/W4. See warnings, warning level 4
warnings, 4, 7.
See also errors
6204, 10
/analyze, 10
Application Verifier, 11
buffer overrun, 9
C4996, 8
C6387, 7
compiler, 9–10
disabled, 10–11
file, 42
FXCop, 11
Information Card, 157
INI, 43
integer overflow, 9–10
namespace, 43
object, 43
process, 43–44
privilege, 43
registry, 43
static analysis, list of, 10
suppression of, 10–11
token, 43
warning level 4, 4, 9
Web browser security threats/attacks, 121–122.
See also Internet Explorer 7 defenses
Web site filtering, disabling, 166–167
Web site restriction. See parental controls
whoami/fo list /all command, 16–17, 18–19, 34
Wikipedia, 24, 77, 110
Wille, Christophe, 27
WinCreatorOwnerRightsSid, 160
wincrypt.h, 137
window origin, Internet Explorer 7, 133
Windows 95, and user accounts, 13
Windows 98, and user accounts, 13
Windows 2000
LogonUser, 106
user accounts, 13–14
Windows CardSpace and Information Cards, 151–152.
See also Information Cards
Information Card data flow, 152
phishing, 153–156
private desktop, 158
programmatic access, 156–159
summary, 159
Windows Communication Foundation (WCF), 157
Windows Defender, 163, 167–168
“Not Yet Classified” lists, 169
Software Explorer, 169
“Windows Defender Antispyware Cycle,” 168
Windows directory, access to, 13
Windows Filtering Platform, 76, 87
Windows Firewall with Advanced Security, 76
Windows ME, and user accounts, 13
Windows Media Player, 121
Windows NT
GINA, 159
NX, 60
user accounts, 13
Windows Parental Controls (WPC). See parental controls
Windows Script Host (WSH), and credential/consent prompts, 25
Windows Server 2003
buffer overrun defenses, 49
Information Card, 151
namespaces, 110, 111
.NET Framework 3.0, 156
Network Location Awareness, 81
NX, 60
pointer encoding, 172
security events, 172
SHA-2, 139
user accounts, 17
Windows SideBar, 181
Windows sockets, 7
Windows Updates (WU), and root certificates, 148
Windows versions prior to Windows Vista
heap defenses, 58
integrity protection, 32
NXCOMPAT, 62
token format, updated, 20
user accounts, 13–14, 18
Windows Vista
deprecated features, 131, 148, 169
determining version, 164
Windows Vista Software Development Kit
CNG, 140
code quality, 3, 5, 8, 9
SID creation, 165
Windows XP (SP2)
ASLR and, 51
browser defenses, 122
buffer overrun defenses, 49
heap defenses, 57
Information Card, 151
namespaces, 110, 111
.NET Framework 3.0, 156
Network Location Awareness, 81
NX, 60
peer-to-peer functionality, 75
pointer encoding, 172
RequestedPrivileges bug, 23
root certificates, 148
SIDs, 160
user accounts, 13–14, 17, 28, 42
Windows Firewall, 87
WinHTTPExemptionList, 167
Winlogon, privileges and, 44
WinURLExemptionList, 167
WinVerifyTrust, 148
WlxLoggedOutSAS, 159
WMI interfaces, and TPM, 177, 181
WMI objects, and filtering, 166–167
working set, process, increasing, 45
worm, Code Red, 55
WpcuSidStringForCurrentUser, 165
WpcuSidStringFromUserName, 165
“write down, not write-up,” 32
WriteData, 173
WriteFile, 113, 115
WriteProfileXXX, 43
Writing Secure Code (Howard and LeBlanc), 49, 83, 92, 117
WS-* protocols, 151
WSAImpersonateSocketPeer, 84
WSARevertImpersonation, 84
WSASetSocketPeerTargetName, 84
WSASetSocketSecurity, 83–85
WTSEnumerateSessions, 112
WTSSendMessage, 112