Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Microsoft Windows

From Malware Wiki
Jump to: navigation, search

Nomalware.png This page is not malware, despite having an article on the Wiki.

Microsoft Windows
DeveloperMicrosoft Corporation
Programming LanguageC, C++, C#, Intel Assembly
OS TypeProprietary Software
Release DateNovember 20th, 1985
Marketing TypePersonal computers and home, mobile devices, embedded devices, education, business, servers, mainframe, supercomputers, workstations, VR devices, Xbox console
Kernel TypeDOS, NT, Monolithic (Microsoft DOS)
This box: view  talk  edit

Microsoft Windows (also known as MS Windows, Windows, or Windows OS) is a series of software, operating systems, and graphical user interfaces produced by Microsoft. Windows uses both DOS and NT as their kernels, and as of now, NT is their current default kernel type. Microsoft first introduced an operating environment named Windows in November 6, 1985 as an add-on to Microsoft DOS in response to the growing interest in graphical user interfaces (GUIs) at the time. Microsoft Windows came to dominate the world's personal computer market, overtaking Mac OS, which had been introduced previously.

As of July 2009, Windows had approximately 93% of the market share of the client operating systems for usage on the Internet. The most recent client version of Windows is Windows 10 released on July 29th, 2015. Several editions, flavors, and versions of Windows have been released in the following years that come in 32-bit operating systems, (x86), and 64-bit operating systems (x64), in which most of them are consumer-friendly. Deleting System32 will delete Windows, so it is advised to install a secondary operating system if the user deletes System32.

Due to its extremely high usage in home computers, workplaces, and servers, Microsoft Windows is one of the most targeted operating systems in the world for malware, along with Android being second due to its marketshare. This is also a reason why there are many antiviruses built for this platform.

List of Windows Versions

Client Versions

  • Windows 1.0 (1985)
  • Windows 2.0 (1987)
  • Windows 2.1 (1988)
  • Windows 3.0 (1990)
  • Windows 3.1 (1992)
  • Windows NT 3.1 (1993)
  • Windows 3.5 (1994)
  • Windows 3.51 (1995)
  • Windows 95 (1995)
  • Windows 96 (1996)
  • Windows NT 4.0 (1996)
  • Windows 98 (1998)
  • Windows NT 5.0 (1999)
  • Windows 2000 (2000)
  • Windows Me (2000)
  • Windows XP (2001)
  • Windows Vista (2007)
  • Windows 7 (2009)
  • Windows 7.1 (2011)
  • Windows 8 (2012)
  • Windows 8.1 (2013)
  • Windows 10 (2015)

Server Versions

  • Windows NT 3.1 (1993)
  • Windows 3.5 (1994)
  • Windows 3.51 (1995)
  • Windows NT 4.0 (1996)
  • Windows NT 5.0 (1999)
  • Windows Server 2000 (2000)
  • Windows Server 2003 (2003)
  • Windows Server 2003 R2 (2005)
  • Windows Server 2008 (2008)
  • Windows Server 2008 R2 (2009)
  • Windows Server 2008 R3 (2011)
  • Windows Server 2012 (2012)
  • Windows Server 2012 R2 (2013)
  • Windows Server 2016 (2016)
  • Windows Server 2019 (2018)


Early Windows (1.x, 2.x)

Windows 1.01

Early operating systems were mostly text-based and relied on user commands. However, attempts to create user-friendly graphical user interfaces began as early as 1982, with Visi On and Apple Macintosh systems having basic GUIs. Bill Gates, the founder of Microsoft, spearheaded a GUI project to add on to DOS systems.

On November 6, 1985, Microsoft Windows, version 1.00, was released to the public. It made large use of the mouse, then uncommon among computer systems. Programs ranged between games like Reversi, applications like Paint and primitive word processors. While not entirely successful for the company, it was a first step for the company, who built upon Windows 1.0 with Windows 2.0, releasing December 9, 1987. Windows 2.0 allowed overlapped windows and VGA graphics and featured the first versions of Microsoft Word and Excel.

Malware for these versions are unheard of: Windows 1.0 and 2.0 ran on DOS and were, therefore, independent applications running like games. Viruses continued to affect DOS computers.

Windows 3.x DOS

Windows 3.0 was released on May 22, 1990. Windows 3.0 introduced a significantly revamped and improved user interface and more consumer-friendly, as well as technical improvements to make better use of the memory management capabilities of Intel's 80286, 80386, and 80486 processors (although it could still run on a 8086/8088). Windows was starting to get more popular and eventually became a rival to the Commodore Amiga, and the Apple Macintosh.

Windows 3.1 was released on April 6, 1992, and quickly became one of the most popular operating systems in the world. It features numerous improvements, including supporting more memory (being able to a maximum 256 MB of RAM, as opposed to Windows 3.0 which could only supported a mere 16 MB), and more.

As Windows was now getting more popular with the home and workplace market, some malware was written for it. The most prominent examples are Apparition, Klon, Lucky, and others.

Windows 3.5x, NT 3.1x, & 4.x

Windows NT 3.1 was released a year after Windows 3.1, on July 27, 1993. Rather then a 16-bit application dependent on MS-DOS, Windows NT was 32-bit, and could be booted and installed on most computers. It supported more architectures then Windows 3.x, supporting Alpha and MIPS. Later, PowerPC support was added to Windows NT. Windows 3.5 was released a year later on September 21, 1994. It featured a new startup screen, the ability to use names up to 255 characters for computer files, Object Linking and Embedding, and more. It required less memory than Windows NT 3.1. Windows 3.5 however, refuses to install on anything newer than the original Pentium, but it can be installed through modification of the installation CD. Windows 3.51 fixed this issue.

There was very few malware written for 3.x, due to its low usage. Malware that runs on Windows 95 may affect Windows 3.51. However, and certain malware that runs on Windows 3.x will also affect Windows 3.5x & NT 3.1x.

Windows NT 4.x was released in several editions, including Terminal Server, Enterprise Server, Embedded, and more. It was released on August 24, 1996, one year after Windows 95, and featured several improvements including a graphical environment similar to that of Windows 95, and could access a maximum of 4 GB of RAM (compared to Windows 95, which fails to start with more than 440 MB of RAM.)

Some malware that affects Windows 95 also affects Windows NT 4.0. Microsoft had plans to release a seventh service pack, SP7, due for release in 2001; this was replaced with Service Pack SP6a, which was not a full service pack. Microsoft had plans to support SP7 until 2009. However, due to a major security flaw found in the Windows NT kernel that could not be patched without significant changes to the core operating system, security updates ended early, and NT support officially ended in 2006.

Windows 9x DOS

Windows 95

Windows 9x includes Windows 95, 96, 98, and Me. Windows 95 was released on August 24, 1995, Windows 96 was released on 1996, Windows 98 was released on June 25, 1998, and Windows Me was released on September 14, 2000. Like Windows 3.x, Windows 9x were dependent on MS-DOS, although having Microsoft DOS installed was not a pre-requirement (except in Windows 95A, the first release). Windows 95 introduced the task bar, the start menu, and the desktop icons, which are still used in Windows today

Thanks to the huge popularity of Windows 95, the growing interest of the internet, amongst other things, there were thousands, if not tens of thousands of malware created for Windows 9x series of operating systems. The most famous ones are CIH, a virus that completely wipes out a hard drive and destroys certain motherboards carrying Intel chipsets; LoveLetter, one of the most widespread worms in the history of computing, Happy99, a virus that completely destroys the system after emailing itself to everyone in the user's contacts, Melissa, a macro virus that affects Microsoft Word, Magistr, a worm that tries to do capabilities of combined viruses like CIH and Shoerec, and more.

Windows Me has some code that is reworked and no longer allows the user to reboot to DOS. This makes a few viruses fail to work on Windows ME, like Shoerec.

Windows NT Kernel Editions

Windows NT is the primary kernel and current model of kernel of Windows developed by Microsoft. Windows NT is the most used operating system kernel in the world, first started with Windows NT 3.1 (1993), and still continues today with Windows 10 (2015). The Windows NT line of products includes Windows NT 3.1 (1993), Windows 3.5 (1994), Windows 3.51 (1995), Windows NT 4.0 (1996), Windows NT 5.0 (1999), Windows 2000 (2000), Windows XP (2001), Windows Vista (2007), Windows 7 (2009), Windows 7.1 (2011), Windows 8 (2012), Windows 8.1 (2013), and Windows 10 (2015). It also hosts the Windows Server line of products beginning with Windows NT 3.1 Server, up to Windows Server 2019.

Malware on Windows

Windows NT is the most used operating system kernel in the world. Thanks to this fact, it is easily the most malware-infected kernel in the world, housing millions of malware with hundreds discovered every day. However, antiviruses are also at their strongest to this day, successful at blocking most malware attacks. Windows also has Windows Defender (built-in Windows 8/8.1 and Windows 10) and Microsoft Security Essentials (for Windows 7/7.1 and Windows Vista as a separate download) as built-in starter antiviruses. Note that Windows Defender in the Win8+ era should not be confused with Windows Defender in Windows 7. That was designed as a basic anti-spyware, while Security Essentials remained the complete antivirus (and it would disable Windows Defender, as all those definitions were already part of Security Essentials). Microsoft upgraded Windows Defender to essentially be as powerful as Security Essentials for Windows 8, removing the need for a separate antivirus. The Death Screen for Windows was the Blue Screen, found when the user's computer is too unstable or if there is too much malware. Windows NT's most prominent viruses were CodeRed, which took down thousands of

The current version of the Blue Screen

servers across the world, and was one of the first botnet viruses ever created. Klez (which also affected Windows 9x), one of the most destructive worms in history which caused over $19 billion USD in damage, Blaster, another botnet virus, which took down several websites in mid 2003 and caused $335 million USD in damage (and also contained a message to Bill Gates), Welchia, one of the most widespread worms in history and the first "anti-worm" worm that deletes Blaster, Mydoom, the second most damaging virus in history (causing $22.6 billion USD in damage), Sobig, the most destructive virus in history that caused nearly $40 billion USD in damage (about $37.1 billion USD), Conficker, one of the most widespread botnet worms that emerged in late 2008, ZeroAccess, a trojan and rootkit discovered in early 2011 that hooks a computer up to a botnet, while also killing nearly every executable, and (sometimes) deleting critical files, and Cryptolocker, the first official ransomware that requests the user to pay a fee to regain access to encrypted files.

Some viruses and trojans can delete entire boot sectors and partitions of Windows and can also delete files, brick phones attached, destroy entire hard drives, and stone the user's PC. Though these are somewhat uncommon, most have been detected and now can be removed. If the user does not have an antivirus on the user's PC, these viruses and/or other variants (Like Sobig.F, a variant of Sobig) will find a backdoor to the user's computer, causing high damage. It is best to keep safe and use recommended software from Microsoft or trusted.

Current threats now include ransomware (which can encrypt all the files, holding them hostage unless you pay using anonymous crypto-currencies) and cryptojackers (scripts which mine data). Note however that some cryptojackers are embedded in websites, requiring no OS specific code (and thus can affect any computer running a browser, no matter the OS). This was proliferated by Coinhive (a web service that facilitated Monero mining), though the service later shut down.

The Microsoft symbol

External links and References