In This Chapter

The Microsoft Windows OS family (with such versions as NT, 2000, XP, and Server 2003) is the most widely used OS in the world. It's also the most widely hacked. Is this because Microsoft doesn't care as much about security as other OS vendors? The short answer is no. Sure, numerous security flaws were overlooked — especially in the Windows NT days — but because Microsoft products are so pervasive throughout networks, Microsoft is the easiest vendor to pick on, and Microsoft products often end up in the bad guys' crosshairs. This is the same reason that you see so many vulnerability alerts on Microsoft products. The one positive about hackers is that they're driving the requirement for better security!

Many security flaws in the headlines aren't new. They're variants of vulnerabilities that have been around for a long time in UNIX and Linux, such as the RPC vulnerabilities that the Blaster worm used. You've heard the saying, "The more things change, the more they stay the same." That applies here, too. Most Windows attacks are preventable if the patches are properly applied. Thus, poor security management is often the real reason Windows attacks are successful, yet Microsoft takes the blame and must carry the burden.

In addition to the password attacks I cover in Chapter 7, many other attacks are possible ...