Security Threat For The Paper Is Describing Malware (Research Paper Sample)

Table of Contents
TOC \o "1-3" \h \z \u Introduction PAGEREF _Toc381967572 \h 3
Literature Review PAGEREF _Toc381967573 \h 3
Types of malware PAGEREF _Toc381967574 \h 4
Security model of Windows 8 PAGEREF _Toc381967575 \h 7
Security mechanisms PAGEREF _Toc381967576 \h 9
The Kernel Patch Protection or (KPP) PAGEREF _Toc381967577 \h 9
The Data Execution Prevention or DEP PAGEREF _Toc381967578 \h 10
Address Space Layout Randomization or ASLR PAGEREF _Toc381967579 \h 10
Windows Service Hardening PAGEREF _Toc381967580 \h 10
Applocker PAGEREF _Toc381967581 \h 11
Master Boot Record PAGEREF _Toc381967582 \h 11
User Account Control PAGEREF _Toc381967583 \h 12
Internet Explorer PAGEREF _Toc381967584 \h 12
Configuration PAGEREF _Toc381967585 \h 13
a)Windows Updates PAGEREF _Toc381967586 \h 13
b)Windows Defender PAGEREF _Toc381967587 \h 13
c)Windows Firewall PAGEREF _Toc381967588 \h 14
d)Applocker PAGEREF _Toc381967589 \h 15
e)User Account Control PAGEREF _Toc381967590 \h 16
f)AutoPlay Policies PAGEREF _Toc381967591 \h 17
g)Data Execution Protection PAGEREF _Toc381967592 \h 18
h)Internet Explorer Options PAGEREF _Toc381967593 \h 19
Limitations PAGEREF _Toc381967594 \h 23
Conclusion PAGEREF _Toc381967595 \h 24
References PAGEREF _Toc381967596 \h 25
Introduction
As more and more business activities are getting automated which simultaneously brings into the fold of usage of computers to store and process sensitive information, the need for a secure operating system becomes even more apparent. While the operating system be it commercial or free, closed or open source, a majority of the time of the developers does not go into the developing of the operating system, but making it more secure. The more popular the operating system is, the more it is attacked. In essence, developing a secure computing environment which protects the digital assets of the user is the goal of every operating system developer today. Windows, which commands nearly 90% of the market share today, is plagued by malware attacks constantly. Every week which is even more frequent if the operating system is fresh, Microsoft pushes an updates to resolve security bugs which are discovered and could be potentially exploited. However, that still not has been enough. This paper would investigate the security features of the most widespread and successful operating systems i.e., the Microsoft Windows 8 and how it could protect the user from malware based attacks.
Literature Review
The choice of security threat for the paper is Malware. In order to begin the literature review, the first thing which will be discussed here is the origin of Malware and it’s categories before divulging into the security components of Microsoft Windows.
Malware has been in existence since before 1986 for many other platforms. But in 1986, it appeared first time for the Personal Computer or PC (Milošević, 2013). It was a virus named Brain. This virus was developed by two Pakistani brothers - Basit and Amjad. Their aim was to show that PC platform is not very secure. This virus had the ability to replicate itself through floppy disks. When Windows was released which was in the year of 1985, it was attractive to many people around the world because of the ease of use for the general public and the ability that it could to do multiple things. As more and more users were folded into the world of computers, hackers and creators of malware simultaneously started taking interest in this buzzing world.  Accordingly, the first Microsoft Windows virus was WinVir in 1991-92. It did not do much harm. The main feature of WinVir was to replicate. In addition to this, it was the first virus which was able to infect the Windows PE (Portable Executable) files. In the past three decades of their existence, PC viruses have shifted from simple replicators to modern advanced polymorphic and metamorphic implementations. This shift has an underlying goal of increasing the diversity of signature of virus to such an extent where tracing of varied instances of same virus becomes a very difficult task. Even for the most complicated metamorphic virus, identifying its specific functionality and behavior remains a daunting step.
Types of malware
1 Virus - A virus is primarily a computer program that has the ability to self-replicate or develop copies of it and after that distributes copies to other files, computers or application programs. All viruses have an infection mechanism. For instance: a virus can insert itself into data files or programs. In addition to this, many viruses have an associated trigger or condition which performs execution of a payload (bgsu.edu, n.d.).  It is activated via common user interactions such as opening of a particular file, executing a program, clicking on an attachment link in an email. There are two key types of virus: compiled and interpreted viruses.
1 Compiled viruses are executed by the OS. It is defined as a virus which gets its source code compiled by a compiler program which converts it into a specific format. This format is executable by the OS (Bambenek, 2008).
1 File infector - this type of virus gets attached itself to the executable programs like word processor, spreadsheet and computer games. When a virus infects a program, it tends to infect other programs on the same system and other systems which make use of the shared infected program. The two most famous file infector viruses are - Jerusalem and Cascade (Bambenek, 2008).
2 Boot sector virus - This type of virus also known as Bootkits attacks the Master Boot Record (MBR) of hard drive or boot sector of a removal media (like floppy disks) or hard drive. The major symptoms of boot sector virus infected system are display of error message during booting or system may not even boot. The most famous boot sector viruses are Form, Michelangelo, and Stoned (NIST, n.d.).
3 Multipartite virus - This type of virus has various infection methods. Generally it infects both files and boot sector. The two key multipartite viruses are Flip and Invader (Symantec AntiVirus Research Center, n.d.).
2 Interpreted viruses - These viruses are executed by an application. Unlike, compiled viruses, interpreted viruses contains source code which is executed by an application or service. They have become very common as they can be easily written and modified in comparison to other viruses. Even an unskilled attacker can view, modify and distribute its code. There are two key interpreted viruses - macro and scripting viruses. Macro viruses attaches itself to a commonly used document (such as word processing and spreadsheet files) and uses its macro language to execute and replicate. They uses macro programming features which are associated with various software of Windows to execute automated complex repeating tasks. Scripting viruses are similar to macro virus except for the fact that macro virus can be read a by a particular program whereas scripting viruses are read by all the services such as Windows Scripting Host. The two most scripting viruses are First and Love stages.
2 Worms - They are similar to virus but they do not require a host program to infect a system. They can create fully-functional copies of their own selves and even execute them without any intervention from user. This self-contained capability has made them very popular among attackers (Finkelstein, 2010). It can affect more systems in a shorter span of time as compared to a traditional virus. Worms take advantage of identified vulnerabilities and weaknesses of a configuration. There are two types of worms: Mass mailing worms and network service worms. Network service worms propagate by exploiting the weakness in a network service of the associated OS / application. Since they get executed completely without any intervention from human, they spread at a faster rate. Sasser and Witty are two famous network service worms. Mass mailing worms are similar to e-mail borne viruses with a key difference that it is self-contained. When it infects a system, it searches for email containing file and then start sending its copy to all these email addresses through system e-mail client or through a self-contained inbuilt mailer.
3 Trojan Horses - They are non-replicating program which appear to be benign but has a dangerous purpose (umcs.maine.edu, n.d.). Trojan horses performs various different malicious activities - replacing executables of system and application with malicious versions of same, adding another application instead of overwriting existing files. They are difficult to trace. They use confusing techniques to conceal a system and continue to work without letting users and administrators to know about their presence. They can cause huge technical damage to the system. For instance: a Trojan virus replacing system executables with malicious versions may cause application to perform wrongly or lost altogether. SubSeven, Optix Pro and Back Orifice are some of the famous Trojan horses.
4 Blended Attacks - This type of malware has various infection / transmission methods. Nimda iwormi is a good example of blended attack which spreads via email, windows shares, web servers and web clients.
5 Tracking Cookies - A cookie is nothing but a small data file which holds various information corresponding to the user actions on the current Website (MITCHELL, 2013). There are a number of different uses of cookies. They are used to record user preferences, so that the user customization is saved when the user revisits that particular page after sometime. Apart from that, cookies are also used to save a detailed track record of the user so as to build a profile of his behavior. Cookies which are used in this fashion are known as the tracking cookies. Information collected via these cookies are sold to third parties for monetary gains....