Custom «Response to Questions on MBSA» Essay Paper Sample

Question 1

In order to ensure the security and stability of any operating system, it is important to ensure that all the security systems are appropriately updated. To ensure that these security enhancements are practical and can well afford the required security to the computer, it is appropriate to subject them to the necessary assessment. What one expects out of this assessment majorly depends on the kinds and effectiveness of the security essentials installed in the computer. With the above in mind, I can then conclude that the assessment never surprised me in any way. This is because it is always possible to predict the outcome of an assessment especially when one vividly understands the nature of the installed security software. The security essentials in my computer make the assessment a deserved one.

Due to the fact that the green checkmark indicates that no fault has been suspected when taking the computer through a specific security check, the absence of this mark therefore reveals the presence of one or two flaws in the system as far as its security is concerned. In order to respond to such an occurrence one needs to recheck the validity of the various passwords used to access the system. Checking is all the system’s security updates have been enhanced could be another thing to do in case the green checkmark fails to appear. Generally it shows that one of the security protocols has been compromised hence checking the system to point out this flaw would be the most effective counter measure.

Question 2

a)       

Password checks performed by MBSA may take a long time although this depends on the number of user accounts present in the computer. During this check, all the user accounts are enumerated hence a limited password change attempts are performed using password pitfalls. This may be, for instance, a password that is the same as the user name. In order to handle the issue of weak passwords, MBSA does not perform a full set of weak password checks against domain controller. When this is done, it becomes possible to single out the weak passwords as they exist in the system.

b)      

 A corporate environment as the name suggest comprises many people with varied specializations and skills. This implies that some of these people may have excellent computer skills hence with the least hint; they can gain access to other people’s accounts. The most common term used in this case is hacking. It is therefore advisable for users to employ the services of strong passwords in order to reduce the security threat of unwanted users gaining access to an individual’s account.

c)       

While having a strong password may prove to be secure for a user, putting into use the same password for a long period of time may well cause a security loophole. For instance, once a given password has been saved in a computer and used over a long period of time, a hacker may use the IP address to compromise the security of the system. This therefore explains why a user may be required to establish a password expiration policy. With this, a user is propelled to change the password oftenly which in actual sense is a remarkable security step. Most security experts advise users on password expiration as this has always served as one of the most effective ways of foiling an attacker who intercepts of perhaps attempts to guess the older password (Fred, 1998).

Q 3

a)       

The current popularity of malware has become the greatest security threat to most users, this is because some of the effects have been so devastating that in some cases it has led to the ultimate shutdown of a system. What has been mentioned in this case is just but some of the main signs of the effects of malware in a computer system. So how is the malware able to accomplish all these? It comprises programming codes, scripts and other active content which are always designed to disrupt or deny certain operations (Adleman, 2007). The malware then gathers certain information that leads to the exploitation of some content in the computer and hence the ultimate loss of privacy. The malware then gains an unauthorized access into the system’s user accounts hence disrupting the functions therein.

b)

The malware that ultimately affect a computer do come in variety of forms. The mode in which the malware gains entry into a computer largely depends on the environment in which the computer is being used. For instance, there are those that are injected into the computer through the internet some of the malware used in this case include; computer viruses, Trojan horses, spyware, worms, dishonest adware, scareware, crime ware, some rootkits as well as other malicious and unwanted programs.

The above mentioned malware may disrupt certain functions within a computer system in a number of ways for instance; the spyware is the type of malware which enables a different unwanted user to gain access to another user through the internet. This may happen when the latter is logged in (Lewin, 1992. Another malware which may be used is the Trojan horse. This mostly gets hidden in other provocative software found in the internet. The user is then attracted to download the software and while running it into the systems; it is done along with the hidden malware. Such malware can then go a long way in disabling some of the most vital security essentials in the system.

Q 4

Conficker, which is also known as downup or downadup is a computer worm which specifically targets the Microsoft Windows Operating System. The worm uses flaws in windows software as well as dictionary attacks on the administrator passwords in order to propagate hence forming a botnet.

The first variant of this worm, discovered in 2008, was propagated through the internet.as mentioned earlier on, the Microsoft Windows Operating System was the most vulnerable one of all the systems. Conficker exploited a vulnerability on windows vista, windows server 2003, windows server 2008,, windows 2000, windows XP  and windows server 2008 R2 Beta. Windows 7 may also have been affected by this vulnerability.  In order to deal with this issue, Microsoft released an emergency patch called the out-of bound patch. This patch therefore assisted in closing the vulnerability. It is very necessary to test new patches before being released. This is because testing helps one to verify the ramifications of a particular update against the production configuration.

b)       

The MBSA is a tool designed for two major purposes which include scanning a computer against vulnerable configurations and detecting the availability of security updates released by Microsoft. The MBSA can therefore be used to detect the missing patches in a corporate environment by unchecking certain options and choosing specific ones especially when using the graphical interface. Alternatively, with the MBSA scan options, one can use the command line interface which can then be used to scan only missing security updates and patches (Nick, 2006). The options indicate the checks which can be skipped hence only the missing patches can be scanned and revealed.

Question 5

The MBSA is a tool which has gained popularity over the globe due to the fact that it is free, simple and hence easy to use. In addition, it has been configured to work with multiple systems hence including it into a system has never been a problem. However, in order to further enhance is effectiveness, I would suggest the inclusion of a special feature. The main function of this feature would enable the MBSA reports to be integrated with something like SQL. This would then enable the scan results to be imported into a database which would then make it quite easier for users to run reports which are exceptional (Nick, 2006).