In 2001 Microsoft released Windows XP and this was the new operating system that was the heir to Windows 2000. It came out with a host of new features that were breath taking and also one of the best operating system that Microsoft developed at that time. Microsoft released Windows XP – Professional to replace Windows 2000 Professional for the corporate user. Microsoft also introduced a new version of Windows XP for the home users which benefited them, since they didn’t want the complexities of the network environment.
Microsoft also introduced 2 important features in Windows XP which was very important from a security point of view. They were ‘the firewall’ and ‘windows update’. The firewall was to protect the computer from incoming traffic which posed a security risk, when the user was connected to the internet. Each day several millions of people connect to the internet, full-time over cable modem or DSL links, or through corporate networks. Most of these are also used to play music and view video content. Many users enjoy instant messaging and peer-to-peer collaboration programs, as well as interactive games. Each of these feature also exposed the computer to new threats. The firewall was meant to block all the incoming traffic so that the user was safe and no malicious user or hacker could access the computer to steal important data.
The ‘Windows Update’ was provided as a mechanism for Microsoft to provide security patches or fixes whenever a flaw was detected in the operating system. The ‘Windows Update’ was build into the operating system and could download the fixes from Microsoft on a scheduled basis. It also provided Microsoft to keep the operating system to the highest security level and also an automated process without the mean to distribute the patches through CD which would take time to reach the user, thereby putting the user’s computer at risk.
But both these mechanisms were not utilized properly by the users due to various factors and limitations. Some of these limitations were:-
For example in the past when some severe critical breakdowns occurred on the internet, or a big virus crippled the internet it was found that the patch was available in the past, but the user didn’t protect himself in advance to minimize the risk to the computer. Hence all the users who didn’t apply the security patches left their computers at risk and hence fell victim to the virus which wrecked havoc. Some of these notorious virus included MS Blast and W32.Slammer.
Another important threat faced by the user was the use of the browser when connected to the Internet. Many malicious users took advantage of the features of Internet Explorer to exploit the unsuspecting user with unintentional actions. Some of these actions included:-
Let us go into them in detail.
When a user went to a un-trusted web site, it would download a script which altered the home page of that user. So the next time the user opened the browser, the browser would open that site because of the settings to the home page. This caused a considerable irritating experience because the user was unable to change the home page or turn it off or because the home page contained objectionable content.
Spy ware is a technology that aids in gathering information about a person or organization without their knowledge. It is called as a spybot or tracking software on the Internet. Spy ware is a program that is downloaded to people’s computer to secretly gather information about the user and relay it to advertisers or other interested parties. The most common sources of spy ware are through virus or as the result of installing a new program.
Data collecting programs that are installed with the user's knowledge are not, properly speaking, spy ware, if the user fully understands what data is being collected and with whom it is being shared. However, spy ware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. ad ware, software designed to serve advertising, can usually be thought of as spy ware as well because it almost invariably includes components for tracking and reporting user information.
Mal-ware is a term used to describe any form of malicious software. A mal-ware can be viruses, Trojan horses, malicious active content etc which are run normally without the knowledge and permission of the user. A malicious program can be thus broadly defined as any unwanted source code that runs in a workstation, causing unexpected results that could be system outages, performance problems or opening a back door for hackers. Even though a mal-ware can be useful in one context, it may produce unexpected results at another place, where the exact working or the output of the software was misinterpreted or was misinformed.
When a user went to a particular web site, that web site would bombard the user with small windows that opened with some advertisement. These windows are called pop up windows, because they seem to pop up in front of the user. This caused an irritating experience to the user, because it popped up every time the user loaded the website with the home page or with a new page. The user had no control over the pop up window and had to tolerate every time with this behavior.
So Microsoft decided that some firm action had to be taken to stop all these malicious behavior and provide a full protection to the user when using windows whether online or offline. They decided to revamp the functioning of Windows XP and modify the behavior of the major components that possessed a security risk. Some of these revamping included the following actions.
Let us discuss these points in detail.
Since the firewall is one of the first step in blocking access to the computer from the outside world, the user was not aware of the usefulness of the firewall and many times, turned off the firewall because it prevented him from accessing some of the features inside the network or he didn’t understand the importance of the firewall. So the first step was to warn the user if the firewall was turned off and explain to him the risks due to turning off the firewall. It also checked for the availability of the anti virus scanner and whether the antivirus was up to date.
Since the firewall is one of the first step in blocking access to the computer from the outside world, it also had its limitations. It blocked everything and didn’t allow the user to access the network. For example if the user was in a corporate network, the firewall was useless because it didn’t allow the traffic in the network. Hence the firewall had to be flexible to distinguish between the local network and the internet network.
As explained about the threats of browser hijacking, malicious scripts, spy ware, the browser had to be modified to disallow the running of scripts that were not authorized. Also pop ups had to be blocked so that the user would never see them.
One of the most important thing was awareness of the user what was going on when the browser was browsing a web site. Hence all actions like running active X controls, running scripts were blocked and information displayed to the user. And these scripts could be executed only after mutual consent from the user.
Internet Explorer Add-ons are installed software components that load with Internet Explorer. These components could be third-party ActiveX controls that extend browser functionality, or provide special user interface elements in Internet Explorer. Historically a number of these add-ons have been found to be responsible for Internet Explorer errors.
Hence the user has to be aware of what was loaded in the background and also control had to be given to the user whether these add-ons could be executed or not.
Since the firewall was turned on only after the operating system loaded, the computer would be at risk during the boot up sequence. Hence the firewall had to be configured to start when the operating system was booting up and stopped when the operating system had completely shut down. Also Data Execution Prevention had to be enabled.
In spite of all these the user wouldn’t be aware of the serious implications if he disabled one of the following firewall, antivirus and automatic updates. Hence it was decided to inform the user from time to time whenever any of these features were turned off and explain the risk of the computer due to this. The security alert was build into the operating system at start up to alert the user of the risks.
The user had to be reminded that the Automatic updates had to be enabled so that the updates and security patches could be downloaded whenever they were available, thereby reducing the risk to the computer. Also the updates would be smaller in size and utilize the concept of BITS (Background Intelligent Transfer System) to help the user in case of low bandwidth. Hence if the Automatic updates was turned off or switched to manual process, a friendly warning would be displayed to the user, urging him to enable it.
To be continued...