XP Windows Operating Systems - Coursework Example

Introduction The success of any operating system lies in the functionalities that the system avails to the user and the ease of working with it. More importantly however this success lies in the security measures that the developers have put in place to benefit the users. Windows XP OS that was unveiled by Microsoft has managed to rise above the conventional security talks that affected such systems as Vista. Security has to be guaranteed by the developer given that these systems are used not only for personal application but also in industrial as well as commercial sectors. It is however important to note that inasmuch as the developers may strive to enhance security in these later versions of the systems, total security cannot be guaranteed. Loopholes will always exist given the daily activities of hackers and other vandals out to cause disorder. Therefore, these measures are basically attempts to ensure that Windows XP remains one of the best operating systems as time might permit. Some of the security features that are customized in the Windows XP OS are discussed below. There are a myriad features that are in-built within the operating system that are designed to enhance its security aspects. Some of these features are basically exclusive to Windows alone and have been developed out of the growing need to boost security measures and in light of the security weaknesses of the previous versions of the Windows operating systems. Nevertheless, some of the security aspects of the previous versions of Windows have still been incorporated into the Windows XP security framework. Even though this has seen many challenges, much research is currently ongoing on the better methods to enhance security and to limit the exploitative intrusion caused by hackers and attackers. Whichever the case, there will always be room for improvement. Microsoft launched windows XP in two editions. These are the Home edition which is use for general home application and the Professional edition that is mostly used by businesses. The success of windows XP operating system can be attributed to several factors including the security measures that have been put in place. By statistics, it is the second most installed operating system in the world. That confirms that measures were indeed put in place as regards security aspects. Personalized login The home edition of Windows XP was almost the first OS to be enabled with personalized login ability. In this case various people can log into the same machine as a different person using a different user account. This capability is enabled by the Terminal Services technology that was only unique to XP. XP is also enabled with Fast User Switching which enables multiple users on the same computer using different user accounts . DEP and ASLR Two of the common features in this operating system are the Data Execution Prevention commonly known as DEP and Address Space Layout Randomization also known as ASLR. These features have certainly managed to be efficient measures against a myriad security threats that have been a source of exploitation on the previous versions operating system. However one cannot comfortably argue that these security measures are sure guards against hackers given the rising level of information technology awareness that pose challenges to the developers. It is known that much research is currently ongoing on ways and means of bypassing the DEP and ASLR. However this research was certainly expected and actually factored in during the development process of the OS.ASLR and DEP are created with the functional ability to increase the intruders cost of exploitation and thereby reduce the benefits they might gain from their attacks on the system. This has surely been a positive boost on the system as potential hackers are discouraged from their exploitative pursuits. A combination of DEP features and some of the superior aspects of the ASLR is very effective in dealing with a majority of the exploits that are targeted at bypassing the Windows XP OS . Furthermore the developers are always abreast with any potential bypass or attack techniques. They therefore factor in some of their developments in the future creations with a view of creating a secure if not totally secure system. It must however be emphasized that the effectiveness of DEP and ASLS is limited to their mitigation functionalities. More development research is therefore still imperative in the fight against system exploitation by increasing the effectiveness, resilience and functionality of the DEP and ASLR. Efficiency of DEP The DEP is programmed in a manner that it blocks attackers from data execution by making the whole process appears like a code. This reduces the chances of the attacker conducting an execution from a heap or a stack. In that case attackers who use such exploitation methods like heap spraying will find it almost impossible to return to the stack. In that way, the code system offers a good way of hindering even the best of attackers from executing much damage and causing mayhem to the systems. The efficiency of the DEP stems from its ability to prevent the attacker from being able to leverage a code that is already functional and making it impossible for the intruder to execute their data since it appears to be coded. The effectiveness of DEP without ASLR is always in question since in the earlier versions of Windows that had no ASLR it was always possible for an attacker to locate and even leverage a possible code and thus use some programming methods to generate and execute a deal. Without the ASLR it is also possible for the intruder’s data to be converted into an executable arrangement. There are a number of ways in which this can be achieved such as by use of functions like VirtualAlloc which will normally enable the intruder’s data become somewhat possible to execute without much difficulty. These drawbacks that characterize the DEP can effectively be mitigated by the use of a combination of both DEB and ASLR which is best exemplified in the Windows XP system that is sufficiently robust to provide a secure platform that inhibits simple intrusion. Effectiveness of the ASLRS It is common for most intruders to make assumptions regarding space layout when designing their exploit procedures. For instance they will hope that a given module shall be loaded at a certain address or that memory in all computers will be present on a particular location. This however may not always be the case. It is addressed by ASLR’s ability to make the space layout for the address to be unknown to the attacker thereby hindering them from gaining local access to the systems. In that way the attacker is not able to effectively leverage a code in most of the loaded modules. The efficiency of the ASLR therefore springs from the fact that the attacker is totally not able to know the space layout and will thus find it impossible to proceed with the exploitation . However through the use of brute forcing, an attacker might be able to find the location of some memory regions in cases where the address bar is not predictable at first. Such a disclosure occurs when an intruder is able to force an application to release an address or more. Brute forcing enables the intruder to attempt several exploitations against the available addresses. This eventually results into success. However such attacks are almost impossible in the later versions of Windows since any guess that is wrong will normally make the application to end. Some vulnerability may also enable an attacker to bypass the ASLR system. One way is through partial overwrite. This method makes it possible for the intruder to overwrite some bits that are of low order in an address without affecting the high order bits. The low order bits cannot be randomized by the ASLR as opposed to the high order bits. On the total scorecard, it can be stated that the functionality of the ASLR relies on its ability to disapprove the assumptions of the intruders regarding the location of the data and the code in an address bar. Its demerit can only be realized if the attacker can successfully predict and find the location of some regions where the memory is placed. Effectiveness of DEP and ASLR combined Windows XP operating system incorporates a combination of both the DEP and the ASLR as functional security measures within the system. It therefore enjoys the benefits reminiscent in both the systems. In real sense, these two security measures are meant to be used together in the later versions of Windows operating systems. It therefore implies that those who wish to attack such systems will have to counter both the obstacles entrenched in the systems together with myriad other measures that are meant to mitigate such attacks. Research geared towards bypassing a combination of DEP and ALRS is very alive and currently ongoing. The idea behind such malicious research is to bypass the ASLR first then use methods like the return- oriented programming to bypass the DEP. Currently several of these attacks have been conducted which have demonstrated that that the attack research is certainly headed the “right direction.” This is normally done in the context of some complex domains of application. For instance it has been possible to successfully bypass the ASLR through the use of address space disclosures and other methods. The possibility of hack into the Windows XP security mechanism through the use of three distinct vulnerabilities has been previously proven . This attack was able to bypass the DEP together with the ASLR by chaining three vulnerabilities that worked well to overcome the protected mode. These advances clearly demonstrate the realities that face the security measures offered by the DEP+ASLR . It is no doubt that the attackers will certainly excel in their pursuits to hack into the systems by bypassing the security apparatus in place. Hopefully, research on countermeasures is very actively on progress and new and improved versions of the DEP+ASLR are being churned out to the detriment of the attackers. The ultimate goal of these measures is basically to make any exploits very expensive on the attackers who may eventually recede on their pursuits. Another security measure that has been factored in the Windows XP OS is what is commonly referred to as the Protected Mode. This is a technology that makes the system run on a kind of restrictive environment. Such an environment is specifically constructed to limit any attacking activity that might pose as a security threat. The Protected Mode creates a kind of protected zones so that a disruption in one part of the computer does not in any way affect the performance of the other parts. This is very central in ensuring that the normal functioning of a system proceeds without the limitations of such disruptions. The mode arose out of the feeling that DEP and ASLR were not sufficient per se in offering the much needed security in computer systems. Experts continue to agree that security is becoming more and more of a concern in the present age. Any fool proof countermeasure that emerges takes no time to be countered by attack research. It therefore begs deeper analysis and concrete research on the ways and means of ensuring security in computer operating systems. Here are some of the images on windows XP security: Software Restriction Policies Windows XP is enabled with policies that enable the administrators to identify and monitor the operations of all the software that run in a given computer. The administrators will normally use policy driven mechanisms to determine what software will be executed in the hardware. Such policies also help in protecting the computer against Trojan viruses and script based viruses . Personal Privacy Windows XP is enabled with Microsoft Internet Explorer 6.0 which normally enables users to maintain control over personal information when online. This is done through the Platform for Privacy Preferences which is a standard used by the W3C a consortium of which Microsoft is a member. The browser enables the users to visit sites that are compliant with the consortium hence avoid sites that might be dangerous . AppLocker The restriction capabilities that were evident in the Windows 2000 made the OS appear superior and very secure to attackers. However these restriction policies proved very difficult to use. As such they are rarely used in the operating system given their complexities. This limitation has however been eradicated in Windows XP by the introduction of a new feature known as AppLocker. AppLocker is very simple to use and gives the operators and administrators a very flexible means of control. AppLocker is a feature that continues to instill a lot of confidence in the later versions of Windows OS . Its functionality in the group policy domains effectively limits the possibility of any security threat. By giving administrators much flexibility and freedom in the control process it becomes a necessity in any modern OS. The AppLocker facility therefore permits the administrators to manage the software that operate in a corporate network and thus limit accessibility to only authorized scripts. It also helps the administrators to ensure no unauthorized software is used in the system. Improved User Account Control UAC User Account Control is an application that was incepted and was meant to guarantee protection and safeguard against malware. It operates by making the different user accounts including administrator accounts to run in a standard manner. However if you need to undertake a function that requires privileges accorded to administrator accounts, it must first seek for authority. This aspect of the UAC has certainly led to several complaints and some users are even known to have totally switched it off thereby exposing their systems to threats. In Windows XP attempts have been made to address some of these challenges that bedevil the UAC. The UAC is configured to notify the user in case new software is installed of when changes are made to the settings on Windows. It also has the ability to notify the user when changes are executed by the programs. Users can also create accounts as below: One can also use privacy tabs to control personal information as below: DNSSec Windows XP comes with a facility that enables the functionality of the Domain Name System Security (DNSSec) which is a combination of security extensions added to the DNS platform to improve its delivery. Using DNSSec facility, it is possible for a DNS to use the technology in digital signature so as to authenticate the validity of the data that it receives. The DNS normally does not do the validation by itself. Instead it is security conscious and therefore expects the server to give the validation result . Windows XP is also equipped with the Windows Filtering Platform whereby the operators can use the platform in the integration of some parts of the conventional firewalls into their own system applications. That capability will then make it possible for most third party programs to automatically switch of certain parts of the firewall in case the need for that arises. Powershell The Windows XP is one of the latest OS that comes with an effective interface that enables administrators to develop and control many settings in the application. The PowerShell v2 enables one to enjoin cmdlets to one another in order to create multiple scripts. This method normally needs few steps unlike the graphic interface method that is very procedural but delivers the same capability. The OS also comes with a graphical tool that enables one to operate the PowerShell. This is the Powershell Integrated Springing Environment (ISE) which is a facility that provides the enabling environment to comfortably work with the PowerShell . Below is a sample of a powershell: Troubleshooting Windows XP incorporates a wide array of tools that are very effective in the identification and resolution of technical aspects that affect a computer. Such features include measures like those meant to enhance speed resolution. The Windows is equipped with a collection of troubleshooting applications most of which can easily be executed even remotely by system specialists from a given command line and they can be controlled through conventional policy settings. It is clear that Windows XP has a host of security enhancement built-in within the operating system. Some of these are even unknown to the users and much awareness is therefore needed. The myriad security measures that come with Windows XP are basically a boost on that operating system. Users today are more and more getting concerned with the safety and security of their information and it becomes certainly imperative for the developer to take into account every specific detail regarding security. Compared to the earlier versions of Windows operating systems, it can be well stated that Windows XP has actually incorporated a variety of measures against any potential security threats. The features outlined above are just but few of the strategies that Microsoft uses to ensure the success of the OS in the market. True without doubt, there has been a series of positive responses from the users that this system is more secure than the earlier versions . It is however impossible to make a system totally secure by removing all security threats. Research on the attack mechanisms is very alive and new ways of intrusion and exploitation are developed on a daily basis. It is therefore a double edged situation where measures meet countermeasures. For instance as below: Attack Means It has certainly been demonstrated on a number of occasions that Windows XP is actually prone to attacks which may be a great security threat. Researchers have demonstrated that the system is certainly vulnerable to system attacks. This can be achieved by sending a wrong but deliberate network negotiation request which has the effect of compelling the operating system into a fault system that triggers an error capitalizing on the user’s inability to launch the code. Such an attack can affect all the versions of the Windows XP operating system. This vulnerability arises because the OS borrows much of its components from Windows 2000 which is prone to such attacks. Microsoft is therefore in the process of instituting a complete overhaul of the system to mitigate the limitations that arise out of the earlier versions. The limitation has really been a blow to the developers considering that it came at a time when the marketing of Windows XP was at its peak and given the stiff competition posed by Apple and other developers. Research has further demonstrated that it is possible for attackers to interfere with the Professional version of Windows XP through the kernel code that is placed in the physical memory of the computer. In this case, the attacker will need a personal and physical access to the computer in order to undertake the intrusion. This is somewhat a consolation The research showed that a PCMCIA device is required which will contain a DNA running on a conventional CPU. The device will then access the kernel code, change it and eventually gain access to the operating system. It therefore implies that both CPU and Windows XP are bypassed and were not able to hinder any malicious requests from the DMA. In the earlier versions of Windows such hacking was very easily undertaken by accessing the DMA through different ports. However in Windows XP, the improved security measures make the hacking process a bit procedural. Concerns over such attacks have made other researchers to seek possible remedies and it has been demonstrated that it can be mitigated by not activating the PCMCIA driver in the computer. Safety can also be achieved by using input output memory management unit. This will simply protect the memory of the computer from any physical intrusion from any device. Many computers now come with this facility already enabled. A Malware report released recently confirmed that attacks on the Windows XP through malware are up to 35%.It was noted that these are really affecting the small businesses where much of the attacks are directed. The objective is normally to ruin the financial information of the businesses . It has been demonstrated that there is a flaw in the actualization of the SMB2 protocol by Microsoft. The flaw affects the exploit code in a remote reboot and this exposes the user of Windows XP and other versions to teardrop attacks that were seen in the case of Windows 95 and other earlier versions. This discrepancy allows a hacker to crash any Windows XP system without any user action. This is because Windows XP fails to take account of wrong SMB headers for the request functionality. Researchers have found that it is possible to take control of Windows XP operating system using a code that was developed in a proof-of-concept manner. The code is called Vbootkit 2.0. The program allows the hackers to gain access to the operating system and make changes to the files in the system. It is indicated that Windows 7 may not detect the strange programs since no changes are normally made on the hard disk. The problem basically arises from the assumption in Windows XP that the process of booting is immune to any hackings. AAA Authentication, authorization and auditing are concepts that are greatly factored in the Windows XP operating system. Authentication is the process where the system tries to confirm whether the user who is trying to log into the system is validated to do so through a username and password. These must be valid and registered within the system. This information is normally stored in the systems database and Windows XP has the security aspects to ensure that the AAA server is very up to date and authentication is taken very centrally. Authorization on the other hand is the process of finding out what limits the user is supposed to go in their operations. It gives or denies privileges to the users of a system who are already authenticated. Auditing on the other hand is the process of keeping track of the operations of the administrators in the system . The Windows XP operating system employs a set of protocols in the authentication system as part of the security architecture. These protocols include NTLM, Digest, and TLS. Furthermore, some of these protocols are joined into packages of users and services which enhance the authentication process. Interactive logon to a Windows XP system can be performed either through the physical access to the computer or remotely through the use of terminal services whereby the logon passes on as remote interactive. Several notable changes have been made to the Windows logon make up since the earlier versions all of which are geared toward enhancing the authentication process. Windows XP also incorporates an improved authentication method by means of the Smart Cards. The process is known as multifactor authentication and it helps users in organizational setups to boost their security. It offers functions such as interactive logon and document signing. The implementation of Smart Cards has seen a steady rise and it speaks volumes about its functionality. There are better versions of the Windows authentication protocols that are ways and means of facilitating authentication in the Windows XP operating system. These protocols are agreements that facilitate the sharing, control and management of information within a network of computers that use Windows. The information bank is able to identify the particulars of an administrator or user in the process of operation. These protocols are in the form of security support providers and are normally installed in the state of dynamic link libraries. Microsoft Negotiate is one such protocol that operates as a layer between the Security Support Provider Interface and other protocols. Negotiate analyses an application that is given into the system and chooses the best SSP to handle the request using the security policy that is configured into the system. A server with the Negotiate SSP can effectively respond to an application by a user to choose either the NTLM or the Kerberos protocols. The whole application is really an improvement in the authentication function of the Windows operating system and certainly lives up to the security concerns that are needed by modern application users . Another authentication protocol in use today by Windows is the Digest. This is a protocol that performs response functions using Simple Authentication Security Layer and HTTP exchanges. This complex combination will require the parties requesting authentication to supply some secret keys before gaining access. AzMan Windows XP has a very elaborate authorization features that provide very functional security apparatus. The Windows Authorization Manager is a powerful application that avails an administrative platform to run and manage the authorization process. Through the AzMan, the administrator can design an authorization policy that will guide and check any contravention to the policy. In such a case users of the system are granted authority to specific application areas as may be specified in the policy. In an organizational set up, specific people are granted access to specific application areas and this ensures that security is effectively enhanced in the organization . Normally, the policy on authorization is managed independently from the application code. The application developer states a series of low level applications that are regarded as sensitive on security grounds and then determines a set of functions to be performed in mapping out the operations. It is only the functions and not the operations that should be lucid to the users and business analysts. Windows authorization manager is also used by administrators in designing what roles to be performed by which users. When the business expands, there comes the need to review some of these designs and the administrators are at liberty to change the authorization policy. The effectiveness of Windows XP operating system therefore lies not only in the many features that it avails to the users but also in the security mechanisms that Microsoft has put in place to assure the users that the system is indeed secure and may guarantee a peaceful working situation. Authentication, Authorization and Auditing are aspects that are clearly factored in the development of the systems. Additional features are incorporated just to enhance the AAA functionality . Users of this OS will indeed confirm the fact that in comparison to the other versions of Windows, Microsoft has really invested time and resource just to deliver to the consumer a product that lives up to the expectations of this age. Despite the efforts by developers to provide secure systems free from any hackers and attackers other energies are directed in bringing down and interfering with the OS. Despite its quality security boosts, Windows XP has not been left behind in this terrible onslaught. Attack research has continued to prosper and weaknesses in the OS are being located on a timely basis. Nevertheless counter-research is ongoing and better methods of enhancing security will be unveiled. References Bott, E., & Siechert, C. (2006). Microsoft Windows XP networking and security inside out: Microsoft Press. DiNicolo, D. (2005). PC magazine Windows XP security solutions. Toronto: Wiley Pub. Karp, D. A. (2004). Windows XP annoyances for geeks. California: O'Reilly. Ogletree, T. W., Glenn, W. J., & Regas, R. (2002). Windows XP unleashed. Indianapolis Sams. Scarfone, K. (2009). Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist: Recommendations of the NIST. Pennsylvania: DIANE Publishing Company. Simmons, C. (2005). How to do everything with Windows XP. New York: McGraw-Hill/Osborne. Weber, C., & Bahadur, G. (2002). Windows XP Professional security. New York: McGraw-Hill/Osborne. Weverka, P., Chambers, M. L., Harvey, G., Leonhard, W., Levine, J. R., Young, M. L., & Lowe, D. (2004). WindowsXP Gigabook For Dummies. New York: John Wiley & Sons. Zovi, D. D. (2011). Processor Limits for Windows 7. New york: Paragon Books.  Read More