Research Report-Windows Security Features And Configuration For Malware
As more and more business activities are getting automated which simultaneously brings into the fold of usage of computers to store and process sensitive information, the need for a secure operating system becomes even more apparent. While the operating system be it commercial or free, closed or open source, a majority of the time of the developers does not go into the developing of the operating system, but making it more secure. The more popular the operating system is, the more it is attacked. In essence, developing a secure computing environment which protects the digital assets of the user is the goal of every operating system developer today. Windows, which commands nearly 90% of the market share today, is plagued by malware attacks constantly. Every week which is even more frequent if the operating system is fresh, Microsoft pushes an updates to resolve security bugs which are discovered and could be potentially exploited. However, that still not has been enough. This paper would investigatethe security features of the most widespread and successful operating systems i.e., the Microsoft Windows 8 and how it could protect the user from malware based attacks.
The choice of security threat for the paper is Malware. In order to begin the literature review, the first thing which will be discussed here is the origin of Malware and it’s categories before divulging into the security components of Microsoft Windows.
Malware has been in existence since before 1986 for many other platforms. But in 1986, it appeared first time for the Personal Computer or PC (Milošević, 2013). It was a virus named Brain. This virus was developed by two Pakistani brothers - Basit and Amjad. Their aim was to show that PC platform is not very secure. This virus had the ability to replicate itself through floppy disks. When Windows was released which was in the year of 1985, it was attractive to many people around the world because of the ease of use for the general public and the ability that it could to do multiple things. As more and more users were folded into the world of computers, hackers and creators of malware simultaneously started taking interest in this buzzing world. Accordingly, the first Microsoft Windows virus was WinVir in 1991-92. It did not do much harm. The main feature of WinVir was to replicate. In addition to this, it was the first virus which was able to infect the Windows PE (Portable Executable) files. In the past three decades of their existence, PC viruses have shifted from simple replicators to modern advanced polymorphic and metamorphic implementations. This shift has an underlying goal of increasing the diversity of signature of virus to such an extent where tracing of varied instances of same virus becomes a very difficult task. Even for the most complicated metamorphic virus, identifying its specific functionality and behavior remains a daunting step.
Types Of Malware
- Virus - A virus is primarily a computer program that has the ability to self-replicate or develop copies of it and after that distributes copies to other files, computers or application programs. All viruses have an infection mechanism. For instance: a virus can insert itself into data files or programs. In addition to this, many viruses have an associated trigger or condition which performs execution of a payload (bgsu.edu, n.d.). It is activated via common user interactions such as opening of a particular file, executing a program, clicking on an attachment link in an email. There are two key types of virus: compiled and interpreted viruses.
- Compiled viruses are executed by the OS. It is defined as a virus which gets its source code compiled by a compiler program which converts it into a specific format. This format is executable by the OS (Bambenek, 2008).
- File infector - this type of virus gets attached itself to the executable programs like word processor, spreadsheet and computer games. When a virus infects a program, it tends to infect other programs on the same system and other systems which make use of the shared infected program. The two most famous file infector viruses are - Jerusalem and Cascade (Bambenek, 2008).
- Boot sector virus - This type of virus also known as Bootkits attacks the Master Boot Record (MBR) of hard drive or boot sector of a removal media (like floppy disks) or hard drive. The major symptoms of boot sector virus infected system are display of error message during booting or system may not even boot. The most famous boot sector viruses are Form, Michelangelo, and Stoned (NIST, n.d.).
- Multipartite virus - This type of virus has various infection methods. Generally it infects both files and boot sector. The two key multipartite viruses are Flip and Invader (Symantec AntiVirus Research Center, n.d.) .
- Interpreted viruses - These viruses are executed by an application. Unlike, compiled viruses, interpreted viruses contains source code which is executed by an application or service. They have become very common as they can be easily written and modified in comparison to other viruses. Even an unskilled attacker can view, modify and distribute its code. There are two key interpreted viruses - macro and scripting viruses. Macro viruses attaches itself to a commonly used document (such as word processing and spreadsheet files) and uses its macro language to execute and replicate. They uses macro programming features which are associated with various software of Windows to execute automated complex repeating tasks. Scripting viruses are similar to macro virus except for the fact that macro virus can be read a by a particular program whereas scripting viruses are read by all the services such as Windows Scripting Host. The two most scripting viruses are First and Love stages.