This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The first time the Windows Update software made an appearance was with the release of Windows 95. This is the first time Microsoft Windows 95 was released in August of 1995 and would become the most successful of the Windows operating systems. A major issue with this system has been said to be that Microsoft was not expecting the Internet to become so big so fast and they did not correctly prepare the software for the increased popularity. There have been said to be about twenty different patches that over the years have been released concerning the Windows 95 system. Quite a few of these are patches that include several other systems such as Windows 98 and 2000, meaning a lot of the issues were discovered much later than when Windows 95 was originally released.
One hole in the Windows 95 system was that the system stores passwords using a password cache list whenever the user enters their password to get into the computer. The issue that arose was that when a user would enter their password to log in, the password list would become unlocked (8). An algorithm was created which allowed a hacker to be able to access the unencrypted password list. Along with the patch created to prevent the algorithm from being able to access the file Microsoft also offered advice that a user should discontinue use of the cache password list. This patch was meant to increase the encryption capability of Windows 95 (8).
A security hole was found that involved the DHCP client-retry mechanism created a problem for Windows 95 and Windows 98 users since the system would often fail to release an Internet Protocol address when the server would become busy (4). Once discovering this error Microsoft released the Windows Sockets 2.0 Update that was meant to solve the problem by accurately conforming to the IP protocol. Microsoft also provided information to contact their hotline to receive an immediate fix to this problem. Microsoft believes that arose from the fact that their IP protocol software was not correctly updated and with any busy server the retry method of the computer would often fail to ever send an IP address.
Another patch released was to secure file-sharing information for the software of Windows 95, 98, and Millennium. This patch would stop someone from being able to access a file sharing service without knowing the entire password (6). This issue arose from a malfunction in the share level password directory, which could become available to anyone on the network. This did not affect later software because they were implemented with different levels of user access, which could be enforced and prevented the vulnerability (13).
One patch during Windows 95 era contained three fixes in one patch. Two controls called Sciptlet.Typelib and Eyedog were used by the Windows 95 software and eventually became vulnerable to malicious users. These controls were marked as "safe for scripting" which allowed outside users access to their information. Sciptlet.Typelib allowed anyone who gained access to modify or create local folders on the user's computers (7). The Eyedog was a diagnostic software on the Windows 95 system and when it was set for scripting it would make the users registry information available to hackers. The patch included the notification for the computer to no longer allow these to be considered safe for scripting. The last part of this patch was for the Bubble Boy virus that was an html E-mail that contained the virus; this patch prevents the virus from spreading to other computers.
Another patch involved the Microsoft Data Access Component Internet Publishing Provider provides access to Web Distributed Authoring and Versioning (WebDAV) resources over the Internet (9).The WebDAV patch effected Windows 95, 98, Me, NT, and the 2000 edition. This software should have been able to differentiate between the user and a third party when accessing WebDAV over the Internet, but instead it opened up the user's computer to vulnerabilities since it often misread Internet scripting as the actual user. What would happen to the user is that when using WebDAV it required Internet scripting to be used, but what Windows was missing was that the script should not be able to act as the user while on the Internet. By acting as the user the script could take on user privileges and a malicious user could access E-mail or browse through their Intranet (14). Microsoft notes that it is unknown how much a malicious user could access so as a precaution they recommend all users to patch this to continue mitigating any possible intrusions.
As we learned in class constant pinging to a system can cause it to obstruct communication or disable a network for a period of time. Windows 95 and 98 became vulnerable because the protocol installed would not prevent a network from responding to a ping packet request (15). The patch that Microsoft created is meant to correctly have the computer acknowledge a ping packet and then reject it. Microsoft does note that Internet routers that are set up between the Internet and server should have no problem correctly rejecting a ping packet and this could mitigate a users issue with the flawed software (15).
Windows 95 was the first fully operating system that provided the user with access to the Internet and full Intranet and server capabilities. This new connection to the internet allowed for the beginning of what we know as holes in the Windows operating system. Windows 95 can be viewed as the trial version for Microsoft to discover what holes will be discovered and how malicious users will try to compromise the system. The threats that were against Windows 95 demonstrated to Microsoft that things like password security, IP protocol, viruses, network hacking, and pinging may be some things attacked. It would be hard to tell someone to when Windows 95 was released to avoid it, because at the time many of the risks or errors were unknown to users or Microsoft.
The release of Windows Me in September 2000 was the introduction of the automatic updates and system restore for all future Windows systems. This version of the software was the upgrade to Windows 98 and specifically marketed for home users. A year later this operating system would be replaced by Windows XP making its impact on the market almost non-existentant.
Many of the Windows systems are equipped with the ActiveX control also known as the Certificate Enrollment Control which is a control to allow Web-based certificate enrollments and to submit certificate requests (11). These certificates used by the user supported their encryptions for E-mails and other ways to certify it was that user such as signature certificates. The vulnerability that developed was that a website could contain the vulnerability or it could appear in a users E-mail and when clicked on would open them up to it. If someone did fall for this, the malicious user could delete their certificates, prevent them from using them or even corrupt them; this disabled the protective purpose of the certificates. This patch has been noted to be critical for client systems such as Windows 98, Me, NT, 2000, and XP.
The Windows Millennium edition provided a Help and Support Center that allowed their users direct access to search for their help questions related to that specific system. This help center contains the URL Handler for the "hcp://" rather than the typical "http" and is considered to be an unchecked buffer; users could also reach this support center directly though Outlook (12). If a user accidentally clicked on a link that appeared similar or a fake website that appeared legitimate has the possibility of opening up the user's computer to anything the hacker wanted to put onto their machine. The patch is meant to correct the unchecked buffer that did not check the validity of data or possibly allow external information that sound not be considered authenticate. This weakness is a serious flaw in the software since a help center is where someone goes to fix a problem not creates more.
Microsoft 98 and Me were shipped with the software WebTV, it is not automatically installed when the user gets it, but it can be downloaded by choice. If someone does use WebTV, Microsoft discovered that a malicious user can crash the application or the computer itself (18). This is considered a denial of service attack because the malicious user can prevent the user from accessing their application. This patch really only needs to be used by those who have completely installed WebTV, but as a security measure Microsoft released this patch for everyone as a precaution for every user.
Lastly, Microsoft had a lot of trouble with their patch related to spoofing of digital certificates. Microsoft had a lot of trouble with this patch because it was originally released in 2000 and then released again in to 2003 to combat the errors that the patch created. The final patch repairs Windows 98, Me, NT, 2000, and XP. The exposure that occurred was that it was possible for someone to create a valid digital certificate and falsely create a certificate. If someone was able to do this they could deceptively create a website that appeared valid since they had a certificate, send E-mails with a digital certificate, or gain unauthorized access because they appear to be authentic. The original patch was too strict and would not allow new hardware to be installed because it did not trust the certificates of the hardware. This final patch should prevent someone from being able to falsely create an authenticate digital certificate and then spoof others.
A stroll down Microsoft/Windows memory lane