Operating System and Microsoft What is Windows? Windows is a personal computer operating system from Microsoft that, together with some commonly used business applications such as Microsoft PowerPoint, Word and Excel, has become a de facto standard for individual users in most corporations as well as in most homes. It provides a graphical user interface (GUI), virtual memory management, multitasking, and support for many peripheral devices. According to OneStat.com, as of August, 2006, Windows as a whole dominates the personal computer world, running on about 97% of the operating system market share, with XP accounting for about 87% of that. In comparison Mac OS has about 2% and Linux (with all distributions) about .36% The reason why this is so is mainly because Windows is much more user friendly and everything comes pre-packaged so user just have to run the application and follow instructions for it to install. There are many versions of Windows Operating System available namely: Windows 286 Windows 386 Windows 3.0 and 3.11 Windows 95 Windows 98 Windows NT Windows 2000 Windows CE for use in small mobile computers Windows Me Windows XP Windows Vista Windows 7 Among all those versions, Windows XP is the most popular one and it is used by 61.9 percent of Internet users, according to data from Net Applications, followed by Windows 7 which has 14.46 percent of users and Vista -14.34 percent. A Brief Story On Windows Windows mainly concentrated on providing an operating system which was user-friendly, stable and less prone to crashes when they were implementing earlier versions. Now, even though XP is generally referred to being stable and efficient compared to other copies of Windows, it is still critised for being overly susceptible to security risks. Therefore the successor of XP- Vista, released in January of 2007 was designed in such a way so as it provides more security. The transition time between Vista and XP is the longest one between versions of windows. Vulnerabilities Of Windows What is vulnerability? ââ¬Å"It is a weakness that makes a threat possible. ââ¬Å" These vulnerabilities are used by attackers who exploits them to convey multiple attack, including enticing the users to open harmful and malicious media or to visit website which has a lot of viruses. These can have a lot of consequences. In the worst case, a hacker or attacker can get full access to the computer. Fortunately, windows provide a lot of solution to these vulnerabilities. The user just has to install the appropriate Microsoft patches or they are sometimes installed automatically with the help of Windows Update. Window Update Vulnerabilities can be compared to holes. They are like holes in the system. Windows periodically releases security patches mostly as Window Updates to fix those defects. There exists different level of security known as the ââ¬Å"security level systemâ⬠in Windows which describes the different levels of security holes: A critical security hole is ââ¬Å"a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.â⬠An important hole is ââ¬Å" A vulnerability whoses exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing recources.â⬠A moderate security rating signifies that ââ¬Å"Exploitability could result is mitigated to a significant degree by factors such as default configuration, auditing or difficulty of exploitation. And a low hole is ââ¬Å"A vulnerability whose exploitation is extremely difficult or whose impact is minimal.â⬠Source: Windows XP all-in-one desk reference for dummies Below is a list of Vulnerabilities in Windows MS10-033: Two Media Decompression Code Execution Vulnerabilities Description: It involves vulnerabilities in Media Decompression. ââ¬Å"Windows ships with various components that help it process and play media files, such as videos. According to Microsoft, these media handling components suffer from two unspecified code execution vulnerabilities, involving the way they handle compressed data within specially crafted media. ââ¬Å" Potential effect on system: An attacker can exploit these vulnerabilities by encouraging user to open specially crafted media file, download and install harmful software, by luring them to a website containing such media or by receiving specially crafted streaming content from a web site or any application that delivers Web content. In doing so, an attacker can exploit these vulnerabilities to gain the same user rights as the local user. If this happens, then the attacker will gain the complete control of that PC. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft rating: Critical. Solution: MS10-033. Since media files are most often the common targets of exploitation by attackers due to the increased potential for circulation via social group and the fact that it has been publicly been disclosed, it is estimated that the possibility that malware authors will look to exploit these types of vulnerabilities are high and hence, update must be installed. Targeted Software: Windows 2000 Service Pack 4 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 Itanium based Systems No Pack Service Pack 2 Windows XP Service Pack 2 and 3 Professional x64 Edition Service Pack 2 Windows Server 2008 No Service Pack Service Pack 2 Windows Server 2008 x64 Edition No Service Pack Service Pack 2 Windows Server 2008 for Itanium Based Systems No Pack Service Pack 2 Windows Vista Service Pack 1 2 Windows Vista x64 Edition Service Pack 1 2 MS10-034: Cumulative ActiveX Kill Bit Update Description:ââ¬Å"ActiveX controls are small programs or animations that are downloaded or embedded in web pages which will typically enhance functionality and user experience. Many web design and development tools have built ActiveX support into their products, allowing developers to both create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today.â⬠Source: http://msisac.cisecurity.org/advisories/2010/2010-043.cfm Potential effect on system: There are several Microsoft and third party ActiveX controls which particularly suffer from various security vulnerabilities, found by Microsoft and other external researchers. This vulnerability allows remote code execution if a user views malicious website that has an ActiveX control with Internet Explorer. An attacker could exploit any ActiveX controls to execute code on the users computer, with that users privileges. If user has administrative privileges, the attacker will gain full access to the users pc. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft rating: Critical. Solution: MS10-008 This updates protects the pc by activating the Kill bit for every vulnerable ActiveX controls, they are this disabled in Windows. Microsoft Internet Explorer provides security feature which will prevent an ActiveX control from being downloaded without the users permission. Targeted Software: Windows 2000 Service Pack 4 Windows XP Service Pack 2 Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 or 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems** Windows Server 2008 R2 for Itanium-based Systems MS10-032: Three Privilege Elevation Vulnerabilities in the Kernel-mode Driver (Win32k.sys) Description:â⬠The kernel is the core component of any computer operating system. In Windows, access to the kernel is provided via the Windows kernel-mode device driver (Win32k.sys). Win32k.sys suffers from three elevation of privilege (EoP) vulnerabilitiesâ⬠.â⬠The flaws are caused due to the way windows kernel-mode driver, improperly allocate memory when copying data from user mode frees objects that are no longer in use manage kernel-mode driver objects validate input passed from user mode. ââ¬Å" Potential effect on system: ââ¬Å"By running a specially crafted program on one of your Windows computers, an attacker can leverage any of these flaws to gain complete control of that system, regardless of his original user privileges. However, the attacker needs to have local access to one of your computers in order to run a malicious program. So these vulnerabilities primarily pose an internal risk.â⬠Microsoft rating: Important. Solution: MS10-032 MS10-041: .NET Framework Data Tampering Vulnerability Description: ââ¬Å"The .NET Framework is software framework used by developers to create new Windows and web applications. Among other things, the .NET framework includes capabilities to handle cryptographically signed XML content, to ensure unauthorized attackers cant alter XML messages being sent to your application. Unfortunately, the .NET framework doesnt implement XML signature checking properly. As a result, attackers could potentially send maliciously altered XML messages to applications youve created with the .NET frameworkâ⬠Potential Effect on system: The impact of this vulnerability differs greatly depending on the application youve designed, and what type of data you passed in your XML. If user havent been exposed to any web applications that rely on signed XML, then the flaw doesnt affect him at all. Microsoft rating: Important. Targeted Software: Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 1.0 Service Pack 3 Microsoft .NET Framework 2.0 Service Pack 1 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 3.5.1 MS10-037: OpenType Compact Font Format (CFF) Driver Privilege Elevation Vulnerability Description: This vulnerability mainly occur when a driver that helps to display the OpenType CFF font, does not validate certain data passed from user space to kernel space. Moreover the driver can grant complete control of the affected system to any user who is logged in and is executing code. Potential effect on system: ââ¬Å"By running a specially crafted program on one of your Windows computers, an attacker can exploit this flaw to gain complete control of that system, regardless of the attackers original user privileges. However, the attacker needs to have local access to one of your computers in order to run his malicious program. So this vulnerability primarily poses an internal risk.â⬠Microsoft rating: Critical. Solution: MS10-037 Targeted Software: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 3 Windows XP Professional x64 Edition Service Pck 2 Windows Server 2003 Service Pack 2 x64 Edition Service Pack 2 Windows Server 2003 for Itanium-based Systems Service Pack 2 Windows Vista Service Pack 1 2 Windows Vista x64 Edition Service Pack 1 and 2 Windows Server 2008 for 32-bit Systems No Service Pack and Service Pack 2 Windows Server 2008 for x64-based Systems No Service Pack and Service Pack 2 Windows Server 2008 for Itanium-based Systems No Service Pack and Service Pack 2 R2 for x64-based Systems Windows 7 for 32-bit Systems x64-based Systems These are a few examples of vulnerabilities that Windows Operating Systems mainly face. This list keeps on increasing with time, and fortunately Microsoft provides update so as to overcome these problems. Source: http://www.newagedev.net/2010/06/five-vulnerabilities-in-windows-and-its-components-two-critical/ http://www.sophos.com/ Threats Attacks There are many types of threats and attacks that Windows has to face. Also the fact that Windows operating system are most common among computer users, they are thus the more targeted by attackers. Threat V/S Attack What is a threat? ââ¬Å"A potential occurrence malicious or otherwise that may harm an assetâ⬠What is an attack? ââ¬Å"An action taken to harm an assetâ⬠From the two definitions above, we can say that a threat is more the possibility of doing harm to the Windows system, while attack is mainly the action taken to violate security settings. Types of Threats Attacks Below is a list of threats and attacks that are most common which can affect your Window Operating Systems. Types Of Threats Description Countermeasures Spoofing It mainly deals entering a system by stealing the identity of an authorised user. Example: Using the password and username of a person to enter his account and make changes without his permission. Do not keep password at the reach of other person. (for example in a plain text) Use spyware such as Spybot SD ââ¬Å"Protect authentication cookies with Secure Sockets Layer (SSL).â⬠ââ¬Å"Do not pass credentials in plaintext over the wire.â⬠Use strong and long password which is not easy to guess. Repudiation It involves the denial of participation in a communication which has occurred or denying that information has been received. Make use of digital signatures. Create secure audit trails. Tampering with data It mainly involves changing data manually to generate unexpected result. Example: Changing data on a web site. ââ¬Å"Use data hashing and signing. Use digital signatures. Use strong authorization. Use tamper-resistant protocols across communication links. Secure communication links with protocols that provide message integrity.â⬠Denial of service Prevent legitimate user from accessing a network or compuer by saturating it with requests. ââ¬Å"Use resource and bandwidth throttling techniques. Validate and filter input.â⬠Use software available on the net such as Radwares APSolute OS Information Disclosure It mainly involves making confidential information accessible to public or a group of unauthorised person. Encrypt file where information is stored. Keep back-up in secure places and use strong authorisations. Use passwords to be able to gain access to these information Use secure network when sending information. Malware (malicious Programs) It consists of any program that is installed either with or without permission of user, and whose aim is to cause harm to users pc by either gaining partial or full access to the system. Its impact can vary from slight as changing a folders name to full control of your machine without the ability for the user to easily find out. Types of Malicious Programs: computer viruses worms Trojan horses spyware Harmful adware scareware, crimeware, Most rootkits, and other malicious and unwanted software or program. Computer Viruses They are programs designed to cause harm to our computer system or the applications on the software. They are often attached to files which appear to be harmless to the operating system, but as soon as it is installed, the computer will operate different. There are viruses which even manage to close your computer without your permission. Types of Computer Viruses: * Boot sector computer viruses These types of viruses mainly affect the boot sector of the computer which is mainly in the bootable disk or in particular location in user computer hard drive. The boot sector viruses mainly affected the windows 2000 and examples of such viruses are: Disk Killer and Michelangelo. * Email viruses Emails viruses are transmitted through email as it name suggest. Normally they can be found as attachment and as soon as they are opened the computer gets the virus. Some may even replicate by themselves by forwarding themselves to all the e-mail addresses in the users address book. This type of virus is spread very quickly. Even though most of the mail system provides users with scan, a precaution one can take is opening mail from known-people only. * Companion viruses Companion viruses mainly affect a computers MS-DOS system. They create dangerous program that appears to be like the other normal files that are found on the computer. When a wrong command is enter into the prompt of the computer, it may end up executing the virus instead of the program that initially wanted to run. Fortunately, Windows like XP prevent such viruses from installing into computer as they do not require to use the MS-Dos command prompt. Worms Worms have the characteristic of self-replicating itself and they are thus spread very quickly. They exploit vulnerability on operating system and provide a gateway for other malware such as Trojan horse. An example of a worm which caused a lot of harm to mainly Window Operating system is: the ILOVEYOU virus. According to an article on WordPressTidBits For the Rest Of Us(WPTidBits), the ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), is a computer worm written in VBScript and it is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the ââ¬Å"damageâ⬠was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of ââ¬Å"ILOVEYOUâ⬠and an attachment ââ¬Å"LOVE-LETTER-FOR-YOU.TXT.vbsâ⬠. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a users contact list. This particular worm only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an ââ¬Å"ILOVEYOUâ⬠e-mail, only Microsoft Windows systems would be infected. The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. It also has an additional component, in which it will download and execute an infected program called variously ââ¬Å"WIN-BUGSFIX.EXEâ⬠or ââ¬Å"Microsoftv25.exeâ⬠. This is a password-stealing program which will e-mail cached passwords. Trojan horse It is a malware which is difficult to detect, since it masquerades itself into files which appear to be normal. It can be on the computer without doing anything, and finally one day it can be the reason why your operating system has crashed. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. Spyware Spyware normally a tool used by companies to record web surfing habits Spyware is also known as the Advertising Supported software. They normally do not do any harm to the operating system as such, but they transmit personal identifiable information from a computer to some place in the internet without the permission of the user. Harmful adware ââ¬Å"Adwareis the common name used to describe software that is given to the user with advertisements embedded in the applicationâ⬠They usually run advertisement or downloads posters without the permission of the user which often cause problem. Scareware Scareware are usually software used for marketing but which has unethical marketing tactics. For example, software which scans the computer and informs user that his computer is infected, and the later will have to download the following antivirus to be able to remove them. Hence, as its name says ââ¬Å"scareâ⬠ware is a software designed to scare people by providing them with inexact information so as to promote a particular software/applications. Crimeware Crimeware consists of an application or a program which helps people to perform illegal activities. For example, software to hack windows live messenger password. They normally steal personal information about user of an account. Rootkit ââ¬Å"It enables an attacker to have root access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the UNIX world and started out as a set of altered utilities such as the Is command, which is used to list file names in the directory (folder).â⬠Source: http://www.pcmag.com/encyclopedia_term/0,2542,t=root+kiti=55733,00.asp Rootkits are normally inserted by the intruder so that he can again have access to it a later stage. Rather than just being a piece of code, it is a system of many linked programs designed to take control of a machine at the administrator level, and remain hidden to the systems users or legitimate administrators. The purpose of rootkits include collecting information about computers (including other computers on a network) and their users (such as passwords and financial information), causing such computers to malfunction and creating or relaying spam. Prevention against Malware Antivirus Antivirus should be installed to prevent malware from gaining access to the computer. Anti-spyware It helps user to identify and remove spyware from Operating system. Moreover it defends users computer from them Anti-adware It scans the computer and removes adware. Moreover it can also detect other miscellaneous codes which the antivirus has not detected. Firewall It is a set of device or devices that can be used to monitor both incoming malware from network or on users pc when he enters an external disk. Window Update Allow windows to update automatically, since it provides users computer with required patches to fight against new type of malware. Making Windows more secure 1. Virtualisation This method mainly involves using another computer in your computer. What is meant by that is software like Adware, allow you to install windows and use it. Thus you can connect to any device or any site and if the pc crash, there will still be your main Operating system running. 2. User Account Control It is a method which is mainly applicable for users of Vista and Windows 7 only. It an effective measure that Microsoft has made to ensure that user does not perform any action which can turn out to be harmful for the system. Also, user is being asked for permission whenever a program is installed. If a virus tries to run without the knowledge of the user or his permission, UAC will pop up with the usual continue or cancel message giving him one last chance to stop that particular infection. UAC can be adjusted in the Control Panel under User Accounts. 3. Browser Internet Explorer is not a safe browser. (Not including IE9) and they are the most targeted browser. Firefox, Chrome and Safari have support for extensions, and the options available for each browser Internet Explorer can be used however any version below 7 does not meet the required security level. When using it make sure that the ââ¬Å"InPrivate and SmartScreen filters are activeâ⬠. Also, make sure that the activeX and file being downloaded are safe. 4. Safe Internet Practices Internet contains many viruses and one will never know when they might hit. Below is a guideline for a few good practices to follow when using the internet: If its questionable in real life, its probably the same online. Downloading illegal torrents, visiting sites, and looking for bomb-making information is an easy way to ask for a virus infection. Know what is being clicking on. Avoid pop up messages, congratulations message etc.. Maintain computer by updating anti-virus. If not maintained, the system becomes slow and vulnerable. Monitor all activity on computer. If the computer is being used by other user, ensure that they too is using the computer correctly. Reach out and ask questions. Its ok not to know if a certain website is safe or if an email is a scam. Ask more knowledgeable people or research the subject to find out if it is or not. OpenDNS OpenDNS -redirects requests through a third party server which is managed and updated to optimize speed and security. Using the OpenDNS server can keep user from visiting known malicious sites or keep malicious scripts from running. This is especially useful for multi-user environments because user can create an account and manage in more detail what sites the computers are allowed to visit (parental controls).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.