The following figure illustrates the architecture of windows operating system. The later releases of windows like vista also have the similar structure. Keeping in view of the flexibility the operating system structure has been designed. It design also addresses the support on variety of different hardware platforms such as Intel x86 and AMD64 architectures.. The windows server operating system also supports the Intel IA64 (Itanium).
Fig (a) Windows and Windows Vista Architecture [1]
As windows operating system is different from all other operating systems it keeps the application-oriented software and core OS software separately. It supports applications written for different operating systems. One of the greatest features of this operating system is as though it has been designed to support for a single user these are multitasking operating systems.
As the windows has a highly modular architecture each system function is managed by just one component of the OS. [1] Remaining OS and all applications access that function through responsible components by the use of the standard interfaces. The advantage of this individual system function is that each module can be replaced, upgraded or removed without disturbing the entire system. The windows operating system can be divided into two different modes. They are
Kernel Mode
User Mode
KERNEL MODE:
The kernel mode of the windows operating system consists of the following components.
Executive: This component consists of the services of OS such as memory management, process and thread management, security, I/O and interprocess communication. [1]
Kernel: The execution of the processor is controlled by the kernel. It manages different operation of the OS such as process switching, thread scheduling, exception and error handling and synchronization of multiprocessor.
Hardware abstraction layer (HAL): It makes the entire hardware of the system to appear as one to the kernel and executive components. For instance it makes system bus, memory module, system timer and DMA controller look as a single entity.
Device Drivers: It consists of device drives which convert the user I/O function calls into hardware specific I/O requests. It also consists of software components which are used to implement the network protocols, file systems and further system extension which are to be run in the kernel mode of the OS.
Windowing and graphic system: Implements the graphical user interface (GUI) functions, such as dealing with windows, user interface controls, and drawing.[1]
The windows executive provides an API for user-mode software and also has components which are used for specific system functions. Following are the executive modules described in detail.
I/O Manager: The I/O manager provides the framework through which the I/O devices are usually accessible to applications. The I/O manager then dispatches the requests to the appropriate device drivers for further processing.
Cache manager: The cache manager improves the performance by keeping the recently used files in the main memory. By doing this next time when the user wants to access the file it is quickly accessible as the file is stored in the memory for quick access. These files are kept for a short duration of time and then erased.
Object manager: The object manager creates, manages and deletes windows executive objects and abstract data types that are used to represent resources such as processes, threads and synchronization objects.[1]
Plug-and-play manager: It is responsible for identifying the exact device drivers required to run a particular device. After identifying the device drivers it load the drivers.
Power manager: It is responsible for power management throughout the system. It reduces the power consumption by shutting down the idle devices, putting the processor on sleep and shutting down the power of the whole system.
Security reference monitor: Enforces access-validation and audit-generation rules.[1]
Virtual memory manager: It is responsible for managing the virtual addresses, paging files on disk and physical memory.
Process/thread manager: The process manager usually creates, manages and deletes the processes of the system. It also creates, manages and deletes the thread objects.
Configuration manager: It is responsible for managing and implementing the system registry. A system repository is a facility where things can be deposited for storage or safekeeping of various parameters. It is applicable for both system and user.
Local procedure call (LPC) facility: It is basically a procedure call mechanism where it makes communication between different local processes. The local processes implement services and sub systems and LPC provides facility for communication between these processes.
USER MODE:
The windows OS consists of four types of user-mode processes. They are as follows
Special system processes: It consists of user mode services required for managing the system. It basically has session manager, Local security authentication server, and logon process such as Winlogon.
Service processes: The service process consists of Services.exe, spooler, winmgmt.exe, SVChost.exe and user mode components which coordinate with device drivers and different types of network services. These are generally run on the background of a windows system.
Environment subsystems: Provides different operating system personalities or environments. The supported sub-systems are Win32/WinFX and POSIX.[1]
User applications: It generally consists of executables and DLLs which provide the users to make use of the system functionalities. The EXEs and DLLs are generally targeted at a specific environment subsystems
GENERAL UNIX ARCHITECTURE
Fig (b): General UNIX Architecture
The above figure shows the architecture of the UNIX operating system. The OS is designed in such a way the hardware is surrounded by the OS software. The Operating system is referred as the system kernel or only kernel. It isolates the user and application from it to show its importance. It also consists of number of user services and interfaces which are already equipped with the OS and are generally considered the part of the system. The outside of this is consisted of user-written applications and C compiler interface. The following diagram shows the closer look of the kernel.
C:\Users\Anid\Desktop\unix_kernel.gif
Fig(c): Traditional UNIX kernel
From the above figure we can see that the user programs can call the services of the OS through the library programs or directly. The system call interface is the boundary with the user and usually gives allows higher level software to gain access to higher level to specific kernel functions [1].The other end usually contains the primitives that usually interact with the hardware. Now in between of both these interfaces the system is divided into two parts one is used for process control and the other for file management and I/O. Process control subsystem is mainly responsible for the memory management, the interprocess communication and scheduling of the processes. The file system exchanges data between memory and external devices either as a stream of characters or in blocks [1].
WINDOWS Vs LINUX DESIGN
Security issues in windows design:
Windows is more attacked because of the fact that the email and browser based viruses, Trojans and worms are the source. And as the installations of windows desktop are more compared to Linux the chances of attacking the windows network is more. Now there is a question to be answered i.e., is windows machines are more attacked because of the more installation or because of the security flaws such and poor system design. The following are some of the reasons to be considered why the Trojans, viruses, worms and other malware infect the machines of windows OS.
Windows has only recently evolved from a single-user design to a multi-user model
Windows is monolithic, not modular, by design
Windows depends too heavily on an RPC model
Windows focuses on its familiar graphical desktop interface [2]
Windows was designed to allow both the user and application to access the system which leads to the flaw that the viruses and worms can access the system programs, files and resources to make changes to the system and lead to vulnerability. Then Microsoft after exploiting this vulnerability has isolated the applications and users. This led to failure of numerous applications and only administrator had the rights to access the critical system resources.
A monolithic system is one where most features are integrated into a single unit [2]. The example for this monolithic feature in Microsoft OS is that it made Netscape browser irrelevant by integrating Internet explorer into its operating system. The IE is prone to lot of vulnerabilities because of the flaws in design. And when IE is exploited it can even lead to exploiting the entire OS which is a huge vulnerability to be considered.
RPC stands for Remote Procedure Call [2]. One program sends a request to another program in different network to get some required functionality. The program can be located anywhere on the internet which is entirely a different network. This leads to vulnerability as if a RPC enabled program has some flaws then it is easy to exploit the program which is a potential risk which describes the function of what exactly our system is doing. Microsoft invites administrators to work with Windows Server 2003 at the server itself, logged in with Administrator privileges [2]. This leads to attacks if vulnerable applications such as IE used.
Security issues in Linux design:
According to the summer 2004 Evans Data Linux Developers Survey, 93% of Linux developers have experienced two or fewer incidents where a Linux machine was compromised [2]. Some of the cases where the intruders were able to attack the linux machines were due to improper configuration of security settings. This means that the viruses, worms and Trojans rarely infect the Linux machines because of following reasons
Linux is based on a long history of well fleshed-out multi-user design
Linux is mostly modular by design
Linux does not depend upon RPC to function, and services are usually configured not to use RPC by default
Linux servers are ideal for headless non-local administration [2].
