Microsoft has put a lot of resources into making the Windows operating system more secure. The reason is that in recent years there have been more and more attacks against computer systems around the world, and some of these attacks have been successful. Such attacks have managed to put the computer systems of entire countries or large businesses, which can cost society billions of dollars.
The Windows operating system therefore has a highly developed security system, which is based on access control and integrity levels. We will now look at how security system protects Windows processes and data.
Security ID
There is a need to identify devices such as threads, which can perform operations on the system. Instead of using names to identify such devices, the Windows operating system uses a SID (Security ID). A SID is a number, and each SID is unique in the world.
A SID can be assigned to either a user or group of users in a network. When a process starts, the process and the threads run under the user’s SID. Other threads will not be able to access the process unless they have a SID with special authorization to do so.
Security Descriptor
Each process has information about its reliability that tells what privileges the user and the process have. Each process has a Security Descriptor attached that a Security Descriptor points to for controlling lists. These checklists contain access information that can deny access for users or groups of users.
Access to Objects
Central to the security of the Windows operating system is the protection of objects. Windows has a comprehensive security model that prevents unauthorized access to objects, which requires that before a thread can have access to an object, it must first specify what actions it will perform on the object.
Objects protected in the Windows operating system include files, hardware devices, mailslot’s, pipes, processes, threads, events, Mutex’s, semaphores, shared memory, input/output ports, timers, volumes, network shares, services, printers, etc.
Defense Against to Malwares
Windows Defender, also known as Microsoft Anti Spyware, is a program from Microsoft that has the function to prevent, remove and isolate spyware in Microsoft Windows. Windows Defender uses two mechanisms to detect spyware:
1. Scanning
2. Real Time protection
Windows Defender scans your computer and control programs against a database of information about spyware. Windows Defender is malware protection that helps identify and remove viruses, spyware, and other malicious software. Windows Defender runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn’t working properly or if you clicked a suspicious link online or in an email message.
Real Time Protection is a process that runs in the background and is looking for spyware that tries to install itself or run on your computer.
Windows Defender can also remove ActiveX applications and block programs that start automatically at Windows startup. Windows Defender is included in Windows Vista, Windows 7, Windows 8 and Windows 10. A firewall is a part of a computer system or network designed to block unauthorized access and to allow authorized access. Both hardware and software can implement firewalls.
The purpose of a firewall is to prevent unauthorized Internet users from accessing local network connected to the Internet, especially intranets. The firewall will investigate all messages entering or leaving the intranet through the firewall, and will also block messages if the safety criteria do not hold.
The firewall in Windows filters both incoming and outgoing packets. All incoming packets to your computer are blocked unless they are a response to a request from your computer, while all outgoing packets from your computer are permitted unless they violate a set rule.
Windows Firewall was first introduced as part of Windows XP Service Pack 2, and later versions of Windows have improved the Firewall.
Updating Windows
An important part of keeping a computer system safe is to obtain the latest upgrades to the operating system. Microsoft is constantly working on new upgrades; this may be updated drivers or improvements of code that have contained faults.
Many upgrades just give improvements in performance and functionality, but some are also security updates to the system. Windows include Windows Update, which is a program that updates the Windows operating system for computers all over the world once a month. Using automatic updates, a Windows operating system upgrades itself over the Internet without having to use a browser. The upgrade is usually the second Tuesday of the month. However, critical upgrades can take place more often if necessary.