Saturday, 15 March 2014

Windows 8.1: The Anti Malware Operating System

We all use one or more antivirus software, Internet Security Suite or a Firewall software on our Windows computer. We keep them updated, go for zero-day patches, and keep hunting forbetter combination of anti-malware for better protections. But what most anti-malware do is that they provide us with application level security. This is because the anti-virus is itself loaded as an application. With such a system, our computers are still at danger during boot and also while invoking any other program. What we need to tackle such threats is an operating system that works like an anti-malware.

The Anti Malware Operating System

Windows 8.1 has some good security features to counter malware. We’ll look at the feature while talking about possible vulnerabilities on any computer.

Trusted Boot

Any computer is most vulnerable just when you press the Power button. When it is booting, there is a time gap between loading critical OS components and then the anti-malware. This gap is used by many malware to manipulate the boot process and thereby compromise the computer or network.
Most of the advanced operating systems now apply different techniques to prevent boot-hijacking. One of the most accepted method is Trusted Booting. In this method, the operating system first loads a component that verifies if the other components being loaded are indeed operating system files or files need to run a particular application. If it finds any anomalies, the boot process is terminated.
Likewise, for “secure applications”, that are considered part of the operating system and which are required by the OS to work properly, the app signature is determined by the Trusted Start process. If it appears hazy, it won’t loadand you may or may not receive an error message based upon the nature of the application.

Windows 8 boot-time anti-malware protection

Windows 8 supports four protection features to help prevent malware from loading during the boot process
  1. Secure Boot. PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system boot loaders. This is Secure Boot.
  2. Trusted Boot. Windows checks the integrity of every component of the startup process before loading it.
  3. Early Launch Anti-Malware. ELAM protection technology tests all drivers before they load and prevents unapproved drivers from loading.
  4. Measured Boot. The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.
Coming to different applications we use on different operating system, we tend to rely on third party anti-malware which keeps analyzing the different processes on a real time basis and alert you when anything suspicious is found.

Robust Windows Firewall

Though the Firewall was bought in early with Windows XP, it was weak. With subsequent version of Windows like Windows Vista, Windows 7 and Windows 8.1, the OS bundled firewall became only better. It keeps a real time check on both incoming and outgoing packets and blocks any connection that acts suspicious. The only downside is (if you think it is) lack of alerts so people don’t know whether the firewall is indeed working. But you can always check the Firewall log from the Control Panel – Windows Firewall to see how the traffic/packets were handled. Today the Windows firewall is truly a robust one!

RAM compartmentalization

Along with the hack attempts bypassing firewalls, another problem with traditional operating systems is that they tend to mix up electronic memory (the RAM bytes) with one or more programs. For example, if you are running program A, B and C at the same time, and if there isneed for some data to be stored for program B, the operating system will simply put the data into the next available empty cells. These data cells are not isolated, so the other programs may snoop out or even write on them to infect the computer.
From Windows 7, and especially in Windows 8.1, the operating system provides a RAM compartment for each program and its data. That is, a kind of sandboxed RAM. Ifprogram A is running in compartment 2, program B cannot store its code or data into the empty RAM cells allotted to program A. If there is need for more storage, it falls back to paging file on Hard Disk.
In short, the operating system now takes care that each program runs in its own shell (designated area) and other programs cannot manipulate its data, thereby reducing the chance of malware attack and malware replication.
I do not know about Mac and Linux, as I did not study them in depth. I know the previous versions of Windows were vulnerable. However, with Windows 8.1, a trend appears to have been set where you get an “anti-malware operating system” that reduces vulnerabilities to least.
I hope I was able to express it clearly. If you have doubts on Measured Boot, Secure Boot or Trusted boot in Windows, or anything to add, please leave a comment below.

Configure & Limit Reservable Bandwidth Setting In Windows 8.1

In general, bandwidth is actually the rate at which data travels to and fro from your computer. In other words, bandwidth is the range covered for data transmission between an upper range and lower range. Bandwidth is usually controlled by your Internet Service Provider (ISP). However, there exists some settings in Windows, by configuring which you limit the reservable bandwidth for your system.
Primarily, Windows reserves the certain amount of bandwidth for its application requirements and operation purposes. By configuring its setting in the Group Policy, you can easily limit the reservable bandwidth. This article will show you stepwise, how to access or open up the reservable bandwidth on your Windows 8.

Limit Reservable Bandwidth Setting in Windows 8

1. Press Windows Key + R combination, type put gpedit.msc in Run dialog box and hit Enter to open the Local Group Policy Editor.
GPEDIT Configure & Limit Reservable Bandwidth Setting In Windows 8.1
2. Navigate here:
Computer Configuration -> Administrative -> Network -> Qos Packet Scheduler
 How To Configure Bandwidth Settings In Windows 8 8.1 Configure & Limit Reservable Bandwidth Setting In Windows 8.1

3. In the right pane of this window, look for the settings named Limit reservable bandwidth, it must be showing a Not Configured status by default. Double click on the same setting to modify it:
How To Configure Bandwidth Settings In Windows 8 8.1 1 Configure & Limit Reservable Bandwidth Setting In Windows 8.1

This policy setting determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system. By default, the Packet Scheduler limits the system to 80 percent of the bandwidth of a connection, but you can use this setting to override the default. If you enable this setting, you can use the “Bandwidth limit” box to adjust the amount of bandwidth the system can reserve. If you disable this setting or do not configure it, the system uses the default value of 80 percent of the connection. If a bandwidth limit is set for a particular network adapter in the registry, this setting is ignored when configuring that network adapter.

4. Now, in the above shown window, select Enabled and in the Options section; you could input the percentage for limiting the bandwidth. If you input 0 percent here, you can gain the reserved bandwidth reserved by the system.UPDATE: Do read the note below.
Click Apply followed by OK then. You may now close the Local Group Policy Editor and reboot the system with gained bandwidth.
Hope you find the tip useful!

Tuesday, 26 October 2010

"Not Responding" - What does it mean, and what do I do about it?

Summary: “Not Responding” is Windows' way of telling you that a program might have a problem. Sometimes “Not Responding” is benign, but sometimes it's a sign of a deeper issue.

I am using windows XP PRO, and I am having difficulty when I am browsing or using a program. After a few minutes the computer freezes and I get a message in parenthesis saying (not responding). Sometimes I have to log off and log-on again to fix this problem. But after a few minutes it happens again. How can I fix this?
"Not Responding" appears in the title bar of a running program when Windows detects that the program isn't behaving properly. Exactly why depends on the specific program and what you were doing at the time.
Let's look at some of the possibilities which range from actual software or hardware problems, to user impatience.
Windows expects a running program to "interact" with Windows, and respond to Windows' requests in a timely fashion. If you type a key and the application doesn't take it because it's too busy doing something else, that could be a problem. Similarly, if you click on the Close Program "X" on a programs's window, and the program doesn't acknowledge that, then that too is a potential problem.
When Windows asks a program to do something, like take a keystroke or close itself, and the program fails to acknowledge that request within a certain amount of time, the program is "Not Responding". If the program never comes out of that state, we might also call it "hung", as in "hung up" on something.
There are "legitimate" reasons this can happen. For example, if the program you're using is doing some very long, CPU-intensive calculation, it might not respond in a timely fashion. An example might be a graphics program performing a reduction or other operation on a large image. If, during that operation, you attempt to close the window and nothing happens, after a few seconds Windows might add "(Not Responding)" to the title bar to indicate that it has tried to pass your request to the application, but the app's not listening.
"Anything that causes the application to stop responding can cause Windows to add the '(Not Responding)' moniker to the title bar."
While it might be considered bad form or bad design to not respond to user input or to Windows while performing lengthy calculations, it's quite legal and legitimate. Once the calculation is complete, the program starts listening and responding again.
A recent real-life example of my own: earlier this evening I was working on a Visual Basic program that performs various database operations. I modified it to access a database remotely across the internet which turned out to be a mistake, because the operation became extremely slow on my DSL connection. While VB was accessing the database, it was unresponsive to everything else. Windows tagged it as "(Not Responding)". Since I hadn't saved my program to disk (bad form on my part), I was loath to just kill it and lose my most recent edits. So I just let it continue while I did other things. An hour later the operation completed, and VB became responsive again.
Anything that causes the application to stop responding can cause Windows to add the "(Not Responding)" moniker to the title bar.
So while lengthy calculations are one semi-legitimate way it could happen for a while, what are some of the other things that can cause it?
  • Programming Error - the classic case of an "infinite loop" in programming is perhaps the most common example - if an algorithm is mistakenly written such that it never ends, and within that algorithm Windows is never given a chance to operate, the application may become "hung" and unresponsive. As a user of the app, there's not much you can do here except avoid whatever it is you did that brought the application to that point.
  • Software Design Error - really just a variant of the preceding point, but I think of it as a different class of problem. The example I see from time to time is a program that displays an error message in a pop-up box. Some applications transfer total control to that message box such that the application's main window will stop responding until you click "OK" on that message. If for some reason that box is displayed improperly - say off the screen, or behind the application's main window - then it will appear as if the application is hung as it waits for you to click on the message you can't see.
  • Hardware - hardware that is malfunctioning can, in some cases, cause the software that interacts with it to fail in ways that make it unresponsive. For example a USB card reader might experience a failure, and the next program to attempt to read from the device might end up "(Not Responding)" because of the problem.
  • Hardware Drivers - This is really just a combination of the previous points. All the hardware on your system is in some way controlled by software. If that software has a bug, even if the hardware is working properly, the result could be a hung application. If hangs appear to be related to interacting with a specific device it might make sense to make sure that you have the latest drivers for that device - not to mention the latest updates for Windows as well.
  • Viruses and Spyware - whether intentional or simply because they're poorly written, viruses and spyware can in fact cause other programs or Windows as a whole to misbehave in various ways including causing applications to become unresponsive. Make sure your anti-virus and anti-spyware software is running and up to date.
All that is pretty vague, I know. It almost boils down to "it could be anything", which is unfortunately fairly accurate. The actual cause, and the solution, will depend on the specifics of what you're seeing. Does it happen all the time, or only when you do certain things? One specific application, or several? All of these things and possibly more are clues necessary to ferret out the cause and come to a solution.
Without more specifics, my general recommendation is to make sure Windows is up to date, make sure your hardware drivers are up to date, make sure that the anti-virus and anti-spyware packages on your system are working and have up to date databases. If the problems persist, try to narrow down the common causes, if any.