Microsoft Windows: Although there are many different operating systems, in all likelihood it will be a flavor of Microsoft’s Windows OS that you will test against. There is other Oss in the wild that have a certain amount of enterprise market presence, but Microsoft was the installed OS of choice for over 90 percent of the market. That’s a pretty big target! With the release of Windows 10 Microsoft has set the goal of getting their operating system on over a billion desktops.
Note: – Windows has tackled the issue of user account versus administrative account functionality for quite some time. Most users used to log in as local administrators 90 percent of the time simply because user account actions were so limited. User Account Control (UAC), which was introduced in Windows Vista, is Microsoft’s answer to this issue.
Let’s take a look at some common vulnerabilities of this market dominator:
- Patches, patches, and more patches. Microsoft, being an OS juggernaut, constantly compiles and distributes patches and services packs for its operating systems. But those patches may not get installed on the system that needs them most. As strange as it may seem, constant updating may in itself become a problem. It is not uncommon for a patch or update to be applied and introduce other problems that may be worse than the original.
- Major version releases and support termination impact Windows products. Yes, I have friends who still love their Windows 98 machines. What this translates intro is a system with multiple vulnerabilities simply due to age, especially if that system is no longer supported by the manufacturer.
- Attempts at consumer friendliness have been a tough road for Microsoft. What this means is most installations deploy default configurations and are not hardened. For example, ports that a user may never use are left sitting open just in case a program requires them in the future.
- Administrator accounts still remain a tempting target. Admittedly, Microsoft has taken some effective steps in protecting users from unwanted or suspicious code execution, but quite a few systems exist that are consistently running admin accounts without any kind of execution filtering or user account control.
- Passwords also remain a weak point and a tempting target in the Windows world. Weak admin account passwords are common on windows computer and networks; although these passwords are controlled by Group Policy in an enterprise environment, there are ways to circumvent these requirements, and many system admins do just that.
- Disabling Windows Firewall and virus protection software is an ongoing issue for Windows OS. The Notification Center does notify the user of the lack of virus protection or a disabled firewall, but that’s as far as it goes. Granted, it’s not something that can be mandated easily, so proper virus protection remains vulnerability in the Windows category.
NOTE: – More a scanning consideration but also a potential vulnerability, Windows’ default behavior is to respond to scans of open ports—as opposed to Linux, which defaults to no response at all. This will be addresses further when we explore scanning and enumeration.
Mac OS: Apple and its proprietary OS are making a larger and larger market presence, boosted by a strong advertising campaign and easy-to-use products. Apple products are now making their way not just to the local starbucks but into enterprise settings. In one company I worked for recently, it started with the iPhone. Then all of sudden we started seeing iPads walking down the halls. Then iMac desktops suddenly started appearing on user’s desks. Can they be classified as toys? Perhaps, but of greatest importance to both system admen’s and pentesters is that these things are attached to the network.
One interesting site that can be used for general comparison of system vulnerabilities is www.cvedetails.com. A quick perusal of the site for Max Os vulnerabilities bring up quite a list, such as the following. We intend no apple bashing, but it’s a definite growing concern for enterprise administrators and a growing target for hackers like us.
- A primary concern among Mach users, and a benefit to the hacking community, is the Mac owner mind-set that Macs aren’t susceptible to viruses or attack. It is an interesting stance considering that the thing they are claiming to be naturally impervious from attack is, well, a computer! Even in my own painful years as a system administrator, the culture is similar even at the enterprise level. I remember calling out national office for guidance on group policies for our newly acquired Apple desktops. Answer: “Um, well, we don’t have any policies to apply or a method of applying them.”
- Feature-rich out-of-the-box performance for many Appless creates quite a juicy attack surface for those looking to break in. Features such as 802.11 wireless and Bluetooth connectivity are all standard in an out-of-the-box installation. And such features are all on the table for a potential doorway in.
- Apple device simply don’t play well on a Windows domain. Yep, I said it. I’m sure some would fervently disagree, but Apple on a Windows domain is like spreading butter on toast outside in December in Grand Forks. North Dakota, Some features will play nicely, but the majority of those integral features will be bit hockey, the point here is hen stuff begins to get hokey, administrators and users alike will being to circumvent the normal processes (for example, appropriate login procedures).