Abstract Type Library (ATL), COM code and, 165
access checking, disabling, 104
access control, 13–14, 107–110
Access Control Entries (ACEs), 19–20
Owner Rights, 160
access control lists (ACLs), 14, 17
DACLs, 32, 160
namespaces, global and local, 111
service accounts, 99–102
shared memory, 112
Active Directory, owner SIDs, 160–161
Active Type Library (ATL), and DEP, 127
ActiveX opt-in, 122–123
locking, 131–132
address space, 76
Address Space Layout Randomization (ASLR), 51–53
limitations of, 53
link with /dynamicbase, 72
performance and capability implications, 53–54
addresses, application, and stack randomization, 54
AdjustTokenPrivileges, 16, 102–104
administrator user accounts, 13–14
“administrator with approval mode,” 18–20
applications requiring, building, 22–24
elevated code, starting, 27
elevating to, 24
local system service accounts, 99
Adobe Acrobat Reader v8.0.0, 128
Adobe Flash, 121, 122
Adobe Flash Player v9.0.28.0, 128
Advanced Encryption Standard (AES), 132–133
Advanced Windows (Richter), 67
Advanced Windows Firewall, 87–92
AES-256 encryption key, 154
AIA (Authority Information Access) URLs, 146
algorithms
CNG, elliptic curve, 140
CNG, new, 139–140
cryptographic, 9
hash, 9
hardcoded, 137, 148
Suite B, 144
allocation attack patterns, 55–56
AMD CPUs, 11
Enhanced Virus Protection, 59
analysis tools, 9
/analyze, 5, 7, 9
warnings, 10
annotation, of functions, 3
anti-malware, 167–168
anti-virus protection, 167–168
APIs (application programming interfaces)
ASLR and, 51
AuthzReportSecurityEvent, 172
banned. See APIs, banned
CertEnroll, 148
ChangeServiceConfig2, 103
CreateService, 98
credential user interface, 163
GetProductInfo, 164
impersonation, 17
IP Helper, 76
kernel mode, 136
Network Diagnostics Framework, 75
Network List Manager (NLM), 75, 81–82
peer-to-peer collaboration, 75
pipe server attacks, 115–116
secure socket extensions, 76, 83–85
TBS, 177
user-mode, 136
Windows Defender, 163, 167–168
APIs, banned, 3
bug prevention, 2
list of, 8–9
not replaced, 8
removing from codebase, 8–9
Application Compatibility toolset, 31
application manifest, side-by-side, creating, 31
application programming interfaces (APIs). See APIs (application programming interfaces)
Application Verifier (AppVerif), 9
warnings, 11
applications
accessibility, 24
administrator-only, creating, 22–24
compatibility of, debugging, 42–44
high- vs. low-priority, 24
legacy, 28
prompt for credentials or consent, creating, 24–25
virtualization and, 28
AppPath, 109
asInvoker manifest option, 23, 24
ASLR. See Address Space Layout Randomization (ASLR)
assertions, 156
assumption flaws, 3
ATL (Abstract Type Library), COM code and, 165
attacks
allocation, 55–56
denial of service, 115–117
malware, 60, 121, 154
name squatting, 110
phishing, 152, 153–156
pipe server, 115–116
screen-scraping, 158
shatter, 24, 110
spoofing, 158, 171
spyware, 167–168
Web browser, 121–122
attribute syntax, 3
auditing, 143, 172
authentication and authorization, 117, 151
authentication modules, 159
CardSpace and Information Cards, 151–159
Graphical Identification and Authorization (GINA), 159
owner SID, 159–161
Authenticode signatures, 44
Authority Information Access (AIA) URLs, 146
AuthzReportSecurityEvent, 172
Background Intelligent Transfer Service (BITS), 75