A

Abstract Type Library (ATL), COM code and, 165

access checking, disabling, 104

access control, 13–14, 107–110

Access Control Entries (ACEs), 19–20

Owner Rights, 160

access control lists (ACLs), 14, 17

DACLs, 32, 160

namespaces, global and local, 111

service accounts, 99–102

shared memory, 112

Active Directory, owner SIDs, 160–161

Active Type Library (ATL), and DEP, 127

ActiveX opt-in, 122–123

locking, 131–132

address space, 76

Address Space Layout Randomization (ASLR), 51–53

limitations of, 53

link with /dynamicbase, 72

performance and capability implications, 53–54

addresses, application, and stack randomization, 54

AdjustTokenPrivileges, 16, 102–104

administrator user accounts, 13–14

“administrator with approval mode,” 18–20

applications requiring, building, 22–24

elevated code, starting, 27

elevating to, 24

local system service accounts, 99

Adobe Acrobat Reader v8.0.0, 128

Adobe Flash, 121, 122

Adobe Flash Player v9.0.28.0, 128

Advanced Encryption Standard (AES), 132–133

Advanced Windows (Richter), 67

Advanced Windows Firewall, 87–92

AES-256 encryption key, 154

AIA (Authority Information Access) URLs, 146

algorithms

CNG, elliptic curve, 140

CNG, new, 139–140

cryptographic, 9

hash, 9

hardcoded, 137, 148

Suite B, 144

allocation attack patterns, 55–56

AMD CPUs, 11

Enhanced Virus Protection, 59

analysis tools, 9

/analyze, 5, 7, 9

warnings, 10

annotation, of functions, 3

anti-malware, 167–168

anti-virus protection, 167–168

APIs (application programming interfaces)

ASLR and, 51

AuthzReportSecurityEvent, 172

banned. See APIs, banned

CertEnroll, 148

ChangeServiceConfig2, 103

CreateService, 98

credential user interface, 163

GetProductInfo, 164

impersonation, 17

IP Helper, 76

kernel mode, 136

Network Diagnostics Framework, 75

Network List Manager (NLM), 75, 81–82

peer-to-peer collaboration, 75

pipe server attacks, 115–116

secure socket extensions, 76, 83–85

TBS, 177

user-mode, 136

Windows Defender, 163, 167–168

APIs, banned, 3

bug prevention, 2

list of, 8–9

not replaced, 8

removing from codebase, 8–9

Application Compatibility toolset, 31

application manifest, side-by-side, creating, 31

application programming interfaces (APIs). See APIs (application programming interfaces)

Application Verifier (AppVerif), 9

warnings, 11

applications

accessibility, 24

administrator-only, creating, 22–24

compatibility of, debugging, 42–44

high- vs. low-priority, 24

legacy, 28

prompt for credentials or consent, creating, 24–25

virtualization and, 28

AppPath, 109

asInvoker manifest option, 23, 24

ASLR. See Address Space Layout Randomization (ASLR)

assertions, 156

assumption flaws, 3

ATL (Abstract Type Library), COM code and, 165

attacks

allocation, 55–56

denial of service, 115–117

malware, 60, 121, 154

name squatting, 110

phishing, 152, 153–156

pipe server, 115–116

screen-scraping, 158

shatter, 24, 110

spoofing, 158, 171

spyware, 167–168

Web browser, 121–122

attribute syntax, 3

auditing, 143, 172

authentication and authorization, 117, 151

authentication modules, 159

CardSpace and Information Cards, 151–159

Graphical Identification and Authorization (GINA), 159

owner SID, 159–161

Authenticode signatures, 44

Authority Information Access (AIA) URLs, 146

AuthzReportSecurityEvent, 172

Background Intelligent Transfer Service (BITS), 75