Editing Microsoft Windows (section)

== Security ==
{{update section|date=May 2020}}
Early versions of Windows were designed at a time where [[malware]] and networking were less common, and had few built-in security features; they did not provide access privileges to allow a user to prevent other users from accessing their files, and they did not provide [[memory protection]] to prevent one process from reading or writing another process's address space or to prevent a process from code or data used by privileged-mode code.

While the [[Windows 9x]] series offered the option of having profiles for multiple users with separate profiles and home folders, it had no concept of [[Principle of least privilege|access privileges]], allowing any user to edit others' files. In addition, while it ran separate 32-bit applications in separate address spaces, protecting an application's code and data from being read or written by another application, it did not protect the first megabyte of memory from [[Userland (computing)|userland]] applications for compatibility reasons. This area of memory contains code critical to the functioning of the operating system, and by writing into this area of memory an application can [[Crash (computing)|crash]] or [[Hang (computing)|freeze]] the operating system. This was a source of instability as faulty applications could accidentally write into this region, potentially corrupting important operating system memory, which usually resulted in some form of system error and halt.<ref>{{Cite web |date=November 21, 2001 |title=Transcript: Chat with Ed Bott and Carl Siechert, Co-Authors of Microsoft Windows XP Inside Out |url=http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/bottchat.mspx |archive-url=https://web.archive.org/web/20040918191218/http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/bottchat.mspx |archive-date=September 18, 2004 |access-date=April 20, 2019 |publisher=[[Microsoft]]}}</ref>

[[Windows NT]] was far more secure, implementing access privileges and full memory protection, and, while 32-bit programs meeting the DoD's C2 security rating,<ref>{{Cite news |last=Russinovich |first=Mark |date=Apr 30, 1998 |title=Windows NT Security, Part 1 |language=en |work=ITPro Today |url=https://www.itprotoday.com/security/windows-nt-security-part-1 |url-status=live |access-date=2022-09-29 |archive-url=https://web.archive.org/web/20220929082011/https://www.itprotoday.com/security/windows-nt-security-part-1 |archive-date=September 29, 2022}}</ref> yet these advantages were nullified{{Synthesis inline|date=November 2023}} by the fact that, prior to [[Windows Vista]], the default user account created during the setup process was an [[Windows administrator|administrator]] account; the user, and any program the user launched, had full access to the machine. Though [[Windows XP]] did offer an option of turning administrator accounts into limited accounts, the majority of home users did not do so, partially due to the number of programs which required administrator rights to function properly. As a result, most home users still ran as administrator all the time. These architectural flaws, combined with Windows's very high popularity, made Windows a frequent target of [[computer worm]] and [[Computer virus|virus]] writers.<ref>{{Cite web |last=Bruce Schneier |author-link=Bruce Schneier |date=June 15, 2005 |title=Crypto-Gram Newsletter |url=http://www.schneier.com/crypto-gram-0506.html |website=Schneier.com |url-status=dead |archive-url=https://web.archive.org/web/20070606070525/http://www.schneier.com/crypto-gram-0506.html |archive-date=June 6, 2007 |access-date=April 22, 2007 |publisher=[[BT Counterpane|Counterpane Internet Security, Inc.]]}}</ref><ref name="Patrizio2">{{Cite web |last=Andy Patrizio |date=April 27, 2006 |title=Linux Malware On The Rise |url=http://www.internetnews.com/dev-news/article.php/3601946 |url-status=live |archive-url=https://web.archive.org/web/20120205070731/http://www.internetnews.com/dev-news/article.php/3601946 |archive-date=February 5, 2012 |access-date=January 3, 2011 |website=InternetNews |publisher=[[QuinStreet]]}}</ref><ref>{{Cite web |title=Windows intentionally weak on worms, viruses - The Arizona State Press |url=https://www.statepress.com/article/2003/11/windows-intentionally-weak-on-worms-viruses |access-date=2024-06-12 |website=www.statepress.com |language=en-US}}</ref>

Furthermore, although Windows NT and its successors are designed for security (including on a network) and multi-user PCs, they were not initially designed with Internet security in mind as much, since, when it was first developed in the early 1990s, Internet use was less prevalent.<ref>{{Cite web |title=Telephones and Internet Users by Country, 1990 and 2005 |url=http://www.infoplease.com/ipa/A0883396.html |url-status=live |archive-url=https://web.archive.org/web/20090522083608/http://www.infoplease.com/ipa/A0883396.html |archive-date=May 22, 2009 |access-date=June 9, 2009 |publisher=Information Please Database}}</ref>

In a 2002 strategy memo entitled "Trustworthy computing" sent to every Microsoft employee, Bill Gates declared that security should become Microsoft's highest priority.<ref>{{Cite magazine |last=Gates |first=Bill |title=Bill Gates: Trustworthy Computing |url=https://www.wired.com/2002/01/bill-gates-trustworthy-computing/ |url-status=live |magazine=Wired |language=en-US |issn=1059-1028 |archive-url=https://web.archive.org/web/20220929082019/https://www.wired.com/2002/01/bill-gates-trustworthy-computing/ |archive-date=September 29, 2022 |access-date=2022-09-29}}</ref><ref>{{Cite web |last=Verloy |first=Filip |title=20 Years After Bill Gates' Trustworthy Computing Memo, Cybersecurity Issues Are An Even Harder Problem |url=https://nonamesecurity.com/ |url-status=live |archive-url=https://web.archive.org/web/20220929082018/https://nonamesecurity.com/ |archive-date=September 29, 2022 |access-date=2022-09-29 |website=nonamesecurity.com |language=en}}</ref>

[[Windows Vista]] introduced a privilege elevation system called [[User Account Control]].<ref>{{Cite web |last=Northrup |first=Tony |date=June 1, 2005 |title=Windows Vista Security and Data Protection Improvements |url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc507844(v=technet.10) |url-status=live |archive-url=https://web.archive.org/web/20211020154204/https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc507844(v=technet.10) |archive-date=October 20, 2021 |access-date=October 20, 2021 |website=[[Microsoft Docs]] |quote=In Windows Vista, the User Account Control (UAC) initiative introduces fundamental operating system changes to enhance the experience for the non-administrative user. |department=[[Microsoft TechNet|TechNet]]}}</ref> When logging in as a standard user, a logon session is created and a [[Token (Windows NT architecture)|token]] containing only the most basic privileges is assigned. In this way, the new logon session is incapable of making changes that would affect the entire system. When logging in as a user in the Administrators group, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the [[Windows shell]], are then started with the restricted token, resulting in a reduced privilege environment even under an Administrator account. When an application requests higher privileges or "Run as administrator" is clicked, UAC will prompt for confirmation and, if consent is given (including administrator credentials if the account requesting the elevation is not a member of the administrators group), start the process using the unrestricted token.<ref name="kennykerr2">{{Cite web |last=Kenny Kerr |date=September 29, 2006 |title=Windows Vista for Developers&nbsp;– Part 4&nbsp;– User Account Control |url=http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Developers-_1320_-Part-4-_1320_-User-Account-Control.aspx |url-status=dead |archive-url=https://web.archive.org/web/20070329071440/http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Developers-_1320_-Part-4-_1320_-User-Account-Control.aspx |archive-date=March 29, 2007 |access-date=March 15, 2007}}</ref>

Leaked documents from 2013 to 2016 codenamed [[Vault 7]] detail the capabilities of the [[Central Intelligence Agency|CIA]] to perform electronic surveillance and cyber warfare,<ref>{{Cite magazine |last=Greenberg |first=Andy |date=March 7, 2017 |title=How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks) |language=en-US |magazine=[[WIRED]] |url=https://www.wired.com/2017/03/cia-can-hack-phone-pc-tv-says-wikileaks/ |url-status=live |access-date=December 18, 2018 |archive-url=https://web.archive.org/web/20190320070844/https://www.wired.com/2017/03/cia-can-hack-phone-pc-tv-says-wikileaks/ |archive-date=March 20, 2019}}</ref> such as the ability to compromise operating systems such as Windows.<ref>{{Cite web |date=March 7, 2017 |title=Vault 7: Wikileaks reveals details of CIA's hacks of Android, iPhone Windows, Linux, MacOS, and even Samsung TVs |url=http://www.computing.co.uk/ctg/news/3006021/vault-7-wikileaks-reveals-details-of-cias-hacks-of-android-iphone-windows-linux-macos-and-even-samsung-tvs |url-status=live |archive-url=https://web.archive.org/web/20190412212526/https://www.computing.co.uk/ctg/news/3006021/vault-7-wikileaks-reveals-details-of-cias-hacks-of-android-iphone-windows-linux-macos-and-even-samsung-tvs |archive-date=April 12, 2019 |access-date=December 18, 2018 |website=[[Computing (magazine)|Computing]]}}</ref>

In August 2019, computer experts reported that the [[BlueKeep]] security vulnerability, {{CVE|2019-0708}}, that potentially affects older unpatched Windows versions via the program's [[Remote Desktop Protocol]], allowing for the possibility of [[remote code execution]], may include related flaws, collectively named ''[[DejaBlue]]'', affecting newer Windows versions (i.e., [[Windows 7]] and all recent versions) as well.<ref name="WRD-201908132">{{Cite magazine |last=Greenberg |first=Andy |date=August 13, 2019 |title=DejaBlue: New BlueKeep-Style Bugs Renew The Risk Of A Windows worm |magazine=[[Wired (magazine)|wired]] |url=https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/ |url-status=live |access-date=August 15, 2019 |archive-url=https://web.archive.org/web/20210413152701/https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/ |archive-date=April 13, 2021}}</ref> In addition, experts reported a Microsoft [[security vulnerability]], {{CVE|2019-1162}}, based on [[legacy code]] involving [[Text Services Framework#ctfmon|Microsoft CTF and ctfmon (ctfmon.exe)]], that affects all [[Windows]] versions from [[Windows XP]] to the then most recent [[Windows 10]] versions; a patch to correct the flaw is available.<ref name="TP-201908142">{{Cite news |last=Seals |first=Tara |date=August 14, 2019 |title=20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users |work=ThreatPost.com |url=https://threatpost.com/20-year-old-bug-legacy-microsoft-windows-users/147336/ |url-status=live |access-date=August 15, 2019 |archive-url=https://web.archive.org/web/20210417180352/https://threatpost.com/20-year-old-bug-legacy-microsoft-windows-users/147336/ |archive-date=April 17, 2021}}</ref>

Microsoft releases security patches through its [[Windows Update]] service approximately once a month (usually the [[Patch Tuesday|second Tuesday]] of the month), although critical updates are made available at shorter intervals when necessary.<ref>{{Cite web |last=Ryan Naraine |author-link=Ryan Naraine |date=June 8, 2005 |title=Microsoft's Security Response Center: How Little Patches Are Made |url=http://www.eweek.com/c/a/Windows/Microsofts-Security-Response-Center-How-Little-Patches-Are-Made/ |access-date=January 3, 2011 |website=[[eWeek]] |publisher=Ziff Davis Enterprise}}</ref> Versions subsequent to Windows 2000 SP3 and Windows XP implemented automatic download and installation of updates, substantially increasing the number of users installing security updates.<ref>{{Cite web |last=John Foley |date=October 20, 2004 |title=Windows XP SP2 Distribution Surpasses 100 Million |url=http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=50900297 |url-status=live |archive-url=https://web.archive.org/web/20100527044840/http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=50900297 |archive-date=May 27, 2010 |access-date=January 3, 2011 |website=[[InformationWeek]] |publisher=UBM TechWeb}}</ref>

Windows integrates the Windows Defender antivirus, which is seen as one of the best available.<ref>{{Cite web |title=Test antivirus software for Windows 10 – June 2022 |url=https://www.av-test.org/en/antivirus/home-windows/ |url-status=live |archive-url=https://web.archive.org/web/20220929082019/https://www.av-test.org/en/antivirus/home-windows/ |archive-date=September 29, 2022 |access-date=2022-09-29 |website=www.av-test.org |language=en-US}}</ref> Windows also implements [[Secure Boot]], [[Control-flow integrity|Control Flow Guard]], ransomware protection, [[BitLocker]] disk encryption, a firewall, and Windows SmartScreen.

In July 2024, Microsoft signalled an intention to limit kernel access and improve overall security, following a highly publicised [[2024 CrowdStrike-related IT outages|CrowdStrike update]] that caused 8.5 million Windows PCs to crash.<ref name="CrowdStrike9to5">{{cite web |last1=Christoffel |first1=Ryan |title=Microsoft starts campaign to make Windows security more like Mac post-CrowdStrike |url=https://9to5mac.com/2024/07/26/microsoft-starts-campaign-to-make-windows-security-more-like-mac-post-crowdstrike/ |website=9to5Mac |access-date=July 27, 2024 |date=July 26, 2024}}</ref> Part of that initiative is to rewrite parts of Windows in [[Rust (programming language)|Rust]], a [[memory-safe]] language.<ref>{{Cite news |last=Warren |first=Tom |date=November 19, 2024 |title=Microsoft's new Windows Resiliency Initiative aims to avoid another CrowdStrike incident |url=https://www.theverge.com/2024/11/19/24299873/microsoft-windows-resiliency-initiative-crowdstrike-incident |access-date=November 19, 2024 |work=[[The Verge]] |quote=...and Microsoft is making changes to Windows, too. It's 'gradually moving functionality from C++ implementation to Rust' in Windows, to help further improve the security of the OS.}}</ref>

=== File permissions ===
All Windows versions from Windows NT 3 have been based on a file system permission system referred to as [[AGDLP]] (Accounts, Global, Domain Local, Permissions) in which file permissions are applied to the file/folder in the form of a 'local group' which then has other 'global groups' as members. These global groups then hold other groups or users depending on different Windows versions used. This system varies from other vendor products such as [[Linux]] and [[NetWare]] due to the 'static' allocation of permission being applied directly to the file or folder. However using this process of AGLP/AGDLP/AGUDLP allows a small number of static permissions to be applied and allows for easy changes to the account groups without reapplying the file permissions on the files and folders.{{Citation needed|date=March 2025}}