Windows 7: Article

By Emmanuel Arinze, CISSP

Today’s interconnected environment has created opportunities for criminals to access, steal, and destroy sensitive data held on computers that may be half a world away.

In the early days of hacking, the goal of the hacker was notoriety and mischief. Today, the activity is mostly carried out by sophisticated criminal gangs breaking into remote systems to steal sensitive information for financial gain.

Many of these persons may also be involved in cyber warfare, stealing national secrets and causing disruption to networks and information resources.

Microsoft Windows in all its various guises is the most widely used and therefore the most visible family of computer operating systems in use today. It therefore presents a large target for hackers, crackers, and all manner of persons intent on gaining unauthorized access to confidential information or causing disruption to systems and productive activity.

This overview will attempt to introduce key Information Security concepts and establish a picture of the various threats that a Windows 7 user may likely face.

Subsequent articles will examine the Windows 7 features designed to mitigate these threats.

It is always a good idea to introduce definitions for those who may not be intimately familiar with information technology, and I intend to adhere to that doctrine as I share a few words of Windows 7 wisdom in this forum.

Using Windows 7 in a secure manner means adhering to Information Security best practices, built on a tripod of Confidentiality, Integrity, and Availability (the CIA triad).

• Confidentiality means that information and the systems holding it are accessible only by the owners and their designates.
• Integrity holds that such information and systems remain free from unauthorized modification or alteration.
• Availability refers to reliability of information systems and timely access to data and system resources by authorized entities.

Window XP, still the most popular version of Windows, has an estimated 40 million lines of code. Computer programs by their nature are impossible to implement perfectly.

Industry estimates place the number of bugs in Microsoft applications somewhere around 0.5 defects per KLOC (KLOC = 1,000 lines of code in industry parlance). This would indicate that the entire code of the XP Operating System has something in the region of 20,000 defects, many of which have been exploited by highly knowledgeable persons with less than noble intentions.

Windows Vista has about 50 million lines of code. It is not yet known publicly how large the code for Windows 7 is, but it is expected to be even larger, given its greater functionality.

While every effort has been made by Microsoft to make Windows 7 more secure than its predecessors, the sheer size of its code base means that there will be more opportunities for threats by malicious programmers.

A threat refers to any potential danger to information or the systems containing, processing or transporting it.

A comprehensive discussion of information security threats is beyond the scope of this article, but it is necessary to outline the major sources of danger that users of Windows 7 might face so as to enable them make informed choices in securing their systems and data, at home or in the enterprise.

Security threats to Windows 7 fall into several different categories:

• Malware: This term is an abbreviation of Malicious Software, and refers to any software implementation designed for various reasons to infiltrate a computer system without the user’s informed consent. These range from the relatively benign to the malicious and include the following:

• Viruses: A computer virus is programs whose main function is to reproduce itself. It is written in such a way as to enable it seek out other programs and infect them by embedding a copy of itself. When the user launches the infected program, the virus is executed and the infection is propagated. In this manner, the virus will replicate itself and infect other computers, usually over networks or through removable media such as Flash Drives, CD’s and DVD’s. There are many different types of viruses, but they generally have a payload, or instructions that they will carry out that range from sending out copies of the virus to everyone on your contact list to deleting critical system files.

• Worms: Like a virus, a computer worm is a self-replicating computer program. Where a worm differs from a virus is that it is a fully self-contained program, and can replicate on its own without a host application. It is able to propagate itself through e-mail and internet downloads, among many methods.

• Trojans: A Trojan Horse, or Trojan, is a program that disguises itself as another program, very often a system file. The Trojan will usually retain the functionality of the original file, but will in addition implement some sinister activity when the host program is launched. This means for instance, that launching a program such as paint.exe will enable you carry out your graphics tasks, but may also upload your sensitive files to an attacker at a remote location.

• Rootkits: This is usually a suite of programs designed to hide the fact that a computer has been compromised or otherwise exploited. The rootkit will usually seize control of the computer’s operating system.

• Backdoors: A backdoor is a method for securing unauthorized access to a remote system while bypassing system authorization routines. The backdoor is often effected by a program installed on the machine, although it may also be a modification of an existing program (a trojan), or even a hardware device. With the backdoor in place, the intruder is able to gain access to the victim’s system and obtain data and resources.

• Spyware: This is a class of programs that is installed on the user’s computer and collects information without their knowledge. The more benign types of spyware collect personal information such as the user’s browsing habits and the sites they visit, which is usually sold to advertisers to enable them target spam more effectively. More malicious types may actually impair user control of the computer by changing the computer’s settings, including the homepage. Spyware can also be used to monitor other users on a network.

• Crimeware: This is a type of malware written specifically for the purpose of identity theft so as to access a user’s online accounts. These may include login credentials for bank account and accounts at other online service providers such as online retailers. The crimeware will then automate the process of carrying out unauthorized transactions such as withdrawals and transfers of funds to the criminals specified accounts.

• Botnets: Bot is short for robot. The bot is a piece of code that carries out functionality for its creator or master. Bots are clandestinely installed on millions of computers around the world, and are used to forward items sent to them to other networks and computers. These items may be spam, pornography, viruses or other malicious code.

This dizzying array of threats only skims the surface of the subject, but will serve to give the user an idea of the gravity of the current situation in cyberspace, and the need to apply best practices as rigorously as practicable in the Windows 7 environment.

There are many other emerging threats such as crypto viral extortion in which a criminal gains remote access to user’s system and password-locks critical files. The owner of the data then has to pay for the password. This is a form of denial-of-service (DOS) attack.

Microsoft has built Windows 7 with powerful tools to combat many of these threats, but it is important to know them and understand exactly what they do, and to know how to configure them in ways that will ensure the maximum protection to your systems and their users.

Tip: Click here to run a free scan for Windows related errors