Pos 355 - Operating System Security Flaws

Operating System Security Flaws

Donique Tulloch

POS/355 Introduction to Operational Systems - Yevgeniy Tovshteyn

Operating System Security Flaws

Vulnerable, as defined by the dictionary is being capable of or susceptible to being hurt or wounded by a weapon. In computer science, to be vulnerable means to be open to attack. Vulnerability in a computer’s system is a weakness and this weakness can be preyed on by attackers to take advantage of the system’s private data. In using a system, we are assured that the data we input is stored securely and processed for the intended purpose only. So the susceptibility of the system, the attacker’s access to this flaw and the capability to exploit this flaw compose the elements of computer vulnerability. For this flaw to be exploited, the attacker must have an attack surface, meaning the attacker must have some technique or tool to exploit the system.

One classification of a vulnerability is security bug or defect, where a firewall may be out of date or in this case, Windows Defender is significantly out of date leaving the system with a window of vulnerability to attacks. This window would be from when the bug was discovered, access was removed, a fix was available and if or when an attack was disabled. Windows Defender was designed as a free software to defend against unwanted attacks as a combination of Microsoft Security essentials. With proper security patch updating, Windows should have minimal security bug and any other vulnerabilities present in the system. It is still recommended to have some additional Antivirus program depending on the daily use of the system. This means that if the user is downloading a lot of programs, music, movies from the internet, then it is recommended to have good programs defending your system and also to alert you of intrusion.

Windows, when designed was not designed with internet security in mind, the main focus of the system was for single users without any form of network connection. This caused a lot of the hackers to develop viruses, malware or worms to attack these systems. A Wikipedia article, states that in June 2005, Bruce Schneier's Counterpane Internet Security reported that it had seen over 1,000 new viruses and worms in the previous six months. In 2005, Kaspersky Lab found around 11,000 malicious programs, viruses, Trojans, back-doors, and exploits written for Windows. One main vulnerability was that XP had few user accounts, therefore majority of the users had administrator privileges, they needed it to run a majority of programs anyway. It was corrected with Vista’s User Account Control integration in the upgrade.

One recent vulnerability I stumbled upon was the security update that would resolve allowing remote code execution if a user visits an untrusted webpage that contains OpenType fonts or opens a “specially crafted document”. It was rated critical and it corrected how Windows Adobe type Manager Library was handling these OpenType fonts. It is not at all surprising because as reported in 2014, Microsoft’s Internet Explorer had 242 vulnerabilities reported, almost twice as much as Google Chrome. With web browsers being a gateway to this world wide web of poison, malware and server access, we have to constantly patch these holes with updates as they are available.