| Section 1: Security Development Lifecycle | | | | firewall easily. |
| The Security Development Lifecycle technique or SDL | | | | It means the firewall in Windows Vista will turn on by |
| is a professional process that helps for making sure | | | | default at the beginning when Windows starts for user |
| that the software are built from thebase to reduce | | | | protection. Another issue isthat The Windows Firewall |
| security risk. The SDL implements a professional | | | | in Windows Vista also allows the administrator of |
| process of secure design, coding, implementing, testing, | | | | network or single system to block some applications |
| review and response for all Microsoft products | | | | as a peer-to-peer sharing softwares or instant |
| specific windows Vista .The SDL removes the | | | | messaging softwares that usually nobody like them. |
| surface area for attacks, improves operating system | | | | Section |
| andapplication be bugless, and helps organizations high | | | | 7: Protecting the Kernel of Windows in 32-Bit vs. 64-Bit |
| securely management and isolate the network. | | | | Microsoft as a designer and developer of Windows |
| We can say that The Windows Vista is the first client | | | | vista tried the best for create more reliable and more |
| operating system to be Designed and developed from | | | | secure product from attacks. In fact in basic level, It |
| the first step to finish using SDL.More than 1,000 threat | | | | means that the design and development of kernel |
| models were developed for Windows Vista to ensure | | | | mode code in Windows Vistaneeds to have a |
| identification and reduse of risks in different parts of | | | | security-focused design and development, and then |
| theoperating system that required especial testing. | | | | test and release. As I Mentioned Microsoft has been |
| Section 2: Kernel Patch | | | | started this Method since 2002 Under Security |
| The most important security issue is out "operating | | | | Development Lifecycle (SDL) progress. The Microsoft |
| system kernel". These rootkits are usually very useful | | | | development team had an important and clear goal for |
| for unwanted software, likespywares. Kernel patch | | | | improving the reliability and security in new product . As |
| Protection of rootkits can reduce the Risk and | | | | a producer It has a risk because of |
| increase stability, reliability and performance in the | | | | applicationcompatibility should considered in during |
| system, include All User data and programs. | | | | security platform. In 32-bit windows mostly Windows |
| Handling of these problems were very difficult before, | | | | XP there is , over time, third-partydevelopers used |
| because 32-bit Windows drivers like windows XP are | | | | unsupported in a lot of applications that used by users. |
| not identified and compatiblewith digital signature and It | | | | Actually to simply using unsupported and |
| has Unsupported and poor kernel.Windows 32-bit | | | | undocumented interfaces , there is a technique that |
| security products that provide blocking action | | | | called "kernel patching" . I emphasize here that kernel |
| capabilities modify the kernel through unsupported | | | | instructions and data structures are responsible directly |
| techniques . | | | | for manipulating tomodify , change and control of |
| Although the computer system moves from 32-bit to | | | | system behavior. |
| a 64-bit architecture but the smaller installed base of | | | | Windows 32-Bit Architecture in Kernel and User Mode |
| 64-bit software makes itpossible to making significant | | | | .This technique is very useful for prevent with |
| enhancements for security in the kernel and reduce | | | | malwares but even without malwares the using of this |
| the potential for rootkits . | | | | technique can introduce instability and stability in the |
| What is Kernel Patching? | | | | system.Advantage of supported interface is that If this |
| Kernel patching is the practice or trying for using | | | | kind of interface is used,and changed the developers |
| unsupported methods or features to change or | | | | are informed about that From Microsoft documents |
| replace of kernel code. Kernel patching canhave | | | | and he/she can update their code for handle the |
| different result in behavior during system instability and | | | | changes. In other hand , the changes to undocumented |
| performance errors and problems such as the Blue | | | | and unsupported interfaces can not tracked and |
| Screen error that we know it can reach to lost user | | | | willreach to crashes or other unexpected problems |
| data. another issue that is very important in kernel | | | | and effects when the kernel patching technique is |
| patching is increase the mechanism versus malware | | | | used. Unsupported patching techniques usually will |
| developers and attackers for Windows Vista | | | | patch the undocumented kernel interfaces and |
| Operating system. | | | | naturally without introducing this side itcan reduce |
| The biggest risk in kernel patching is about virus and | | | | security in the system. When some Software and |
| spyware writers that use this technique with malicious | | | | Program packages try to chain together to using of |
| for hiding their presence andeffects. | | | | unsupported patching techniques these issues will be |
| Of course Malware authors are motivated for | | | | important. for example, Some times the order of calls |
| patching the kernel because That's a powerful and | | | | from a package to next package is undefined, |
| great mechanism for attacking the computers and | | | | thesame as its behavior when we want remove one |
| data. What is Kernel Patch Protection? | | | | package from that chain. This kind of problem is too |
| There are many features of security in Windows | | | | complex and it can lead to other subtle problems that |
| Vista. But I want to emphasize Kernel Patch Protection | | | | are very difficult to diagnose and mostly it happen |
| is not one of them. I mean Kernel | | | | frequently. Although , thesetechniques will be bad |
| Patch Protection created in x64 CPU architecture | | | | computer science and techniques practice, and we |
| versions and Microsoft used it in Microsoft Windows | | | | can say it does not support most of computer science |
| Server 2003 SP1 and Windows XP Professional. but it | | | | engineering disciplines.With malicious or malwares , |
| not supported in x86 architectures or 32-bit systems. | | | | rootkits can be much more dangerous, because |
| With increasing of using of 64-bit computers, The | | | | ofallowing malicious program for hiding and protecting |
| Vista users will see more benefit from this technology. | | | | itself while controlling and monitoring all user, as well as |
| Actually Kernel Patch Protection monitors and looks if | | | | controlling access and performing to all software, files, |
| any resources used by the kernel or probably kernel | | | | and connecting to network and even hardware. These |
| code has been changed or modified by itself. | | | | activities of malwares can do to online theft for |
| Fortunately If windows vista detects or feels any | | | | passwords of banks or IDs.Unfortunately, making |
| unauthorized patch of data or code it will shut down | | | | compact or zip for kernel of 32-bit systems would |
| the systemautomatically. But we should consider that | | | | have a risk for some attack techniques. but for reduce |
| the Kernel Patch Protection can not prevent all viruses | | | | this compressing and risk rate Microsoft decided to |
| and malware . It can prevent one way versus | | | | implement and improve these changes in 64-bit |
| attackers to system. | | | | Windows. Because of that we have "clean start" state |
| Section 3: Encrypting File System improvement: | | | | in Vista with native 64-bit drivers and all software |
| We can say that The Encrypting File System or EFS | | | | adapted to these changes. |
| is best tool for encryption of files in client and server | | | | Section 8: What was Vista security holes? |
| computer. It helps users to protect their data from | | | | As we heard Kaspersky Anti Virus Company is one |
| Unreal and unauthorized access by other person or | | | | of the best company for prevent of Malwares and |
| computer or external attackers. In Windows Vista EFS | | | | Viruses in these days. Their experts Labs |
| includes many new security techniques and features.In | | | | havepredicted more that 90% of current and |
| Vista, EFS Technique supports "user keys storing" and | | | | distributed of malware will run on Windows Vista. |
| also administrative keys on the smart cards. If smart | | | | We believe now that Vista appears to be much more |
| card uses for login, EFS will operates in a Sign On | | | | secure than previous Windows XP but The |
| mode, where it uses the login smart card for file | | | | researchers warned to Microsoft and users that as |
| encryption without require for the PIN. In windows vista | | | | Vista becomes more popular in these days and it |
| through the process of creating and setting smart card | | | | should increase protection of kernel vs hackers. |
| keys performs their files from an old smart card to the | | | | As we know the first pieces and parts of any |
| new smart card . The utility program for smart card | | | | operating system would be attacked by attackers .It |
| has these features as well. | | | | should be PatchGuard that protects the Vista kernel |
| EFS is available in Windows Vista Business, Enterprise | | | | that we talked about that. |
| and Ultimate. | | | | Although the first thing as a aim can be the technology |
| Section 4: USB Device and Removable Devices | | | | that it take access to thekernel of operating system |
| Control: | | | | more difficult. |
| As we know , connecting between Devices with | | | | PatchGuard as we said or kernel protection tries to |
| computer is very usual in these days and users should | | | | prevent or protect the Vistakernel from illegal access |
| have the ability to add new hardware tothe computer | | | | and unauthorised user or softwares. It can lock the |
| or use USB Devices or another removable storage | | | | system completely if it detects any risky patch or |
| devices.It can create two problems in system: First it | | | | code. |
| may make harderto maintain the computer when we | | | | Unfortunately Some hackers could try to install |
| install any unsupported device, and second it can | | | | malware to the kernel of vista in the test stage by |
| create threats to data security as well. with a USB | | | | using new method. Actually as a drivers they ran their |
| Device or removable storage, with "autorun" technique | | | | software in kernel space of vista. |
| can use by an attacker to install malwares or any | | | | Section 9 : New Security vs. Convenience Usability |
| malicious software on anunattended system. | | | | Sometimes with appearance of new features some |
| Fortunately Windows Vista manages or blocks the | | | | of advantages will be lose.in fact One of the basic |
| installation of unsupported or unauthorized parts or | | | | issue in security designing is keeping fair between |
| devices. These security configuration can applied | | | | security and usability. We can say If the security is too |
| independently on a client computer, or innumbers of | | | | complex, then usable simply willbe gone. If a feature |
| systems in a network. Administrator has a lot of | | | | offers very good level of security protection level , if it |
| power for setting these policies and controls in | | | | is much more complex or it has poor design of usability |
| Windows vista. We can say that | | | | it will be disabled by users or administrator of systems. |
| The Group Policy settings are available special for | | | | When microsoft engineers and designers underestood |
| manage and control for reading and writing action in | | | | that Windows Vista is very secure , they tried to |
| removable storage devices like USB | | | | create security capabilities and they enabled by default |
| Devices as a per user or per system base. | | | | for usable enough for users for prevent of |
| Section 5 : Windows Defender | | | | inconvinience. It's great when you know the risks |
| As we know in these years spyware and other | | | | decrease by adding new security features and you |
| unwanted software like adware, bots and rootkits | | | | can use as well as before or may be appear easier to |
| create big problems for systems and users.The | | | | use . |
| progress of job for these type of software is Usually | | | | That was very hard and expert balance that you |
| they installed without a user's knowledge or | | | | know How many softwares or applications will be |
| confirmation and they can damage or corrupt personal | | | | need harder security and how many users wants to |
| information and passwords and send themto third | | | | turn off security feature if their usability comes |
| parties without the user's permission. | | | | down?One of the great new thing in Windows Vista is |
| Microsoft Knows that it is very important for users to | | | | User Account Control or UAC. In fact UAC is a |
| use anti-spyware protection in system. As customer | | | | "standard user that works" or "non-administrative user |
| choice, Microsoft supports users forhaving choice | | | | that can actually do things." For doing some things such |
| about what program install and run on their computer | | | | as change the local time zone on the windows XP , |
| or from where it came or what it does and how we | | | | you had to have local administrator level. It means we |
| can to remove that.Based on these discuses and | | | | cansay everyone did a login account to system he or |
| users complains about spyware, Microsoft decided to | | | | she was a member of the local administrators level. |
| create and use anti-spyware solution or Windows | | | | But in Windows Vista, one of the main goal of User |
| Defender in Windows Vista. In fact Windows | | | | Account Control was to protect users from attack of |
| Defender will help for protectionand remove spywares, | | | | malware or another users. To achieve that goals for |
| adwares, rootkits, control utilities and such these things | | | | Vista, they defined a standard user for all end-user |
| that we call "malware." In Windows Vista, Windows | | | | that they wanted to get their changing , but for protect |
| Defender helps us for protection of unwanted | | | | some user that they really need to be an |
| application and software installation. It prompts and | | | | administratorfrom something bad and risky. Totally The |
| monitors different aspects of OS when feels it abused | | | | primary aim of microsoft was to protect the system |
| by malware , like the Startup folder in windows and | | | | from user with malicious and some users that they |
| the registry file. If any software toattempt for changing | | | | want to illegal access. |
| to one of the protected areas of the Vista , Windows | | | | Section 10: Windows Defender |
| Defender prompts and appeara a message the user | | | | For that When you want to see the usability of vista |
| for allow or reject that changes.Good news , | | | | ,The first thing may be that the system asked too |
| Windows Defender is available as a free download | | | | frequently for permission. Microsoft before release of |
| plug ins for licensed customers of Windows 2000, | | | | vista also worked and contacted with application and |
| Windows XP and Windows Server 2003. | | | | software vendors to making sure that they do not |
| Section 6 : Windows Firewall | | | | require elevation and verificatin from administrators |
| Most of Windows XP users used from Firewall. A | | | | side except whenever it is necessary. |
| firewall is a critical first line for defense versus huge | | | | Another example for comparing convenience versus |
| kinds of malware before they canenter to user's | | | | security is the policy and strategy for enabling Data |
| computer or our network. | | | | Execution Prevention or DEP in Vista. In fact DEP |
| When Microsoft XP released in the first version of | | | | treats data as data even code as code, and then it |
| that the built-in firewall be turned off by default. The | | | | blocks execution stage. Thebenefit of this is it allows |
| reason was because of compatibility with some | | | | the data buffer to be overrun with DEP, so it is harder |
| applications or probably third-party firewalls. Based on | | | | for attacker to execute the malware codes that was |
| that Microsoft released the Windows XP with the | | | | placed already in the data buffer . DEP is turned on in |
| disabledfirewall by default. Naturally , a lot of customers | | | | vista by default for the kernel Mode and it is aexcellent |
| and users did not get any benefit from firewall | | | | technique for protecting parts in the system mostly |
| protection whenever any network wormsarrived to | | | | Internet Explorer. The problem is that it turns out that a |
| their computer. | | | | third-party add-ons that generate a dynamically code |
| Windows Vista Firewall | | | | and store that code in the data buffer and there is no |
| Base on this experience and for prevent of such | | | | way for |
| events, naturally the firewall in Windows Vista should | | | | DEP to diagnose between this add-ons and malware. |
| be on as a default and also compatible with another | | | | It mean we have more security or we can select |
| software. because of that the Customers who want | | | | application compatibility issues. |
| to use a third-party firewall can turn off the built-in | | | | |