current and future challenges of operating systems issues and problems
Post on 04-Jun-2018
213 Views
Preview:
TRANSCRIPT
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
1/9
Current and Future Challenges of Operating Systems: Issues and
Problems
Muhammad Rizwan
Department of Computer Science & Engineering, UET Lahore
GT Road, Lahore, Pakistan
muhammadrizwan@ciitsahiwal.edu.pk
Abstract - Traditional operating systems concepts are
almost unchanged, but experiments on operating systems
by research community call for new solutions. There are
still many challenges to Operating systems and in future
there will also be challenges to operating systems. In
this review paper we will discuss the security issues and
their solution in Windows XP. The configuration of
different security settings and policies on Windows XP
based systems in networked environments. The
application of these settings ensures reliability andsecurity. Understanding the trade-offs between security
and functionality as well as the counter products of
application of these security measures if any.
1. INTRODUCTIONFrom the very beginning operating systems lies in the
core of computer science. Therefore, if someone ask is
there some problem/issue still open, and if the answer is
in 'yes' then someone can ask why 50 or more years have
not been enough for solving all the relevant issues. It isclear that Operating systems have evolved a lot during
past 50 years. Various Changes in operational
requirements have changed that is why we need to
reconsider the fundamentals of operating systems. The
needs of these reconsiderations have their roots in the
fundamental changes in usage patterns.
There are a lot of challenges to operating systems that
includes Syntactic faults, Semantic faults, Service faults,
Communication and interaction faults and exceptions. In
this paper our focus is on the security of operatingsystems, and we will discuss security aspects relating to
Windows XP.
Microsoft Windows XP is an operating system used for
personal computers and is used for home purposes and
for business purposes on desktops and laptops. It
released on august 24, 2001. This operating system is
referred as second most popular version of Windows.
Windows XP being the successor to Windows 2000 ME
that was the very first consumer based OS to be built on
Windows NT kernel. Windows XP presented a
reinvented interface, a change labeled by Microsoft as
being user friendly than all the previous version of
Windows. Windows XP is the first operating system that
incorporates online product activation for counter piracy
According to w3schools Windows XP was the operating
system that is most widely used operating system
especially for the accessing of Internet according to webanalytic data analysis till November 2011 and holding a
market share of 32.8%.
Figure 1 points the OS market trend till July 2010
MITRE Corporation, Department of Homeland Security
is the organization that maintains a complete list of al
common known vulnerabilities and exposures that can
occur in a system. These vulnerabilities are also known
by CVEs (CVEs ids, names) serve as unique identifiers
for publicly known information security vulnerabilities.
Even with the popularity and its wide spread use, it is
recorded as the operating system with most prone to
various types of threats which include worms and
malware. MITRE Corporation has pointed more than
50,000 vulnerabilities of Windows XP and these all are
listed in a comprehensive CVE list. This points many
issues while using such kind of operating system. As
Windows XP is the operating system which is most
widely used in networked environments for various
organizations. Amount of vulnerabilities in present in
Windows XP is certainly needs to ensured that thesystems that are running this operating system must need
to be made it secure according to the environment
variables and organizational needs on what they are
operating.
After the analysis of the various vulnerabilities, risks and
exposures give us the information about the tradeoffs
that lies between security, usability and actua
functionality in networked environment. Some major
mailto:muhammadrizwan@ciitsahiwal.edu.pkmailto:muhammadrizwan@ciitsahiwal.edu.pkmailto:muhammadrizwan@ciitsahiwal.edu.pk -
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
2/9
countermeasures that lie in Windows XP are covered
with regards to these vulnerabilities; they are addressed
along with the negative aspects of countermeasure. Our
paper covers the recommendations for securing the
systems using Windows in three types of environments:
1. Enterprise Environment
2. Highly Secure Environment
3. Stand-Alone Environment
Fig. 1 Market Os Trends (July 2011)
(Image taken from Google.com)
1.1 Enterprise Environment
This environment contains Windows 2000/2003 server
of Microsoft Active Directory Domain. Windows XP's
based clients in that environment can be managed by a
Group of Policy. This group of policies are then applied
to domains, sites, organizational units and container.
These policies provide centralized method to maintain
and apply the security policy in that environment.
1.2 High Security
This environment contains security settings for all the
clients and provides them limited functionality as a
direct consequence to elevate the security. User
functionalities and accesses are limited to the required
functions along with the approved applications.
1.3 Stand Alone
This environment contains all of those organizations
which have small number of computers and that cannot
be made a part of domain. In this environment the clients
have to configure manually through the applications for
the local policy.
2. Active Directory Domain Infrastructure's
Configurations
2.0.1 Active Directory
(A directory service that holds which records
information about particular objects on a network and
makes that information available to all of the users and
to the network administrators)
2.0.2 Organizational Unit (OU)
(Organizational unit that container of active directory
that is used to group computers, users and other OU's
that are located within a similar domain. An OU is that
smallest unit which a Group of Policy can be applied or
the administrative authorities can be deputed).
Group Policy is the service enabling configurations and
modifications management in Windows NT and in
Windows 2003 server domain and is feature ofMicrosoft Active Directory. For the purpose of security
one should needs to perform certain prior changes within
the domain before application of a group policy. A group
policy is the vital tool for the protecting Windows XP
and that is stored in GPO (Group Policy objects) and i
also lies on the Microsoft Active Directory database
Active directory is closely associated to the group
policies, therefore it is important understand to the basic
structure of the active directory and the security
implications relating to the different options within it
before the implementing a group policy.
Table 1 Baseline Security Templates
Description Enterprise High security
Baseline
Templates
Enterprise
domain High sec-domain
2.1 Design Supporting Security Management for
Organizational Unit
The organizational unit (OUs) is associated to the group
of policy objects (GPOs) and they are a container within
an active directory domain. OUs may also contain users
computers and it also contains even other OUs that are
called the child OUs. OUs provide an easy and simple
way to its cluster users and computers and also to the
designate who authoritative boundaries by use of the
delegation wizard available as a component of Microsoft
Management Console snap in tool. The primary purpose
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
3/9
of an OU is to provide the group policies to the entire
organization requirement which covers all. OU also must
provide specific security settings to the different types of
users. An alternative OU is to manually configure
settings on each computer separately. The Figure 2 show
how a GPO is applied to a child OU. Firstly the group
policies are applied from the local policies of the
windows XP workstations then group policies are
applied at the site level and after that these policies areapplied at the domain level.
To illustrate how that precedence in between the GPOs
applied, consider Windows XP OU policy setting that is
set just to enable logins through terminal service using
the administrator groups. A laptop GPO setting is set in
such a way that to allow logins through terminal services
for power users and the to the admin accounts. In the
above scenario when a power user will be able to logon
on the laptop and the laptop OU is the child of the
Windows XP OU. If NO OVERRIDE policy is selectedin Windows XP GPO. Then only those users can login
who are holding the administrator accounts.
Fig. 2 Windows X OU precedence Order
(Image taken fromhttp://www.google.com)
2.2 Security Templates
Security templates are the security setting values that are
stored as *.inf files and they are located under the pathcomputer\windows settings\security settings folder.
These setting on the files can be changed by using a text
editor i.e. notepad or from the security settings snap
from the management console. Some access control lists
(ACLs) also located in these templates and they are
defined by the Security Descriptor Definition Language
(SDDL).
2.3 Administrative Templates
These are the additional templates that are actually
registry values that directly affect the windows settings
and components along with the applications such as MS
Office. These templates contain all the users and
computer settings stored in (HKEY CURRENT USER)
registry hive for users and (HKEY LOCAL MACHINE)
registry hive for computer.
2.4 Policy at Domain Level Group
This policy is applied to the computers and users within
a specified domain and more they are covered in more
details in Password policies manage the lifespan and to
the strength of the passwords. The password change
attack can greatly be reduced by simply strong
passwords that change on regular basis. The domain
group policy can be edited in GPO editor
computer\windows settings\security settings\accoun
policies\password policies. Password policies contain the
following features.
2.5.1 Enforcing the Password History
This feature determines all the number of unique new
passwords that can be used until the password is set to a
previously used one. By default this value is set to 0 in
Windows XP and is set to 24 in any other domain
Enabling the Password History can be changed to any
value depending on the domain policy to make it strong
and is enforced to the Maximum password age feature.
2.5.2 Age of maximum Password
This feature can be used to set and verify the expiry date
of a password in a domain and can be set on different
types depending on users. By default a max password
age is set to 42 days for any type of users, and can it
varies from a value ranging 0 to 999. 0 values are set so
that the password never expires.
2.5.3 Age of minimum Password
This feature determines the minimum time (in days)
before a user can change his\her password. This value
varies from 1 to 998 depending upon the requirements
and its value must be less than the value for max
password age. 0 values can be set so that the user does
not have to change the password at all.
http://www.google.com/http://www.google.com/http://www.google.com/http://www.google.com/ -
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
4/9
2.5.4 Length of minimum Password
Minimum password length feature is used to set the
minimum amount of characters that can be used as a
valid password. A password of greater length is likely to
assume as a strong password and less likely prone to an
attack. In enterprise client environment that value can be
set to a value of minimum 8 to ensure a reliable
password where as in a high security environment thatlength is set to a default of 12. The use of a pass phrase
provides higher reliability and it is easy to remember.
This feature sets the basic password complexity
requirement. The main advantage of this feature can
explain through the fact that a password of 7 character
with case sensitivity has the combinations of 52 to the
power 7 and can be broken in 49 minutes at 1,000,000
combinations per second on the other hand similar
password of 8 characters would require a time span of 59
hours to crack it. This is just because the number of
possible combinations increases exponentially by theincrease of a single character. The number of possible
combinations can be greatly increased by using special
characters and symbols in it. The use of these settings in
conjunction makes it to really umber some if not
impossible to launch a brute force attack on a system.
2.5.6 Passwords using Reversible Encryption
When this feature is enabled system uses a reversible
encryption technique to store the password and it is
required by some protocols such as InternetAuthentication Service (IAS) and Challenge Handshake
Protocol (CHAP). This is similar as storing the
passwords in a clear text format and it is highly not
recommended, also by default this feature is disabled in
default domain GPO.
2.6 Duration of Account Lockout
The account lockout duration sets the time that is
required to unlock an account before a user can
reattempt to unlock\log on to a system after maximumnumber of failed password attempts. By default a value
of 0 which is set permanently locks an account and
requires an administrator to unlock it. This value should
be decided and set according to the applicable policy in
order to avoid denial of service attacks and also to
reduce the number of help desk support calls.
2.7 Lockout Threshold of an Account
Account lockout threshold tells the number of possible
password attempts before going to locking out an
account. To avoid frequent lockouts that value is set to a
high Number. As vulnerabilities exists in both of the
scenarios where this number is set to high value and a
low value, this parameter requires more attention. A
values of 0 which means that there would be no retries,should be avoided in order to avoid DOS mistypes or
attacks. This number should be high to provide the users
the ability to avoid the accidentally mistyping the
password.
2.8 Reset Account Lockout Password after
This feature defines the amount of time before the
account lockout threshold resets reached to zero. By
default this value is not set and it should be equal to or
less than to the value of account lockout duration.
2.9 Security Settings
As the account policy must be defined in default domain
policy and it is observed by the domain controller in the
domain. A domain controller gets that policy from
default domain policy GPO even in case if different
policies are applied to the OU that are containing the
controller. There are two types of policies which can
also act as the account policies with in security options
at domain level and these values are editable in the GPO
editor: Computer Configuration \ Windows Settings
Security Settings \ Local Policies \ Security Options.
2.10 Network Security (Force Logoff)
This feature defines when to force the user to log off
after time expires after valid hours and it directly affects
the SMB component. When enabled this feature forces
the user to disconnect from the SMB server after valid
logon time until his/her next valid timing. This feature is
defined in default domain policy.
2.11 Kerberos Policy
These policies are defined at the domain controllers
rather than on individual computers and this should not
be set other than their default values as they define the
enforcements and ticketing mechanisms. To make it
clear it should be remember that these policies are no
defined in local policies.
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
5/9
2.12 Organizational Unit Group Policies
For specific OUs the security settings should be specific
and should separate including both computer settings
and user. These can also be separated into two.
A). Security Setting Group Policies:
User needs to have a GPO for each Windows XP based
computer within a specific environment. Desktops andlaptops are divided into separate OUs in order to apply
custom GPOs for each system.
b). Software Restriction Policy (SRP):
There is need to have a separate GPO for the SRP and
there are many reasons to have it on that way. One
reason behind that is the SRP requires the admin to make
the list of authorized software that is allowed. Secondly
being using this technique it allows quick recovery in
case of a mistake is made in the implementation of aspecific SRP.
3. Security Settings for Windows XP Clients
This portion describes the security settings configured in
global policy in a Windows XP domain, by
implementing these settings one will ensure that the
computers running in a specified domain and it is secure.
3.1 Audit Policy Settings
Audit policy settings are used to reports/record theevents that may occur on the user end and report to the
administrator. Administrators are also able to record and
see when the users log on/off the terminal and when
security related to each event occurs such as when a
change is made in the audit security policy. These audit
policy settings when defined for specific categories are
called audit policy and can be tailored according to the
organizational requirements. In Windows XP the audit
policy setting can be defined at the following path:
Computer Configuration\Windows Settings\SecuritySettings\Local Policies\Audit Policy.
3.2 Audit Account Log on Events
This features records the user log on as an event when
turned on. The events such as these are recorded on the
domain controllers when a domain user account is
authenticated on the domain.
3.3 Audit Account Management
This feature enables the admin to record the events such
as create, modification, deletion, enable or disable users
change account passwords. This is useful in terms of
recording malicious and accidental activities such as
authorization creation of user and group accounts.
3.4 Audit Log on Events
This setting is used to set whether to audit each and
every event log on attempt on a computer. Records are
generated on the domain controllers to maintain domain
account activity and on local computers to monitor loca
account activity. Setting this to No Audit does not
monitor log on attempts on an enterprise domain and is
strongly discouraged.
3.5 Audit Object Access
Audit object access allows the admin to whether torecord events related to users accessing certain objects
on a system or not. These objects can be such as a file
registry or a folder specified in a SACL. A SACL
consists of access control entries (ACEs) and have three
vital pieces of information:
The computer, user or group that is to be audited The access mask (what is to be audited) A flag contained the success/failure regarding
the access.
3.6 Audit Policy Change
This allows tracking the changes in the audit policy
settings as well the trust policies and the user rights
assignment policies. This helps in keeping the track of
things especially when an attacker tries to elevate some
user rights or back up files access privilege.
3.7 Audit Privilege Use
This setting enables the admin to record whenever the
user exercises the user rights. Enabling this feature for
successful user right access generates a huge log and
hence it is recommended to turn this on for failure of the
user right access.
3.8 Audit Process Tracking
This determines audits detailed tracking for events such
as indirect object access, program activation and process
exit. This generates a big log so typically this feature is
turned off.
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
6/9
3.9 Audit System Events
Enabling this feature allows administrators to log events
system related events such as successful system log on
and shutdown. This is extremely useful for recording
unauthorized access of system, by default these settings
are set to record successful system logons but can be
modified to record unsuccessful log on events as well in
a highly secure environment.
Fig. 3 Settings
3.10 User Rights Assignment Settings
User rights assignment settings are used to grant specific
users privileges over normal users when used in
conjugation with privileged groups in Windows XP. The
user rights assignment settings can be found in Windows
XP under: Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights
Assignment
3.11 Access This Computer from Network
This right allows a user to remote user to connect to
system using a protocol such as server message block(SMB) and NetBIOS. The limitation of these rights is
defined for specific users in the Figure 3.
3.12 Act as a part of the Operating System
This right allows a process to take the identity of a user
and use its privileges to access a resource and due to this
feature it is always turned off.
3.13 Adjust Memory Quotas for a Process
This right allows a user to adjust the memory size for a
particular process and can be used for fine tuning but can
surely be exploited by an attacker so these right remains
reserved with administrators, local service and network
service in high security environment while they are not
defined in enterprise environment.
3.14 Allow log on locally
This right enable the users to log on the system using
user interactive interface such as by pressing
Ctrl+Alt+Dlt, users attempting to logon to a system via
IIS or terminal services also require this right. The guest
account in Windows XP is by default granted this
account although this account is disabled by default but
Microsoft recommends enabling it from the group
policy.
3.15 Log on through Terminal Services
Determines the users or groups can log on to a system
using the terminal services and is needed by the remote
desktop users. If assistance for instance is required by
the use of remote desktop assistance a group with this
right needs to be implemented.
3.16 Backup files and Directories
This right is only enabled when an application tries to
access a file or directory through the application
programming interface (API) for example any backup
file, otherwise normal file and directory permissions
apply. In a high security environment only
administrators are granted this right and not defined in
the enterprise environment.
3.17 Change System Time
Describes which users are allowed to change the internal
date and time settings in an environment. This change
can directly affect the events being monitored as
attackers or users might try to forge wrong entries for the
events in the log files.
3.18 Create a Page file
This right allows the users to change the size of the page
file. Increasing and decreasing this size can greatly affect
the system performance so is disabled by default in an
enterprise environment while set to administrators only
in highly secure environments.
3.19 Create Shared Objects
This right allows the user to create shared objects on the
network, components of the OS running in the kernel
mode have this right inherently and useful to them as
they extend the object namespace.
3.20 Create Token Objects
Allows the user to create access tokens providing access
rights to sensitive data or provide elevated privileges to a
user. This right should not be granted to anyone in a
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
7/9
highly secure environment or where the data is of critical
importance and requires security.
3.21 Misc User Rights
All above mentioned user rights are used in conjunction
with the below mentioned user rights to ensure security
along with the proper functionality. All of these can
obviously not be discussed in this paper:
Enable users and computers to be delegated. Force shutdown from remote system. Generate security audits. Increase scheduling priority. Log on as a batch service. Log on as a service. Replace a process level token. Profile single process. Restore files and directories.
3.22 Security Option Settings
The applied security setting via group policy in systems
with Windows XP in a domain can be used to enable or
disable features such as logon prompts, digital data
signing, driver installation, drive access such as CD Rom
etc. These settings in Windows XP can be set at the
following location in GPO editor: Computer
Configuration\Windows Settings\Security Settings\Local
Policies\Security Options the settings defined on this list
may need to be manually configured. This list is given
below:
Renaming the guest and the administratoraccounts.
Allowance to format the eject-able and fixeddrives.
Restricting the use of peripherals for local accessonly.
Disallowing the installation of unsigned drivers. Digitally encrypting and signing the secure
channel communication (always or whenever
possible).
Requiring a strong session key. Not displaying the name of the last user. Not require Ctrl+Alt+Dlt for logon. Numbering the log on requests to cache if the
domain controller is not available.
Digitally signing the communication (always orif the Server agrees) in Microsoft network Client
Sending unencrypted passwords to SMB server Amount of idle time before suspending session
Digitally signing the communication (always orwhenever the client agrees) in Microsoft Clien
Server
Not allowing the network credentials to bestored for logon purposes
Allowing administrative control and floppy copyaccess to all drives and folders
Using FIPS complaint algorithms for(Encryption, hashing, signing)
3.23 Event Log Security Settings
The security logs are used to record audit events while
the event log records the system events. The event logs
are used to define attributes of the application, system
events and systems event and can be defined in a group
policy. These settings are defined in the windows
security template and then applied to the workstations in
an OU. These settings can be found in Windows XP in
GPO under: Computer Configuration\WindowsSettings\Security Settings\Event Log Logs files
fragmented in the memory can cause performance
issues. The limit for the memory mapped files extends
up to 1GB in case of event logs. This is only the
theoretically limit, the actual practical limit for the event
log files in Windows XP can take up to 300MB and so
should not be exceeded. Like other security settings
event security settings are a multitude of settings that
may need to be manually configured and are listed
below:
Maximum application, security and system logsize
Preventing local guests groups from accessingapplication, security and system log
Retention method for application, security andsystem log
3.24 Restricted Groups
This group allows administrators to manage the
membership of any group by determining the groupswhich needs to be restricted. This restricted group is
identified based on specific organizational needs. Power
users groups is restricted in certain ways in a highly
secure environment, although power users have less
access than administrators but powers users can still
access system resources in powerful methods. The
restricted groups can be configured in Windows XP at
the following place in GPO editor: Computer
Configuration \ Windows Settings \ Security Settings \
Restricted Groups.
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
8/9
3.25 System Settings
Default services are installed when a fresh copy of
Windows XP is installed on a system, additional services
such as IIS can be installed from the add remove
component o f the Windows XP keeping in mind that the
installing services which are not required can serve as
the point of attack and should not be installed. These
system settings can be configured in Windows XP at theGPO editor: Computer Configuration\Windows Settings
\Security Settings\System Services The additional
system systems defined below may need to be properly
configured according to the organizational needs:
Alerter Clipbook Computer browser FTP publishing service IIS admin server Indexing service Task scheduler Telnet Terminal services Remote registry services Routing and remote access
3.26 Configuring Internet Connection Firewall
Configuring the Internet connection firewall (ICF) locks
remotes access to a system by blocking incoming
connection requests to all services and provides an addedlayer of security on the system. By default Windows
Firewall is disabled but can be configured to provide
protection against denial of service attacks and worms. It
should be kept in mind that ICF does not provide
outbound filtering and its filters cannot be configured
using scripts or by group policies.
3.27 Manual Security Settings
Security settings can be manually hardened by:
Disabling Dr.Watson System debugger Disabling UPNP
3.28 Securing the File system
NTFS file systems has been improved with the
advancement of windows and the default permission set
for users are adequate for most of the organizations
however file permissions with more control can be set in
order to meet the need of any organization. In addition to
this the Encrypting File System (EFS) enables
encryption of files with advanced cryptographic
algorithms, anyone who does not have the required
cryptographic key cannot access/read the encrypted data.
4. Securing Stand Alone Windows XP Clients
Maintenance of Windows XP based computer are not the
members of Microsoft Active Directory domain can be
challenging in different ways. This section describes
how to effectively manage and apply the policies and
settings discussed above in order to secure the desktop
and laptop clients in any environment. These policies
apply to all the users logging on to the client including
the local administrator and will provide an environmen
which secure from most of the threats while maintaining
adequate functionality.
4.1 Windows XP in Windows NT domain
A Windows XP based system in a Windows NT 4.0
based domain is an example of a standalone and causes
much management overhead as there is no centralized
location where the security settings can actually be
maintained. In this environment Microsoft recommends
the installation of Windows NT based domain controller
with service pack 6a. The service pack 6a provides
contains several patches for NTLM authentication and
without it the Windows XP based clients may experience
connectivity issues. To establish connection and
communication with a Windows NT 4.0 domain
controller, the following setting needs to be modifiedUnder Computer Configuration \ Windows Settings
Security Settings \ Local Policies \ Security Options.
4.2 Local Group Policy Object Settings
A Windows XP based local policy is a very effective
way to provide consistent security to clients that are not
a part of any active directory domain. Every Windows
XP based system has at least one local GPO and these
settings are implemented using the GPO editor or
scripts. The local GPO settings are fewer in numbers
when compared to the domain based GPO especially
when it comes down to the security settings. Local GPOs
unlike the domain level GPOs do not provide services
like remote installations and folder redirection when
configured as standalone clients. These local policies can
be used to provide a robust operating environment on a
standalone client. Figure 4 shows the local group policy
snap in extension.
-
8/13/2019 Current and Future Challenges of Operating Systems Issues and Problems
9/9
4.3 Account Policies
These are similar to the policies described the domain
account policies and includes the same password policy,
account lockout policy, Kerberos policy, password
complexity policy but these policies are not used in case
of standalone clients as they are in domain. In case of
standalone clients these settings need to apply locally.
Fig. 4 Group Policy Snap In Extension
4.4 Local Policies
Local policies can be applied to stand alone Windows
XP based clients using security templates described in
security templates section for a domain and can be
automated using scripts. Similarly these templates can
also be imported and applied to multiple machines in a
local environment.
5. Ensuring System Reliability using Windows
Update
Microsoft releases periodic updates for its supported
version of Windows against known threats and
vulnerabilities found in the Microsoft Knowledge Base.
An accumulated or combined version of these
updates/patches is also unknown as the service packs
which ensures protection against known exploits. In a
domain environment this feature can be modified in a
number of ways as per organizational need from the
administrative template. This setting can be found at the
location: Administrative templates \ WindowsComponents \ Windows Update.
5.1 Do not display Install Updates and Shut Down
Option in Shut down Windows dialog box this policy
setting allows the admin to or not to display the install
updates and shutdown option in the start menu or by
pressing the starting the task manager. As the
installations of updates are considered vital this setting is
by default set to be disabled in Windows XP for al
environments.
5.2 Do Not Adjust Default Shut down Options
Settings
This setting allows whether or not do not display install
and shutdown option to be selected as the default option
in start menu shutdown option. it is to be duly noted that
this setting is of no use if Computer Configuration
\Administrative Templates\Windows Components
\Windows Update \Do not display Install Updates and
Shut Down option in the shutdown windows dialog box
policy is enabled.
CONCLUSION:
In this review paper we have discussed the security
issues of windows XP and with every problem we have
presented the solution, there is no such need of operating
system (windows XP) ad development level, just we
should be aware of these securities parameters in order
to avoid the security lack.
References:
[1]. Kimmo E. E. Raatikainen, "Operating System Issues
in Future End-User Systems, IEEE Internationa
Symposium on Personal, Indoor and Mobile Radio
Communications, December 9-1l, 2009.
[2]. M. Swift, B. Bershad, and H. Levy, Improving the
Reliability of Commodity Operating Systems, ACMTrans. Computer Systems, vol. 23, 2005, pp. 77-110.
[3]. M. Swift et al., Recovering Device Drivers, Proc
6th Symp. Operating System Design and
Implementation, ACM Press, 2009, pp. 1-16.
[4]. R.P. Goldberg, Architecture of Virtual Machines,
roc. Workshop Virtual Computer Systems, ACM Press
2008, pp. 74-112.
[5] Microsoft TechNet Organizational Unit
http://technet.microsoft.com/en-us/library/cc758565
[6]. Microsoft TechNet Active Directory
http://technet.microsoft.com/en-us/library/cc782657
top related