OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
3
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

OfficeMate Freezing Error
OfficeMate Freezes on login or does not load after login credentials are input.
0
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY.
How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
0
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a single click.
0
This is a short article about OS X KeRanger, and what people can do to get rid of it.
0
 
LVL 13

Author Comment

by:Justin Pierce
Comment Utility
Hi Ericpete,

Sorry for the reference to Intego and my site. I've removed the lines that you've asked to be taken out. Again, I'm sorry for the mishap.

Thank you for your time and take care.

vr,

Justin
0
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lot of time with Jeremy Moskowitz's GP books.
0
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My article will show an alternative.
17
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Hi Andrew.

It is "harsh", because we deny something to the system account and the admin account. Normally, these accounts are not denied anything. But if you put this into context, it will not really matter to deny it or not, since the risk that Shaun mentions is theoretical.

"If a machine is left logged on 24/7, is there any need to disable the suggested admin account?" - Why would you even worry? Setting up the tasks automates the process. Well, if a machine is logged on 24/7, that does not imply it's unattended. So if you don't use these tasks to deactivate the account on lock/logoff, an attacker could simply logoff the logged on user and (if he knows or guesses the account name) logon with that admin account without a password.

"Assuming that a machine's drive is not encrypted..." - if we assume that, we imply that the guy using this PC has no real interest in securing his system. Full disk encryption is the very baseline for any security concept. In case we ever need to do emergency repairs, we can always activate administrative accounts using boot disks - after mounting the encrypted drives by using tools that allow that. In case of bitlocker, any setup disk allows it.
2
 
LVL 11

Expert Comment

by:Andrew Leniart
Comment Utility
Thank you for expanding on your comments McKnife. An excellent article that inspires thinking more about security!  

Thanks for sharing your ideas. Endorsed.
0
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch applications with the "Run as Administrator" option.
4
 
LVL 7

Expert Comment

by:Yashwant Vishwakarma
Comment Utility
Good One Fred.
Voted Yes :)
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
This is cool and useful for PCI-DSS compliant environment.
0
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help family and loved ones from being the next victim.
5
 
LVL 27

Expert Comment

by:☠MAS☠
Comment Utility
Thanks Btan. Really helpful. Appreciated your effort.
0
 
LVL 64

Author Comment

by:btan
Comment Utility
No worries. There are many other good article and you can check out the FAQ too.
0
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home edition.
0
 
LVL 1

Author Comment

by:Joost Kuin
Comment Utility
Take back control of your Windows Updates!
0
 
LVL 40

Expert Comment

by:evilrix
Comment Utility
This comment is in no way meant to shine a negative light on this article nor the author and is just a general message of caution and advice that careful computer user should consider before making changes that may modify their machine or running a binary from an unknown source.

CAUTION: Anyone who wishes to try this please be aware that it is your responsibility to make sure you back up your machine first and that the risks of any damage caused by attempting this is entirely your own. You should also be aware that running an executable from an unknown source (remember, EE neither supplies nor advocates the execution of the binary achievement in the article) should always be met with a high level of caution and so you are strongly encouraged to scan the file with an up-to-date and reputable anti-virus tool (both before unzipping it and after) before running.
0
Ready to trade in that old firewall?
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safeguard your privacy!
0
In a recent article here at Experts Exchange, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to running Nuance's PaperPort 14.5. I received a private message from a fellow PaperPort user who read the article asking me if I'm aware that Windows 10 is using my computer to help distribute itself. I was not aware of it!

Perhaps I missed this during my nine-month experimentation with the W10 Technical Preview, or maybe Microsoft added that feature only in the official release (Build 10240), but when I checked it out, it is true. I was very surprised to find that W10 is, in essence, using my PC as a peer-to-peer server in distributing updates and apps, and I figured that other Experts Exchange members may also not be aware of it. So I decided to write this article, which also shows how to disable it.

Sidebar:  During the article review process, an EE Page Editor (MASQ) pointed out that this feature was introduced in March with Build 10036 — I did, indeed, miss it! My thanks to MASQ for this information, and for providing a link to Leaked Windows 10 build hints at peer-to-peer patching, an interesting article about it in The Register.

First, I'll explain how to find the feature (the screenshots in this article are from Version 10.0, Build 10240, created via an automatic update from the Technical Preview version of the Windows Insider Program):

51
 

Expert Comment

by:MtHolly
Comment Utility
So, does turning off WUDO "Updates From More Than One Place" stop my system from distributing Windows 10 and updates?  Or, just stop it from getting updates from unknown sources?
0
 
LVL 55

Author Comment

by:Joe Winograd, EE MVE 2015&2016
Comment Utility
Hi MtHolly,
Turning it off does both — (1) stops your system from getting updates and apps from other PCs (meaning it gets them just from Microsoft) and (2) stops your system from distributing/sending updates and apps to other PCs. Regards, Joe
0
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks without using non-microsoft tools or even security software that we would have to pay for.

Let me show the attack types that can be easily defeated:

1 your computer is found unattended and someone connects his USB drive (stick or hard drive or smartphone) to collect some of your data
2 your computer is found unattended and someone tries to run a script to infect your computer. Knowing, that we are prepared for item-1-attacks, he comes with a USB rubber ducky style device, that is a special USB memory stick that camouflages as keyboard to circumvent countermeasures against USB sticks. That way, it can act as a keyboard and type in thousands of code lines per minute…malicious code.The rubber ducky attack  is very dangerous since your computer can be infected in seconds even with current anti-virus software.


The concept:
The usb device, as any other device, needs to be installed in order to work. This takes a few seconds and is long enough to launch a counter-attack and uninstall that devices again before the attacker can use them. Starting with windows 8, the event log will record usb device installations so that we can use these events to trigger the …
15
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Hi James.

When an .exe is run, it's already too late. So until the removal action would have started (triggered by some mechanism, doesn't matter), the exe code is already inside the RAM of your computer and it will not help to uninstall the device, then.
What we could do, is trigger certain actions when the device is plugged in, like for example search the whole device for *.exe or *.com and if found, uninstall the device. But that might take a few seconds and it could be that this process is too slow, so that the exe is already started manually while the search is still on it.
0
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Oh James, somthing that will interest you!
I just "strolled" through our GPOs and came across a setting that I almost forgot: starting with win7, we can deny not only read/write but also execute access (separately) on removable devices by GPO! See https://technet.microsoft.com/de-de/library/hh125922%28v=ws.10%29.aspx?
0
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each user. It's also an effective way to make sure users who give no thought as to the proper place to save a document don't lose data, and to prevent data from being stolen or lost in the event a workstation dies or is stolen.

However, the biggest battle I have fought in maintaining our new "cloud" environment has been the Saved Games folder. I'm unsure which of the Microsoft security gurus decided this folder needed to be even more tightly protected than the .net Framework folder, yet I am constantly having users call me with error messages on the screen to say they can't reach their AppData folder because the Saved Games folder has messed up the permissions inheritance in the user's profile. 

When I check the permissions, all is fine - the appropriate accounts have the proper permissions, and the user is listed as the owner of the profile folder. But enforce ownership or inheritance on subcontainers and more often than not the message, "You do not have permission to read the contents of Saved Games. Do you want ... Full Control?", appears.  Of course, answering 'yes' accomplishes nothing as not even the server or domain administrator accounts can do anything with this folder without expressly taking ownership of Saved Games
0
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them against attacks.

For starters, let’s define what they are: virus and adware are two different types of malware, each exploiting different aspects of computing architecture to carry out their payload. Malware is simply a category used to refer to software designed to disrupt normal system operations, example of malware are: virus, adware, spyware, Trojan, rootkit, bot, etc.

Let’s go back to our original topic and go over what makes a computer virus a virus,  a Computer Virus is a malicious program that can replicate itself without user interaction by exploits Operating System, Applications, and software vulnerabilities. What the virus does after it’s been executed is another story, though the common denominator is that it’ll disrupt normal system operations and it will attempt to replicate itself.

Something interesting about computer virus is that as much as they can be sophisticated programs most of them pray on users’ vulnerabilities for the initial installation, also known social engineering. “Good” virus writers also study human behavior and emotions hence the I Love you Virus ,they plan their initial attack to align themselves with special occasions, dates, …
16
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Jorge,

This is an excellent article, but I am surprised that you did not correct more of the mistakes - they make it harder to read (I'm also surprised that a page editor didn't point that out).
0
 
LVL 7

Expert Comment

by:Yashwant Vishwakarma
Comment Utility
Another good article, voted YES.

Regards,
Yashwant Vishwakarma
0
This is a guide to the following problem (not exclusive but here) on Windows:

Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge.

Any admin who takes security seriously fears attacks by his own colleagues. Thus he faces a small dilemma with user support: strictly speaking, each user PC is "enemy territory". We do not know if the user has evil intentions and might have prepared his already compromised machine, only waiting for us. How to authenticate there without running the risk that the user will somehow capture our password or hash?

Many questions arise:
  • Do we use remote assistance, remote desktop or TeamViewer?
  • Or walk over to the user and enter the password while he watches?
  • Or visit his computer (physically or from remote) "after hours"?
  • Do we use local Admins, or a/the domain admin or do we create an AD Group with delegated privileges? 
  • How do we maintain the passwords? Write lists, memorize, or set all to the same one?
  • Do we type that password in our own session only, or inside the user's session but only on the secure desktop of a UAC prompt, or may we use it with RunAs? Or would it be better to use 2-factor authentication?
  • Or shall we "surrender" and give all users admin rights so they can solve their problems alone? ;-)
You can find various recommendations also …
6
 
LVL 55

Author Comment

by:McKnife
Comment Utility
"what if the malicious user finds your account and tries  to login with it until it's locked because of n wrong passwords ... " - read it once more. That is not possible, because it is locked unless we activate it for the support rdp connection.
"nice article, but why would a malicious user wait for you to come to him ?" - if you have more questions, next time please ask them right at the article. Answer: to grab your password with mimikatz and extend his rights from admin@local to admin@allPCsThatAdminHasAccesto
0
 

Expert Comment

by:amstoots
Comment Utility
Nice article, McKnife
0
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, business startups and founders can ramp up with new web servers, blogs and data stores more rapidly and affordable than ever before.

Cloud Security
The cloud presents great business opportunities, but it can also lead to legal and financial hot water if you cut corners. Skipping or glossing over data protection safeguards can of course lead to brand damage, financial penalties, loss of customer trust and even put you out of business.

To help startups and entrepreneurs launching or expanding their small businesses into the cloud, I will walk through a "real world" example of how to deploy a more secure solution for your business using Amazon's AWS cloud platform.

I will also include some non-technical guidance that should be applicable to any cloud service provider you choose.

Amazon Web Services (AWS) Overview

You may first find the AWS cloud service is flexible and broad, to include security, automation and management tools within a click of the mouse. You can purchase what you need by 'renting' a smaller server or two with lower capacity (e.g., memory, CPU, etc.), but also scale out to more systems and greater capacity as your business needs and web traffic grow.

AWS Console
1
 
LVL 15

Expert Comment

by:Eric AKA Netminder
Comment Utility
Netminder,

Thanks for the assist.

Frank,

Your article has been published, and we have awarded it EE-Approved status as well. Congratulations!

ericpete
Page Editor
0
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected system and how far it was able to get within that system.

With a number of organizations impacted by this virus at an enormous rate (90% or higher internal infection), this virus has actually proven the most complex that I have had to deal with cleanup.  This may be due to it being the first Zero Day infection that I personally witnessed.


IMPORTANT - The information and eradication steps provided below are written with the assumption that you understand how to read and modify your system registry, security settings, and basic system commands.  Performing any of these operations incorrectly could seriously damage your computer.  If you do not understand the information provided and you are not confident you can handle this process by yourself, take your computer to a skilled professional for service.


Resident Location and Behavior
This variant of Qakbot starts with a randomly named executable (EXE) file in the root of the boot drive on a Microsoft Windows based system.  It doesn't matter if it is Windows 7, 2000, XP, or Vista - or Windows Server 2000, 2003 or 2008 for that matter.

A Windows service is created and started to launch the virus into memory, allowing it to propagate deeper into the…
10
 
LVL 4

Expert Comment

by:Analog_Kid
Comment Utility
Nice!
0
 
LVL 19

Author Comment

by:Delphineous Silverwing
Comment Utility
This virus has mutated and is now depositting itself into a couple other locations.  If you are manually cleaning a machine, then these should be checked as well:

C:\Documents and Settings\Administrator\application data\microsoft
C:\Documents and Settings\<User>\application data\microsoft
C:\Users\administrator\appdata\roaming\microsoft
C:\Users\<User>\appdata\roaming\microsoft
C:\Windows\prefetch

Substitute <User> with each of the User profiles loaded on this machine.  In current cases Qakbot is installing itself within the profile of the currently logged on user, rather than All Users as previous versions of the virus.

This newer variant of the QAKBOT virus saves a copy of itself in the prefetch folder of modern Windows versions.  This is a new bahavior for this virus, some previous variants saved itself within the windows system restore data.
0
Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality.

That was my job.

Being a lazy sort, there was no way I was going to walk around to each individual workstation for fifty-plus client sites and run utilities.

There's a hack for that.

1. Gather the tools


You'll need some software to be able to complete all the tasks in this guide:
      * Visio 2007
      * Microsoft Active Directory Topology Diagrammer (ADTD)
      * Microsoft Baseline Security Analyzer (MBSA)
      * DumpSEC
      * Lansurveyor Express (registration required for trial version)
      * SaveAsPDFandXPS
      * NMAP
      * The USERS+GROUPS.BAT file, listed below:
@echo off
REM Gets all users by sam
dsquery user -o samid -limit 0 >users.txt

REM Gets all users with 90+day passwords by sam
dsquery user -stalepwd 90

Open in new window

4
 
LVL 3

Expert Comment

by:drdoug99
Comment Utility
Awesome article....thanks for making it!
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.