Windows OS version |
Description |
Windows 95 |
The first Microsoft GUI product that didn’t rely on DOS, Windows 95 was the beginning of plug and play and the ActiveX standard used in all Windows versions today. A major enhancement was the Registry, a database storing information about the system’s hardware and software. Previously, the information was stored in files. Windows 95 ran on stand-alone and networked computers and used the FAT16 file system. Version OSR2 added support for FAT32. |
Windows 98 and Me |
More stable than their predecessors, with an improved file system (FAT32), new hardware support, and better backup and recovery tools. The enumeration process for Windows Me is the same as for Windows 98. |
Windows NT 3.51 Server/Workstation |
Created with security and enhancement of network functionality in mind. Emphasized domains instead of workgroups and use the client/server model instead of peer-to-peer networks; the server was responsible for authenticating users and giving them access to network resources. The client/server model also allowed having many computers in the domain instead of the limited number of computers in a workgroup. NTFS replaced FAT16 and FAT32 because of the difficulty in incorporating security in these file systems. NTFS included file-level security features not possible in FAT. |
Windows NT 4.0 Server/Workstation |
These upgrades to Windows NT 3.51 have improved GUIs and performance. |
Windows 2000 Server/Professional |
In this upgrade to NT, Microsoft included Active Directory (AD) for object storage. AD was more scalable than other available solutions for managing large networks. It used Lightweight Directory Access Protocol (LDAP), which is still in use today. Also, this update included the first version of Microsoft Management Console (MMC) and Encrypted File System (EFS). Enumeration of these OSs includes enumerating Active Directory. |
Windows XP Professional |
Included Windows 2000 features, such as standards-based security, improved manageability, and the MMC. In addition, Windows XP had an improved user interface and better plug-and-play support. Security improvements in the kernel data structures made them read only to prevent rogue applications from affecting the OS core, and Windows File Protection was added to prevent overriding core system files. With Service Pack 2 (SP2), security was improved further with features such as Data Execution Prevention (DEP) and a firewall that’s enabled by default. DEP fixed a security exposure caused by vulnerable running services that hackers often use for buffer overflow attacks, and the firewall made it more difficult for hackers to exploit Windows service vulnerabilities and enumerate shares and services. In fact, enumeration of Windows XP SP2 and later systems can be difficult without modifying the configuration. Disabling the Windows Firewall is common in corporate networks, but this practice gives hackers additional attack surface. In these environments, the enumeration processes used for earlier Windows versions still work much the same way in Windows XP Professional. |
Windows Server 2003 |
Windows Server 2003 included improvements over Windows 2000 and security areas, such as Internet information services (IIS), and came in for editions. Generally, all editions included Remote Desktop, load-balancing, VPN support, management services (such as Windows management instrumentation [WMI]), and .NET application services. The higher-end editions offered better support for PKI, certificate services, and Active Directory as well as enhancements to reliability, scalability, manageability, and security. Again, even with improvements in security and stability, enumeration techniques described for other Windows versions are effective with Windows Server 2003. |
Windows Vista |
Vista comes in several editions and is the first Windows version to introduce User Account Control (UAC) and built-in full drive encryption, called BitLocker (available in Vista Enterprise and Ultimate editions). UAC allows running Vista in nonprivileged mode to prevent unwanted code or user actions from damaging or controlling the computer (maliciously or inadvertently). However, UAC had been widely criticized because of its intrusive security prompts that force many users to disable it. In Windows 7, you can configure the frequency of these prompts. Also introduce in this release was Address Space Layout Randomization (ASLR), which makes exploitation of overflow-type vulnerabilities much more difficult. By default, Vista and a stand-alone environment can be difficult to enumerate without modifying its configuration. |
Windows Server 2008 |
Features security options similar to Vista, including BitLocker drive encryption and UAC. Vista and Windows Server 2008 support Network Access Protection (NAP), which produces the possibility of rogue systems being able to access network resources. Features, services, and roles in Windows Server 2008 can be fine-tuned to meet specific needs. A command-wine version there requires fewer resources, called Server Core, is available for certain server roles. This version is designed to reduce maintenance, use of resources, and the “attack surface.” Hyper-V, a full-featured virtualization product, is included with Windows Server 2008 and allows installing guest OSs, such as Linux and other Windows versions. |
Windows 7 |
Builds on the security advances made in Vista with the introduction of AppLocker, which allowed for control over application execution. The inclusion of the Action Center in Windows 7 allows users to view potential configuration in one simple interface. Other improvements include refinements to the UAC feature and Windows Defender, which protects the system from known spyware. |
Windows 8.1 |
Boasting “groundbreaking malware resistance,” Windows 8.1 comes with features that make usual-level infection much less dangerous by limiting the privileges of basic users. In addition, Windows 8.1 includes a number of heap integrity checks designed to make exploitation more difficult. Windows Defender was upgraded to a full anti-malware product. SmartScreen extended to the OS to alert when an application is launched on a PC. For the first time, SecureBoot prevents execution of non-trusted boot content, preventing rootkit/bootkits. |
Windows Server 2012 |
With this edition, Microsoft introduced Authentication Silos to prevent pass-the-hash attacks, a major weakness in all earlier versions of Windows servers. It also includes enhanced support for Domain Name System Security Extensions (DNSSEC), which relies on digital signatures to prove zone ownership. |
Windows 10 |
Designed for use on tablets and traditional PCs, Windows 10 can be found in more places than ever. Numerous security enhancements were brought to Windows 10. One of the more progressive enhancements is that it only allows trusted apps by default through Device Guard. It also added Credential Guard, which uses virtualization to protect access tokens from theft by attackers. |
Windows Server 2016 |
(Please note that the features disguised here are based on a Beta version.) Windows Server 2016 features a number of security upgrades. The most important, Windows Containers, allows for application isolation to protect applications from one another. Windows Defender (malware protection) is now enabled by default. In this version, the option for telnet server is eliminated completely (telnet client is still available). A feature named Just Enough Administration (JEA) allows for more granular access control settings on tasks. |
Table 6-1 Windows OS descriptions
Source: Simpson, & Antill. (2020). Hands-On Ethical Hacking and Network Defense (Third Edition). Cengage Learning.