Windows XP operating system security

Microsoft once boasted: "Users with Windows XP will no longer need to worry about network access security", it can be seen that Windows XP is an NT kernel operating system, and its function is stronger than any Windows system, but also There are many worrying issues.

Below, let's take a look at the security of Windows XP. Let's look at its advantages:

Security

First, perfect user management function

Windows XP uses the Windows 2000/NT kernel and is very secure in user management. Any additional users can see it when they log in. Unlike Windows 2000, users who have been added an administrator group by hackers can't find it. Using the NTFS file system, you can restrict user access to a folder by setting a folder's security options, such as when a normal user accesses another user's document. You can also enable auditing for a file (or folder) and log the user's access to the file (or folder) to a security log file to further enhance the supervision of file operations.

Second, transparent software restriction policy

In Windows XP, the software restriction policy is to isolate and use unreliable and potentially harmful user data in a "transparent" manner. The code that protects your computer from viruses, Trojans, and worms that spread through email or web pages to keep your data safe.

Third, support NTFS file system and encrypted file system (EFS)

The encrypted file system (EFS) in Windows XP is based on public key, and uses the default EFS setting of CryptoAPI structure, EFS You can also use the extended Data Encryption Standard (DESX) and Triple-DES (3DES) as encryption algorithms. Users can easily encrypt files.

When encrypting, EFS automatically generates an encryption key. When you encrypt a folder, all the files and subfolders in the folder are automatically encrypted, and your data is more secure.

Fourth, secure network access features

The new features are mainly in the following aspects:

1, the patch is automatically updated, for users "lack off" & rdquo; Br>

2, the system comes with Internet connection firewall

Comes with Internet firewall, supports LAN, VPN, dial-up connection, etc. Support “custom settings & rdquo; and & ldquo; log view & rdquo;, for the security of the system to build a "hacker defense line".

3, close & ldquo; back door & rdquo;

In the previous version, Windows system has a few "back door", such as 137, 138, 139 and other ports are " Open the door, now, these ports are closed in Windows XP.

Insecure

Windows XP has gradually exposed some vulnerabilities as usage time has increased. Let's talk about several drawbacks of Windows XP security.

First, several vulnerabilities caused by UPnP services

UPnP is an abbreviation of "Universal Plug and Play", which is a service that allows hosts to locate and use devices on the LAN. Three vulnerabilities:

1. NOTIFY buffer overflow

There is a buffer overflow problem in UPnP. When processing the Location field in the NOTIFY command, if the IP address, port and file name are too long , a buffer overflow will occur. Causes the contents of the server program process memory space to be overwritten. Note that the server program listens to broadcast and multicast interfaces so that an attacker can attack multiple machines at the same time without knowing the IP address of a single host. The UPnP service runs in the context of the System, and if the attacker succeeds in exploiting the vulnerability, the host can be fully controlled.

2, generate DoS, DDoS attack

Send a UDP packet to the 1900 port of the system running UPnP service, where the address of the "LOCATION" domain points to the Chargen port of another system. It is possible to put the system into an infinite connection loop. The system CPU is 100% occupied and cannot provide normal service. In addition, an attacker can use this vulnerability to initiate a DDoS attack. As long as a fake UDP packet is sent to a network with a large number of XP hosts, the XP host may be forced to attack the specified host.

Solution: 1 Go to the Microsoft website to download the patch.

2Set the firewall to prohibit the connection of the external network packets to the 1900 port.

3 Close the UPnP service (Figure 1).

Figure 1

Second, remote desktop plaintext account name transfer vulnerability

When the connection is established, Windows XP Remote Desktop sends the account name in clear text to the client connecting it end. The account name sent is not necessarily the user account of the remote host, but also the account name most commonly used by the client. The sniffing program on the network may capture the account information.

Solution: Stop remote desktop use (Figure 2).

Figure 2

Third, the fast account switching function caused account lockout vulnerability

Windows XP fast account switching function design problem, users can use the account fast switching function, quickly Retrying to log in to a username, the system believes that there is a violent guessing attack, resulting in the lock of all non-administrator accounts.

Solution: Disable the account fast switching function (Figure 3).

Figure 3

Compared to previous Windows systems, Windows XP is definitely safer!