IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [windows]

Related to security concerns specific to the Microsoft Windows operating system itself. For security of applications that happen to be running on Windows, please use [appsec]. For the X Window System, please use [x11].

Windows is a family of graphical operating systems produced by Microsoft. Windows includes both server and desktop operating systems. Early versions relied on MS-DOS while current versions have evolved from Windows NT.

2234 questions
80
votes
2 answers

Windows language pack update with a gibberish name

This morning, I noticed that a new Windows update was offered to me. It looks very suspicious to me: Here are the update details: gYxseNjwafVPfgsoHnzLblmmAxZUiOnGcchqEAEwjyxwjUIfpXfJQcdLapTmFaqHGCFsdvpLarmPJLOZYMEILGNIPwNOgEazuBVJcyVjBRL Download…
executifs
  • 4,832
  • 4
  • 25
  • 25
52
votes
6 answers

Create a unterminable process in Windows

I am a student, and am genuinely curious about unterminable processes in Windows. For educational purposes, I would like to create an application (possibly in VB6?) which cannot be terminable by a user from task manager or taskkill. What are some…
user20825
16
votes
4 answers

Starting with sandbox development

I am looking for some security related project in which I can contribute and also learn something. Since I am new with this stuff It will be better if that project is less complex and digestible for a beginner. I was searching for such project in…
gkt
  • 263
  • 1
  • 5
10
votes
2 answers

Running Windows Update when abroad

Is it safer or more dangerous to run Windows Update when abroad and using a WPA2 connection to a random cafe's wi-fi? Obviously good news: you get the latest security tweaks. Possible bad news: just how likely is it that you've opened up path for…
Sherbourne
  • 101
  • 2
10
votes
1 answer

How does LSA authentication on Windows work?

I'm trying to understand the security protocols on Windows from a high level as part of legal research into cybercrime, and I'm having difficulty figuring out where to focus my research. I've already gone down the LSA authentication model path,…
ihtkwot
  • 203
  • 2
  • 6
9
votes
2 answers

How secure is isolated storage on Windows?

I am using Isolated Storage with the following flags: IsolatedStorageScope.User |IsolatedStorageScope.Domain | IsolatedStorageScope.Assembly How much security will this provide? Are there any vulnerabilities or gotcha's? Note: I am not solely…
Casebash
  • 601
  • 1
  • 7
  • 16
9
votes
3 answers

How can TOCTTOU vulnerabilities within the Windows OS be mitigated?

What are some ways to mitigate the time-of-check-to-time-of-use issues that apply to Windows permissions? Example: End-user is added to the local Administrators group in order to install software, printers, etc. The user's account is removed from…
Iszi
  • 27,127
  • 18
  • 101
  • 163
7
votes
2 answers

How could disabling 'Hide File Extensions' in Windows make a system more secure?

I'm reading up on the Cryptolocker virus, and I came across this comment, it says: And one additional measure: disable the default "Hide extensions for known file types" check box in Explorer. I still consider this one of the stupidest moves MS…
JMK
  • 2,506
  • 7
  • 29
  • 40
7
votes
2 answers

How to recognize if this code is dangerous

I just received some obfuscated code and would like to de-obfuscate it. Could someone explain which encryption method is being used? And how I could reverse it. The code is: On error resume…
Sergio Ramos
  • 179
  • 1
  • 3
7
votes
1 answer

Can Mallory see my command line options on Windows?

Can Mallory see my command line options on recent versions of Windows? (Google is not helping here) Mallory is a non-administrator user on server X, as am I. I run foo.exe -x=s3cr3t Can Mallory see -x=s3cr3t on say Windows 7, 8 or 10? I ask because…
Neil McGuigan
  • 3,429
  • 1
  • 18
  • 22
6
votes
3 answers

Securing a Windows Guest Account

I know that a person with physical access to a computer can do almost anything to it. My main concern with my Windows 7 guest account is privacy and sandboxing. I don't want a guest user to have access to files on other user accounts, and I don't…
Phil
  • 309
  • 1
  • 3
  • 9
5
votes
5 answers

Confused about kiosk security: am I being overly cautious?

At the company I work at, they have a physical kiosk open to the public where customers can use it to upload their files to and have them processed. Customers can connect their phones, tablets, and USB drives to it and take their files off of it to…
Marlin Keys
  • 51
  • 3
5
votes
2 answers

What security boundaries exist in Windows?

In an old article, Mark Russinovich defined a security boundary as: [A] wall through which code and data can’t pass without the authorization of a security policy. User accounts running in separate sessions are separated by a Windows security…
ChrisD
  • 235
  • 2
  • 5
5
votes
5 answers

Why does DISA STIG recommend "Deny access to this computer from the network" for Domain Admins?

[Note: This question is regarding the technical description of what the STIG is recommending. It is not asking about whether enabling the setting is a good process that enforces other technical controls.] For Windows systems, the U.S. DISA STIGs…
Bill_Stewart
  • 296
  • 1
  • 2
  • 14
4
votes
3 answers

Security of login-data saved in browsers

Most browsers provide an option to save login-data for later use. Suppose a Windows workstation is located in a well-protected corporate LAN and only a well-defined set of application can be launched with a well restricted set of changeable in-app…
SteAp
  • 315
  • 2
  • 9
1
2 3 4 5 6 7 8