In a bid to make their products more reliable, scalable and manageable, Microsoft protects its customers from the ever increasing cyber risks. The company has devised different methods that are specifically crafted to curb the known and unknown sources of cybercrimes and cyber security risks. This methods seek to protect customers’ information, hardware and software from attack by criminals and dangerous programs. The protective strategies are designed right from the development stages and are meant to be user friendly in order to be applicable by all customers and potential customers. The strategies include the User Account Control, System Updates, and other policies and control measures that are designed to protect the customers. Microsoft continues to protect the customers even when they cannot access their devices and allows them to recover their data by protecting Microsoft cloud. In developing security for its cloud services, Microsoft has invested in different methods of enhancing and making the clients security paramount. Some of these methods include identity and access management, encryption, design and operational security, and security development life cycle. In addition to the many years of experience in the industry, Microsoft has greatly invested in the security of their customer’s products and information.
User Account Control
Microsoft launched the User Account Control with the Windows Vista. However, the feature was never clearly understood and people often found it as a nuisance, (Vacca 2). Many users probably had to disable it in order to enjoy their new PCs. This system is very important for the security of the computer system because it regulates the types of programs that can be installed into the computer. In other words, it is a feature meant to control the changes made to a computer especially changes initiated by other users or programs. With an active User Account Control, major changes in a computer can only be made with approval from the administrator. Without the approval, the changes cannot be executed, meaning that the system will remain the same. Whenever such a change is initiated, windows prompts the user to either provide administrator’s permission or decline. The prompt appears as;
Disabling this feature puts the system at risk of changes from untrusted applications and other users. Viruses may also be able to make changes to the computer without much difficulties. Microsoft has since improved the User Account Control to make it friendlier to the users.
Similarly, secure desktop is a feature meant to protect the computer from unauthorized changes. A secure desktop can only be ran by the system itself. This implies that it is a desktop that is not accessible by other applications, (Pierson 5). Therefore, no other program can access information on this desktop or make any changes to the desktop or to the system through this desktop. A good example of a secure desktop is the log in desktop.
In order to disable the User Account Control in Windows Vista, the administrator must disable the Admin Approval Mode, Disable User Account Control from prompting for credentials, and change the elevation prompt. The procedure for turning of the User Account Control starts with control panel, user accounts, task window, and turn off user account control, then follow the prompts that appear. This procedure should be able to turn of the User Account Control. However, this puts the PC at a greater risk of changes from untrusted applications and unauthorized users.
System Updates
Since no software can be perfect, developers continuously identify weaknesses in their systems and software. When such weaknesses are identified, developers move towards improving the software and systems in order to counter the risks posed by the weaknesses. This is because these weaknesses may be exploited my malwares and hackers and increase the security risks and threats to the system. In order to continue serving its clients even after they have purchased the systems and software, Microsoft offers the clients updates to their products rather than requesting them to purchase the improved products, (Shahbazi 2). Once the user download and installs the updates, the system will now contain the new features and will have eradicated the threats brought about by its weaknesses. This is a process that occurs continuously as the developers continue to evaluate the systems they create and identify the weaknesses that are associated with them, (Giuffrida 7). For this reason, system updates occur regularly to improve the quality of Microsoft products. It is important to update the system even when there is an anti-malware application installed in the computer because the application may not be designed to protect against Windows security issues. Some of the risks that may be brought about by not installing the updates include, loss of data and damaged software, (Ziembicki 2). Without the software and system updates, the user unwillingly allows the malwares and hackers to exploit the loopholes in the system and alter the system itself. Therefore, failure to update systems increases the vulnerabilities within the system and increases the threats and risks to the system. Once these vulnerabilities are known to the public, they can be exploited leading to major losses and dangers to safety and information. Updates are also meant to take care of the bugs and issues within the system. The updates are specifically designed to resolve issues in the system through several fixes that are developed by the system developers to resolve the identified issues. Other than solving the issues, Windows also uses the updates to introduce new features that enhance the quality of the system. In addition, Microsoft expects its users to be running the latest version of any software or system. Therefore, patches are only provided for the latest version and may not be available for older versions. This implies that it is important to continuously install updates in order to continue using the system and get it patched more often.
Windows server update services is a feature installed in Windows systems that enables the computer to automatically install updates to the PC whenever they are available. Windows server update services allows the computer administrators to manage the updates including their distribution, (DeHaan et al. 20). Similarly, the System Center Configuration Manager is a feature developed by Microsoft to enable administrators manage devices and application deployment and security. This features are developed for the corporate world. In addition, the administrator can set the computer to install updates after a given period of time, say a day. Sometimes the computer owner may want to update more or less often. The owner will have to set the windows update to install available updates at the period preferred, (Ito 15). However, an individual can manually download and install updates. Some of the updates available from Microsoft website for manual download and installation include Antimalware and Antispyware updates, (Bing 9). Like other vendors of operating systems, Microsoft releases the designed patches to its systems as updates to perform the aforementioned improvements to the systems and improve the security of the system.
Protecting the Client
Group policy is a feature that is developed to allow administrators implement changes and configurations for other computers and users within the group. The policy is designed to give the administrator of a network the power to control what the users can or cannot do on the network. Since the Group Policy Objects, or the other users of the networks, are controlled from a central interface, the group administrator is given the ability to control the actions of the objects at the interface. This is in a bid to protect the client from other risks that cannot be prevented by Microsoft’s security protocols. The administrator can control as much as the files and sites that the users can access, (Ponnapur 6). The main aim for the introduction of this feature was to bring flexibility and better targeting to the role of an administrator. Microsoft also provides different tools for managing group policy. With the group policy and the right group policy management tools in use, the administrator can be able to access the status of all the GPOs, the sites they have accessed, and all sites that they have been linked to instantly. The administrator is also able to enable or disable GPOs, Enforce multiple GPOs, Mass manage links, and block or unblock GPOs, (Maurya 8).
Security policy settings are embedded within group policy settings. These are changes meant only for the GPOs. Changes made by the GPOs are only able to affect the GPOs computer and not the whole group, (Garofalo 7). This means that when a GPO makes security changes, it is only that single computer that is affected. Security policy refers to a set of settings and configurations that are developed to protect the GPO or any other single user against security risk. Microsoft allows any user to edit and configure their security settings depending on their preferences. Microsoft continues to review different security policies available in order to keep improving the security and safety of user information, (Hind 12). For applications downloaded from the Windows store, windows has developed a security policy that requires that clients have confident in the apps. The policy is designed to ensure that developers address the security issues that are raised by the clients and those that they are able to identify.
Firewall is another way to improve computer security. A firewall refers to a part of the computer system that is specifically developed to lock out unauthorized applications from accessing or making changes to the information within the system. However, the firewall is meant to permit outward communications, (Maurya 20). A firewall could either be an application or a hardware that is meant to inhibit entry by unauthorized applications and hackers into the computer’s system. The firewall is only able to perform its functions when turned on. The principle of least privileged, on the other hands, is designed to minimize user privileges based on necessities. The policy requires that each user or program have the least possible authority that is required to perform the duties required. This eliminates unnecessary privileges that may result in compromises and network exploitation. Similarly, the software restriction policy is designed to either allow or prevent a software from running. Administrators use this policy to prevent specific programs from running especially unwanted programs like viruses and other software.
Protecting servers
Microsoft has also developed means of protecting the servers from risks and security threats, (Crnkovic et al. 22). Separation of services is a security method that is meant to manage conflict of interest. It reduces the power levels held by an individual over any administrative functions. It applies a policy similar to the least privilege principle to prevent or reduce access to unnecessary power, access or authority. A virtual local area network (VLAN) refers to a partitioned broadband domain that is specifically isolated at a data link, (Araujo 7). This occurs by configuring network switches on a network in order to improve the safety on a given server. Host records or Address records are meant to point the domain to the hosting. It acts like a trail that allows any simple search to direct the search to the domain that the searcher is looking for including the main domain and any subdomains.
Conclusion
Microsoft as any other vendor provides its clients with the necessary security procedures that protect their information and property. Microsoft provides clients with specifically designed updates, and programs within their systems in order to provide the clients with the best possible solutions to any problems that they may face emanating from system weaknesses. In the corporate world, Microsoft provides the administrators with means of ensuring that organization property and systems are not misused or manipulated by providing means for control and management, including group policies and group management tools.
Work cited
Araujo, Nelson Sampaio, et al. "Managing virtual machines with system-wide policies." U.S. Patent No. 8,015,563. 6 Sep. 2011.
Bing, Han. "Analysis and research of system security based on android."Intelligent Computation Technology and Automation (ICICTA), 2012 Fifth International Conference on. IEEE, 2012.
Crnkovic, Ivica, Judith Stafford, and Clemens Szyperski. "Software components beyond programming: From routines to services." Ieee software 28.3 (2011): 22-26.
DeHaan, Michael Paul, Adrian Karstan Likins, and Seth Kelby Vidal. "Automatically generating system restoration order for network recovery." U.S. Patent No. 8,667,096. 4 Mar. 2014.
Garofalo, Raffaele. Building Enterprise Applications with Windows Presentation Foundation and the Model View ViewModel Pattern. Microsoft Press, 2011.
Giuffrida, Cristiano, Anton Kuijsten, and Andrew S. Tanenbaum. "Enhanced operating system security through efficient and fine-grained address space randomization." Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 2012.
Hind, Hugh, and Craig A. Dunk. "System and method for synchronizing data records between multiple databases." U.S. Patent No. 8,468,127. 18 Jun. 2013.
Ito, Ryusuke, and Yoshinori Okami. "Security method and system for storage subsystem." U.S. Patent No. 8,700,587. 15 Apr. 2014.
Maurya, Sanjiv, Chih-Yu Chow, and Tony Robinson. "Method and system for distributing and updating software in wireless devices." U.S. Patent No. 8,078,157. 13 Dec. 2011.
Merkow, Mark S., and Jim Breithaupt. Information security: Principles and practices. Pearson Education, 2014.
Pierson, Greg, and Jason DeHaan. "Network security and fraud detection system and method." U.S. Patent No. 9,203,837. 1 Dec. 2015.
Ponnapur, Anil K., and Anurag Palsule. "System and method for virtual machine host load protection." U.S. Patent No. 8,261,282. 4 Sep. 2012.
Shahbazi, Majid. "Mobile data security system and methods." U.S. Patent No. 8,495,700. 23 Jul. 2013.
Vacca, John R., ed. Network and system security. Elsevier, 2013.
Ziembicki, David. Microsoft System Center Integrated Cloud Platform. Microsoft Press, 2014.
