Search This Blog

Tuesday, December 5, 2023

OS/2

From Wikipedia, the free encyclopedia
OS/2 Logo
OS/2 Warp 4
OS/2 Warp 4 desktop. This version was released on 25 September 1996.
DeveloperIBM
Microsoft (1.0–1.3)
Written inC, C++ and assembly language
Working stateHistorical, now developed as ArcaOS
Source modelClosed source
Initial releaseDecember 1987; 36 years ago
Latest release4.52 / December 2001; 22 years ago
Marketing targetProfessionals, servers
Available inChinese, English, French, German, Italian, Japanese, Korean, Spanish, Slovenian, Portuguese, Russian
Platformsx86, PowerPC
Kernel typeHybrid kernel
Influenced byMS-DOS, IBM PC DOS
Default
user interface
Workplace Shell Graphical user interface
LicenseProprietary
Succeeded byFirst by eComStation, then ArcaOS
Official websiteOS/2 Warp (Archived)

OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 relative to Microsoft's new Windows 3.1 operating environment, the two companies severed the relationship in 1992 and OS/2 development fell to IBM exclusively. The name stands for "Operating System/2", because it was introduced as part of the same generation change release as IBM's "Personal System/2 (PS/2)" line of second-generation personal computers. The first version of OS/2 was released in December 1987 and newer versions were released until December 2001.

OS/2 was intended as a protected-mode successor of PC DOS targeting the Intel 80286 processor. Notably, basic system calls were modeled after MS-DOS calls; their names even started with "Dos" and it was possible to create "Family Mode" applications – text mode applications that could work on both systems. Because of this heritage, OS/2 shares similarities with Unix, Xenix, and Windows NT.

Up to $990 million per year was spent developing OS/2 and its replacement. OS/2 sales were largely concentrated in networked computing used by corporate professionals; however, by the early 1990s, it was overtaken by Microsoft Windows NT. While OS/2 was arguably technically superior to Microsoft Windows 95, OS/2 failed to develop much penetration in the mass market consumer and stand-alone desktop PC segments.

IBM discontinued its support for OS/2 on December 31, 2006. Since then, OS/2 has been developed, supported and sold by two different third-party vendors under license from IBM – first by Serenity Systems as eComStation since 2001, and later by Arca Noae LLC as ArcaOS since 2017.

Development

1985–1990: Joint IBM–Microsoft development

Logo of OS/2 1.x
 
OS/2 1.0 featured a text-mode interface similar to MS-DOS.

The development of OS/2 began when IBM and Microsoft signed the "Joint Development Agreement" in August 1985. It was code-named "CP/DOS" and it took two years for the first product to be delivered.

OS/2 1.0 (1987)

OS/2 1.0 was announced in April 1987 and released in December. The original release only ran in text mode, and a GUI was introduced with OS/2 1.1 about a year later. OS/2 features an API for controlling the video display (VIO) and handling keyboard and mouse events so that programmers writing for protected mode need not call the BIOS or access hardware directly. Other development tools included a subset of the video and keyboard APIs as linkable libraries so that family mode programs are able to run under MS-DOS, and, in the OS/2 Extended Edition v1.0, a database engine called Database Manager or DBM (this was related to DB2, and should not be confused with the DBM family of database engines for Unix and Unix-like operating systems). A task-switcher named Program Selector was available through the Ctrl-Esc hotkey combination, allowing the user to select among multitasked text-mode sessions (or screen groups; each can run multiple programs).

Communications and database-oriented extensions were delivered in 1988, as part of OS/2 1.0 Extended Edition: SNA, X.25/APPC/LU 6.2, LAN Manager, Query Manager, SQL.

OS/2 1.1 was the first version to feature the Presentation Manager GUI.

OS/2 1.1 (1988)

The promised user interface, Presentation Manager, was introduced with OS/2 1.1 in October 1988. It had a similar user interface to Windows 2.1, which was released in May of that year. (The interface was replaced in versions 1.2 and 1.3 by a look closer in appearance to Windows 3.0.)

The Extended Edition of 1.1, sold only through IBM sales channels, introduced distributed database support to IBM database systems and SNA communications support to IBM mainframe networks.

OS/2 1.2 (1989)

In 1989, Version 1.2 introduced Installable Filesystems and, notably, the HPFS filesystem. HPFS provided a number of improvements over the older FAT file system, including long filenames and a form of alternate data streams called Extended Attributes. In addition, extended attributes were also added to the FAT file system.

Installation Disk A of Microsoft OS/2 1.3 (3½-inch floppy disk)

The Extended Edition of 1.2 introduced TCP/IP and Ethernet support.

OS/2- and Windows-related books of the late 1980s acknowledged the existence of both systems and promoted OS/2 as the system of the future.

1990: Breakup

OS/2 1.3 (1990)

The collaboration between IBM and Microsoft unravelled in 1990, between the releases of Windows 3.0 and OS/2 1.3. During this time, Windows 3.0 became a tremendous success, selling millions of copies in its first year. Much of its success was because Windows 3.0 (along with MS-DOS) was bundled with most new computers. OS/2, on the other hand, was available only as an additional stand-alone software package. In addition, OS/2 lacked device drivers for many common devices such as printers, particularly non-IBM hardware. Windows, on the other hand, supported a much larger variety of hardware. The increasing popularity of Windows prompted Microsoft to shift its development focus from cooperating on OS/2 with IBM to building its own business based on Windows.

Several technical and practical reasons contributed to this breakup. The two companies had significant differences in culture and vision. Microsoft favored the open hardware system approach that contributed to its success on the PC. IBM sought to use OS/2 to drive sales of its own hardware, and urged Microsoft to drop features, such as fonts, that IBM's hardware did not support. Microsoft programmers also became frustrated with IBM's bureaucracy and its use of lines of code to measure programmer productivity. IBM developers complained about the terseness and lack of comments in Microsoft's code, while Microsoft developers complained that IBM's code was bloated.

The two products have significant differences in API. OS/2 was announced when Windows 2.0 was near completion, and the Windows API already defined. However, IBM requested that this API be significantly changed for OS/2. Therefore, issues surrounding application compatibility appeared immediately. OS/2 designers hoped for source code conversion tools, allowing complete migration of Windows application source code to OS/2 at some point. However, OS/2 1.x did not gain enough momentum to allow vendors to avoid developing for both OS/2 and Windows in parallel.

OS/2 1.3 was the final 16-bit only version of OS/2, and the last to be sold by Microsoft.

OS/2 1.x targets the Intel 80286 processor and DOS fundamentally does not. IBM insisted on supporting the 80286 processor, with its 16-bit segmented memory mode, because of commitments made to customers who had purchased many 80286-based PS/2s as a result of IBM's promises surrounding OS/2. Until release 2.0 in April 1992, OS/2 ran in 16-bit protected mode and therefore could not benefit from the Intel 80386's much simpler 32-bit flat memory model and virtual 8086 mode features. This was especially painful in providing support for DOS applications. While, in 1988, Windows/386 2.1 could run several cooperatively multitasked DOS applications, including expanded memory (EMS) emulation, OS/2 1.3, released in 1991, was still limited to one 640 kB "DOS box".

Given these issues, Microsoft started to work in parallel on a version of Windows which was more future-oriented and more portable. The hiring of Dave Cutler, former VAX/VMS architect, in 1988 created an immediate competition with the OS/2 team, as Cutler did not think much of the OS/2 technology and wanted to build on his work on the MICA project at Digital rather than creating a "DOS plus". His NT OS/2 was a completely new architecture.

IBM grew concerned about the delays in development of OS/2 2.0. Initially, the companies agreed that IBM would take over maintenance of OS/2 1.0 and development of OS/2 2.0, while Microsoft would continue development of OS/2 3.0. In the end, Microsoft decided to recast NT OS/2 3.0 as Windows NT, leaving all future OS/2 development to IBM. From a business perspective, it was logical to concentrate on a consumer line of operating systems based on DOS and Windows, and to prepare a new high-end system in such a way as to keep good compatibility with existing Windows applications. While it waited for this new high-end system to develop, Microsoft would still receive licensing money from Xenix and OS/2 sales. Windows NT's OS/2 heritage can be seen in its initial support for the HPFS filesystem, text mode OS/2 1.x applications, and OS/2 LAN Manager network support. Some early NT materials even included OS/2 copyright notices embedded in the software. One example of NT OS/2 1.x support is in the WIN2K resource kit. Windows NT could also support OS/2 1.x Presentation Manager and AVIO applications with the addition of the Windows NT Add-On Subsystem for Presentation Manager.

1990–1996: Post-breakup

OS/2 2.0 and DOS compatibility (1992)

OS/2 2.0 was the first 32-bit release of OS/2, and the first to feature the Workplace Shell.

OS/2 2.0 was released in April 1992. At the time, the suggested retail price was US$195, while Windows retailed for $150.

OS/2 2.0 provided a 32-bit API for native programs, though the OS itself still contained some 16-bit code and drivers. It also included a new OOUI (object-oriented user interface) called the Workplace Shell. This was a fully object-oriented interface that was a significant departure from the previous GUI. Rather than merely providing an environment for program windows (such as the Program Manager), the Workplace Shell provided an environment in which the user could manage programs, files and devices by manipulating objects on the screen. With the Workplace Shell, everything in the system is an "object" to be manipulated.

OS/2 2.0 was touted by IBM as "a better DOS than DOS and a better Windows than Windows". It managed this by including the fully-licensed MS-DOS 5.0, which had been patched and improved upon. For the first time, OS/2 was able to run more than one DOS application at a time. This was so effective that it allowed OS/2 to run a modified copy of Windows 3.0, itself a DOS extender, including Windows 3.0 applications.

Because of the limitations of the Intel 80286 processor, OS/2 1.x could run only one DOS program at a time, and did this in a way that allowed the DOS program to have total control over the computer. A problem in DOS mode could crash the entire computer. In contrast, OS/2 2.0 could leverage the virtual 8086 mode of the Intel 80386 processor to create a much safer virtual machine in which to run DOS programs. This included an extensive set of configuration options to optimize the performance and capabilities given to each DOS program. Any real-mode operating system (such as 8086 Xenix) could also be made to run using OS/2's virtual machine capabilities, subject to certain direct hardware access limitations.

The OS/2 2.0 upgrade box

Like most 32-bit environments, OS/2 could not run protected-mode DOS programs using the older VCPI interface, unlike the Standard mode of Windows 3.1; it only supported programs written according to DPMI. (Microsoft discouraged the use of VCPI under Windows 3.1, however, due to performance degradation.)

Unlike Windows NT, OS/2 always allowed DOS programs the possibility of masking real hardware interrupts, so any DOS program could deadlock the machine in this way. OS/2 could, however, use a hardware watchdog on selected machines (notably IBM machines) to break out of such a deadlock. Later, release 3.0 leveraged the enhancements of newer Intel 80486 and Intel Pentium processors—the Virtual Interrupt Flag (VIF), which was part of the Virtual Mode Extensions (VME)—to solve this problem.

OS/2 2.1 and Windows compatibility (1993)

OS/2 2.1 was released in 1993. This version of OS/2 achieved compatibility with Windows 3.0 (and later Windows 3.1) by adapting Windows user-mode code components to run inside a virtual DOS machine (VDM). Originally, a nearly complete version of Windows code was included with OS/2 itself: Windows 3.0 in OS/2 2.0, and Windows 3.1 in OS/2 2.1. Later, IBM developed versions of OS/2 that would use whatever Windows version the user had installed previously, patching it on the fly, and sparing the cost of an additional Windows license. It could either run full-screen, using its own set of video drivers, or "seamlessly," where Windows programs would appear directly on the OS/2 desktop. The process containing Windows was given fairly extensive access to hardware, especially video, and the result was that switching between a full-screen WinOS/2 session and the Workplace Shell could occasionally cause issues.

Because OS/2 only runs the user-mode system components of Windows, it is incompatible with Windows device drivers (VxDs) and applications that require them.

Multiple Windows applications run by default in a single Windows session – multitasking cooperatively and without memory protection – just as they would under native Windows 3.x. However, to achieve true isolation between Windows 3.x programs, OS/2 can also run multiple copies of Windows in parallel, with each copy residing in a separate VDM. The user can then optionally place each program either in its own Windows session – with preemptive multitasking and full memory protection between sessions, though not within them – or allow some applications to run together cooperatively in a shared Windows session while isolating other applications in one or more separate Windows sessions. At the cost of additional hardware resources, this approach can protect each program in any given Windows session (and each instance of Windows itself) from every other program running in any separate Windows session (though not from other programs running in the same Windows session).

Whether Windows applications are running in full-screen or windowed mode, and in one Windows session or several, it is possible to use DDE between OS/2 and Windows applications, and OLE between Windows applications only.

IBM's OS/2 for Windows product (codename Ferengi), also known as "OS/2, Special Edition", was interpreted as a deliberate strategy "of cashing in on the pervasive success of the Microsoft platform" but risked confusing consumers with the notion that the product was a mere accessory or utility running on Windows such as Norton Desktop for Windows when, in fact, it was "a complete, modern, multi-tasking, pre-emptive operating system", itself hosting Windows instead of running on it. Available on CD-ROM or 18 floppy disks, the product documentation reportedly suggested Windows as a prerequisite for installing the product, also being confined to its original FAT partition, whereas the product apparently supported the later installation of Windows running from an HPFS partition, particularly beneficial for users of larger hard drives. Windows compatibility, relying on patching specific memory locations, was reportedly broken by the release of Windows 3.11, prompting accusations of arbitrary changes to Windows in order to perpetrate "a deliberate act of Microsoft sabotage" against IBM's product.

OS/2 Warp 3 (1994)

Wordmark of OS/2 Warp 3.0
 
OS/2 Warp Connect 3.0, showing the Windows 3.1 Program Manager, QBASIC in a DOS window, and the LaunchPad (bottom center)

Released in 1994, OS/2 version 3.0 was labelled as OS/2 Warp to highlight the new performance benefits, and generally to freshen the product image. "Warp" had originally been the internal IBM name for the release: IBM claimed that it had used Star Trek terms as internal names for prior OS/2 releases, and that this one seemed appropriate for external use as well. At the launch of OS/2 Warp in 1994, Patrick Stewart was to be the Master of Ceremonies; however Kate Mulgrew of the then-upcoming series Star Trek: Voyager substituted for him at the last minute.

OS/2 Warp offers a host of benefits over OS/2 2.1, notably broader hardware support, greater multimedia capabilities, Internet-compatible networking, and it includes a basic office application suite known as IBM Works. It was released in two versions: the less expensive "Red Spine" and the more expensive "Blue Spine" (named for the color of their boxes). "Red Spine" was designed to support Microsoft Windows applications by utilizing any existing installation of Windows on the computer's hard drive. "Blue Spine" includes Windows support in its own installation, and so can support Windows applications without a Windows installation. As most computers were sold with Microsoft Windows pre-installed and the price was less, "Red Spine" was the more popular product. OS/2 Warp Connect—which has full LAN client support built-in—followed in mid-1995. Warp Connect was nicknamed "Grape".

In OS/2 2.0, most performance-sensitive subsystems, including the graphics (Gre) and multimedia (MMPM/2) systems, were updated to 32-bit code in a fixpack, and included as part of OS/2 2.1. Warp 3 brought about a fully 32-bit windowing system, while Warp 4 introduced the object-oriented 32-bit GRADD display driver model.

Workplace OS (1995)

In 1991, IBM started development on an intended replacement for OS/2 called Workplace OS. This was an entirely new product, brand new code, that borrowed only a few sections of code from both the existing OS/2 and AIX products. It used an entirely new microkernel code base, intended (eventually) to host several of IBM's operating systems (including OS/2) as microkernel "personalities". It also included major new architectural features including a system registry, JFS, support for UNIX graphics libraries, and a new driver model.

Workplace OS was developed solely for POWER platforms, and IBM intended to market a full line of PowerPCs in an effort to take over the market from Intel. A mission was formed to create prototypes of these machines and they were disclosed to several corporate customers, all of whom raised issues with the idea of dropping Intel.

Advanced plans for the new code base would eventually include replacement of the OS/400 operating system by Workplace OS, as well as a microkernel product that would have been used in industries such as telecommunications and set-top television receivers.

A partially functional pre-alpha version of Workplace OS was demonstrated at Comdex, where a bemused Bill Gates stopped by the booth. The second and last time it would be shown in public was at an OS/2 user group in Phoenix, Arizona; the pre-alpha code refused to boot.

It was released in 1995. But with $990 million being spent per year on development of this as well as Workplace OS, and no possible profit or widespread adoption, the end of the entire Workplace OS and OS/2 product line was near.

OS/2 Warp 4 (1996)

Firefox 3.5.4 for OS/2 Warp 4
Wordmark of OS/2 Warp 4
 
OS/2 Warp 4 desktop after installation

In 1996, Warp 4 added Java and speech recognition software. IBM also released server editions of Warp 3 and Warp 4 which bundled IBM's LAN Server product directly into the operating system installation. A personal version of Lotus Notes was also included, with a number of template databases for contact management, brainstorming, and so forth. The UK-distributed free demo CD-ROM of OS/2 Warp essentially contained the entire OS and was easily, even accidentally, cracked, meaning that even people who liked it did not have to buy it. This was seen as a backdoor tactic to increase the number of OS/2 users, in the belief that this would increase sales and demand for third-party applications, and thus strengthen OS/2's desktop numbers. This suggestion was bolstered by the fact that this demo version had replaced another which was not so easily cracked, but which had been released with trial versions of various applications. In 2000, the July edition of Australian Personal Computer magazine bundled software CD-ROMs, included a full version of Warp 4 that required no activation and was essentially a free release. Special versions of OS/2 2.11 and Warp 4 also included symmetric multiprocessing (SMP) support.

OS/2 sales were largely concentrated in networked computing used by corporate professionals; however, by the early 1990s, it was overtaken by Microsoft Windows NT. While OS/2 was arguably technically superior to Microsoft Windows 95, OS/2 failed to develop much penetration in the consumer and stand-alone desktop PC segments; there were reports that it could not be installed properly on IBM's own Aptiva series of home PCs. Microsoft made an offer in 1994 where IBM would receive the same terms as Compaq (the largest PC manufacturer at the time) for a license of Windows 95, if IBM ended development of OS/2 completely. IBM refused and instead went with an "IBM First" strategy of promoting OS/2 Warp and disparaging Windows, as IBM aimed to drive sales of its own software as well as hardware. By 1995, Windows 95 negotiations between IBM and Microsoft, which were already difficult, stalled when IBM purchased Lotus SmartSuite, which would have directly competed with Microsoft Office. As a result of the dispute, IBM signed the license agreement 15 minutes before Microsoft's Windows 95 launch event, which was later than their competitors and this badly hurt sales of IBM PCs. IBM officials later conceded that OS/2 would not have been a viable operating system to keep them in the PC business.

1996–2001: Downsizing

A project was launched internally by IBM to evaluate the looming competitive situation with Microsoft Windows 95. Primary concerns included the major code quality issues in the existing OS/2 product (resulting in over 20 service packs, each requiring more diskettes than the original installation), and the ineffective and heavily matrixed development organization in Boca Raton (where the consultants reported that "basically, everybody reports to everybody") and Austin.

That study, tightly classified as "Registered Confidential" and printed only in numbered copies, identified untenable weaknesses and failures across the board in the Personal Systems Division as well as across IBM as a whole. This resulted in a decision being made at a level above the Division to cut over 95% of the overall budget for the entire product line, end all new development (including Workplace OS), eliminate the Boca Raton development lab, end all sales and marketing efforts of the product, and lay off over 1,300 development individuals (as well as sales and support personnel). $990 million had been spent in the last full year. Warp 4 became the last distributed version of OS/2.

2001–2006: Discontinuation and end-of-life

Although a small and dedicated community remains faithful to OS/2, OS/2 failed to catch on in the mass market and is little used outside certain niches where IBM traditionally had a stronghold. For example, many bank installations, especially automated teller machines, run OS/2 with a customized user interface; French SNCF national railways used OS/2 1.x in thousands of ticket selling machines. Telecom companies such as Nortel used OS/2 in some voicemail systems. Also, OS/2 was used for the host PC used to control the Satellite Operations Support System equipment installed at NPR member stations from 1994 to 2007, and used to receive the network's programming via satellite.

Although IBM began indicating shortly after the release of Warp 4 that OS/2 would eventually be withdrawn, the company did not end support until December 31, 2006, with sales of OS/2 stopping on December 23, 2005. The latest IBM OS/2 Warp version is 4.52, which was released for both desktop and server systems in December 2001.

IBM is still delivering defect support for a fee. IBM urges customers to migrate their often highly complex applications to e-business technologies such as Java in a platform-neutral manner. Once application migration is completed, IBM recommends migration to a different operating system, suggesting Linux as an alternative.

2001–present: Third-party development

ArcaOS is the most recent OS/2-based operating system developed outside of IBM.

After IBM discontinued development of OS/2, various third parties approached IBM to take over future development of the operating system. The OS/2 software vendor Stardock made such a proposal to IBM in 1999, but it was not followed through by the company. Serenity Systems succeeded in negotiating an agreement with IBM, and began reselling OS/2 as eComStation in 2001. eComStation is now sold by XEU.com, the most recent version (2.1) was released in 2011. In 2015, Arca Noae, LLC announced that they had secured an agreement with IBM to resell OS/2. They released the first version of their OS/2-based operating system in 2017 as ArcaOS. As of 2023, there have been multiple releases of ArcaOS, and it remains under active development.

Petitions for open source

Many people hoped that IBM would release OS/2 or a significant part of it as open source. Petitions were held in 2005 and 2007, but IBM refused them, citing legal and technical reasons. It is unlikely that the entire OS will be open at any point in the future because it contains third-party code to which IBM does not have copyright, and much of this code is from Microsoft. IBM also once engaged in a technology transfer with Commodore, licensing Amiga technology for OS/2 2.0 and above, in exchange for the REXX scripting language. This means that OS/2 may have some code that was not written by IBM, which can therefore prevent the OS from being re-announced as open-sourced in the future. On the other hand, IBM donated Object REXX for Windows and OS/2 to the Open Object REXX project maintained by the REXX Language Association on SourceForge.

There was a petition, arranged by OS2World, to open parts of the OS. Open source operating systems such as Linux have already profited from OS/2 indirectly through IBM's release of the improved JFS file system, which was ported from the OS/2 code base. As IBM didn't release the source of the OS/2 JFS driver, developers ported the Linux driver back to eComStation and added the functionality to boot from a JFS partition. This new JFS driver has been integrated into eComStation v2.0, and later into ArcaOS 5.0.

Summary of releases

Release dates refer to the US English editions unless otherwise noted.

Date Version
December 1987 OS/2 1.0
November 1988 OS/2 1.1
October 1989 OS/2 1.2
December 1990 OS/2 1.3
October 1991 OS/2 2.0 LA (Limited Availability)
April 1992 OS/2 2.0
October 1992 OS/2 2.00.1
May 1993 OS/2 2.1
November 1993 OS/2 for Windows
February 1994 OS/2 2.11
July 1994 OS/2 2.11 SMP
October 1994 OS/2 Warp 3
May 1995 OS/2 Warp Connect
December 1995 OS/2 Warp, PowerPC Edition
February 1996 OS/2 Warp Server 4
September 1996 OS/2 Warp 4
September 1996 OS/2 Warp Server Advanced SMP
November 1997 WorkSpace On-Demand 1.0
October 1998 WorkSpace On-Demand 2.0
April 1999 OS/2 Warp Server for e-Business (version 4.50)
November 2000 OS/2 Convenience Pack 1 (version 4.51)
November 2001 OS/2 Convenience Pack 2 (version 4.52)

Features and technology

User interface

The graphic system has a layer named Presentation Manager that manages windows, fonts, and icons. This is similar in functionality to a non-networked version of X11 or the Windows GDI. On top of this lies the Workplace Shell (WPS) introduced in OS/2 2.0. WPS is an object-oriented shell allowing the user to perform traditional computing tasks such as accessing files, printers, launching legacy programs, and advanced object oriented tasks using built-in and third-party application objects that extended the shell in an integrated fashion not available on any other mainstream operating system. WPS follows IBM's Common User Access user interface standards.

WPS represents objects such as disks, folders, files, program objects, and printers using the System Object Model (SOM), which allows code to be shared among applications, possibly written in different programming languages. A distributed version called DSOM allowed objects on different computers to communicate. DSOM is based on CORBA. The object oriented aspect of SOM is similar to, and a direct competitor to, Microsoft's Component Object Model, though it is implemented in a radically different manner; for instance, one of the most notable differences between SOM and COM is SOM's support for inheritance (one of the most fundamental concepts of OO programming)—COM does not have such support. SOM and DSOM are no longer being developed.

The multimedia capabilities of OS/2 are accessible through Media Control Interface commands. The last update (bundled with the IBM version of Netscape Navigator plugins) added support for MPEG files. Support for newer formats such as PNG, progressive JPEG, DivX, Ogg, and MP3 comes from third parties. Sometimes it is integrated with the multimedia system, but in other offers it comes as standalone applications.

Commands

OS/2 Window (cmd.exe) on Microsoft OS/2 Version 1.3

The following list of commands is supported by cmd.exe on OS/2.

Networking

The TCP/IP stack is based on the open source BSD stack as visible with SCCS what compatible tools. IBM included tools such as ftp and telnet and even servers for both commands. IBM sold several networking extensions including NFS support and an X11 server.

Drivers

Hardware vendors were reluctant to support device drivers for alternative operating systems including OS/2, leaving users with few choices from a select few vendors. To relieve this issue for video cards, IBM licensed a reduced version of the Scitech display drivers, allowing users to choose from a wide selection of cards supported through Scitech's modular driver design.

Virtualization

OS/2 has historically been more difficult to run in a virtual machine than most other legacy x86 operating systems because of its extensive reliance on the full set of features of the x86 CPU; in particular, OS/2's use of ring 2 prevented it from running in early versions of VMware. Newer versions of VMware provide official support for OS/2, specifically for eComStation.

VirtualPC from Microsoft (originally Connectix) has been able to run OS/2 without hardware virtualization support for many years. It also provided "additions" code which greatly improves host–guest OS interactions in OS/2. The additions are not provided with the current version of VirtualPC, but the version last included with a release may still be used with current releases. At one point, OS/2 was a supported host for VirtualPC in addition to a guest. Note that OS/2 runs only as a guest on those versions of VirtualPC that use virtualization (x86 based hosts) and not those doing full emulation (VirtualPC for Mac).

VirtualBox from Oracle Corporation (originally InnoTek, later Sun) supports OS/2 1.x, Warp 3 through 4.5, and eComStation as well as "Other OS/2" as guests. However, attempting to run OS/2 and eComStation can still be difficult, if not impossible, because of the strict requirements of VT-x/AMD-V hardware-enabled virtualization and only ACP2/MCP2 is reported to work in a reliable manner.

ArcaOS supports being run as a virtual machine guest inside VirtualBox, VMware ESXi and VMWare Workstation. It ships with VirtualBox Guest Additions, and driver improvements to improve performance as a guest operating system.

The difficulties in efficiently running OS/2 have, at least once, created an opportunity for a new virtualization company. A large bank in Moscow needed a way to use OS/2 on newer hardware that OS/2 did not support. As virtualization software is an easy way around this, the company desired to run OS/2 under a hypervisor. Once it was determined that VMware was not a possibility, it hired a group of Russian software developers to write a host-based hypervisor that would officially support OS/2. Thus, the Parallels, Inc. company and their Parallels Workstation product was born.

Security niche

OS/2 has few native computer viruses; while it is not invulnerable by design, its reduced market share appears to have discouraged virus writers. There are, however, OS/2-based antivirus programs, dealing with DOS viruses and Windows viruses that could pass through an OS/2 server.

Problems

Some problems were classic subjects of comparison with other operating systems:

  • Synchronous input queue (SIQ): if a GUI application was not servicing its window messages, the entire GUI system could get stuck and a reboot was required. This problem was considerably reduced with later Warp 3 fixpacks and refined by Warp 4, by taking control over the application after it had not responded for several seconds.
  • No unified object handles (OS/2 v2.11 and earlier): The availability of threads probably led system designers to overlook mechanisms which allow a single thread to wait for different types of asynchronous events at the same time, for example the keyboard and the mouse in a "console" program. Even though select was added later, it only worked on network sockets. In case of a console program, dedicating a separate thread for waiting on each source of events made it difficult to properly release all the input devices before starting other programs in the same "session". As a result, console programs usually polled the keyboard and the mouse alternately, which resulted in wasted CPU and a characteristic "jerky" reactivity to user input. In OS/2 3.0 IBM introduced a new call for this specific problem.

Historical uses

OS/2 has been widely used by Iran Export Bank (Bank Saderat Iran) in their teller machines, ATMs and local servers (over 35,000 working stations). As of 2011, the bank moved to virtualize and renew their infrastructure by moving OS/2 to Virtual Machines running over Windows.

OS/2 was widely used by Brazilian banks. Banco do Brasil had a peak 10,000 machines running OS/2 Warp in the 1990s. OS/2 was used in automated teller machines until 2006. The workstations and automated teller machines and attendant computers have been migrated to Linux.

An ATM in Australia revealing during a reboot that it is based on OS/2 Warp

OS/2 has been used in the banking industry. Suncorp bank in Australia still ran its ATM network on OS/2 as late as 2002. ATMs at Perisher Blue used OS/2 as late as 2009, and even the turn of the decade.

OS/2 was widely adopted by accounting professionals and auditing companies. In mid-1990s native 32-bit accounting software were well developed and serving corporate markets.

OS/2 ran the faulty baggage handling system at Denver International Airport. The OS was eventually scrapped, but the software written for the system led to massive delays in the opening of the new airport. The OS itself was not at fault, but the software written to run on the OS was. The baggage handling system was eventually removed.

OS/2 was used by radio personality Howard Stern. He once had a 10-minute on-air rant about OS/2 versus Windows 95 and recommended OS/2. He also used OS/2 on his IBM 760CD laptop.

OS/2 was used as part of the Satellite Operations Support System (SOSS) for NPR's Public Radio Satellite System. SOSS was a computer-controlled system using OS/2 that NPR member stations used to receive programming feeds via satellite. SOSS was introduced in 1994 using OS/2 3.0, and was retired in 2007, when NPR switched over to its successor, the ContentDepot.

OS/2 was used to control the SkyTrain automated light rail system in Vancouver, Canada until the late 2000s when it was replaced by Windows XP.

OS/2 was used in the London Underground Jubilee Line Extension Signals Control System (JLESCS) in London, England. This control system delivered by Alcatel was in use from 1999 to 2011 i.e. between abandonment before opening of the line's unimplemented original automatic train control system and the present SelTrac system. JLESCS did not provide automatic train operation only manual train supervision. Six OS/2 local site computers were distributed along the railway between Stratford and Westminster, the shunting tower at Stratford Market Depot, and several formed the central equipment located at Neasden Depot. It was once intended to cover the rest of the line between Green Park and Stanmore but this was never introduced.

OS/2 has been used by The Co-operative Bank in the UK for its domestic call centre staff, using a bespoke program created to access customer accounts which cannot easily be migrated to Windows.

OS/2 has been used by the Stop & Shop supermarket chain (and has been installed in new stores as recently as March 2010).

OS/2 has been used on ticket machines for Tramlink in outer-London.

OS/2 has been used in New York City's subway system for MetroCards.[78] Rather than interfacing with the user, it connects simple computers and the mainframes. When NYC MTA finishes its transition to contactless payment, OS/2 will be removed.

OS/2 was used in checkout systems at Safeway supermarkets.

OS/2 was used by Trenitalia, both for the desktops at Ticket Counters and for the Automatic Ticket Counters up to 2011. Incidentally, the Automatic Ticket Counters with OS/2 were more reliable than the current ones running a flavor of Windows.

OS/2 was used as the main operating system for Abbey National General Insurance motor and home direct call centre products using the PMSC Series III insurance platform on DB2.2 from 1996 to 2001.

Awards

BYTE in 1989 listed OS/2 as among the "Excellence" winners of the BYTE Awards, stating that it "is today where the Macintosh was in 1984: It's a development platform in search of developers". The magazine predicted that "When it's complete and bug-free, when it can really use the 80386, and when more desktops sport OS/2-capable PCs, OS/2 will—deservedly—supersede DOS. But even as it stands, OS/2 is a milestone product".

In March 1995 OS/2 won seven awards

  • InfoWorld Product of the Year.
  • Five Awards at CeBIT.
    • PC Professional Magazine - Innovation of the Year award.
    • CHIP Magazine named OS/2 Warp the Operating System of the Year.
    • DOS International named OS/2 Warp the Operating System of the Year.
    • 1+1 Magazine awarded it with the Software Marketing Quality award.
    • Industrie Forum awarded it with its Design Excellence.
  • SPA Best Business Software Award.

Malware

From Wikipedia, the free encyclopedia
 
Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and keyloggers).

Malware poses serious problems to individuals and businesses on the Internet. According to Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy $6 trillion USD in 2021, and is increasing at a rate of 15% per year. Since 2021, malware has been designed to target computer systems that run critical infrastructure such as the electricity distribution network.

The defense strategies against malware differ according to the type of malware but most can be thwarted by installing antivirus software, firewalls, applying regular patches, securing networks from intrusion, having regular backups and isolating infected systems. Malware can be designed to evade antivirus software detection algorithms.

History

The notion of a self-reproducing computer program can be traced back to initial theories about the operation of complex automata. John von Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate and investigated other properties of malware such as detectability and self-obfuscation using rudimentary encryption. His 1987 doctoral dissertation was on the subject of computer viruses. The combination of cryptographic technology as part of the payload of the virus, exploiting it for attack purposes was initialized and investigated from the mid 1990s, and includes initial ransomware and evasion ideas.

Before Internet access became widespread, viruses spread on personal computers by infecting executable programs or boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these programs or boot sectors, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. The first IBM PC virus in the "wild" was a boot sector virus dubbed (c)Brain, created in 1986 by the Farooq Alvi brothers in Pakistan. Malware distributors would trick the user into booting or running from an infected device or medium. For example, a virus could make an infected computer add autorunnable code to any USB stick plugged into it. Anyone who then attached the stick to another computer set to autorun from USB would in turn become infected, and also pass on the infection in the same way.

Older email software would automatically open HTML email containing potentially malicious JavaScript code. Users may also execute disguised malicious email attachments. The 2018 Data Breach Investigations Report by Verizon, cited by CSO Online, states that emails are the primary method of malware delivery, accounting for 96% of malware delivery around the world.

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Morris worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes (vulnerabilities) in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.

With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code.

Many early infectious programs, including the Morris Worm, the first internet worm, were written as experiments or pranks. Today, malware is used by both black hat hackers and governments to steal personal, financial, or business information. Today, any device that plugs into a USB port – even lights, fans, speakers, toys, or peripherals such as a digital microscope – can be used to spread malware. Devices can be infected during manufacturing or supply if quality control is inadequate.

Purposes

Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for illicit purposes. Infected "zombie computers" can be used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion. Malware is used broadly against government or corporate websites to gather sensitive information, or to disrupt their operation in general. Further, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords.

In addition to criminal money-making, malware can be used for sabotage, often for political motives. Stuxnet, for example, was designed to disrupt very specific industrial equipment. There have been politically motivated attacks which spread over and shut down large computer networks, including massive deletion of files and corruption of master boot records, described as "computer killing." Such attacks were made on Sony Pictures Entertainment (25 November 2014, using malware known as Shamoon or W32.Disttrack) and Saudi Aramco (August 2012).

Types

There are many possible ways of categorizing malware and some malicious software may overlap into two or more categories. Broadly, software can categorised into three types: (i) goodware; (ii) greyware and (iii) malware.

Classification of potentially malicious software
Data sourced from: Molina-Coronado et. al. (2023)
Type Characteristics Examples Notes
Goodware Obtained from trustworthy sources
Greyware Insufficient consensus and/or metrics
Malware Broad consensus among antivirus software that program is malicious or obtained from flagged sources.

Malware

Hex dump of the Blaster worm, showing a message left for Microsoft co-founder Bill Gates by the worm's programmer

Virus

A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action (such as destroying data). They have been likened to biological viruses. An example of this is a portable execution infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files. A computer virus is software that embeds itself in some other executable software (including the operating system itself) on the target system without the user's knowledge and consent and when it is run, the virus is spread to other executable files.

Worm

A worm is a stand-alone malware software that actively transmits itself over a network to infect other computers and can copy itself without infecting files. These definitions lead to the observation that a virus requires the user to run an infected software or operating system for the virus to spread, whereas a worm spreads itself.

Rootkits

Once malicious software is installed on a system, it is essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a harmful process from being visible in the system's list of processes, or keep its files from being read.

Some types of harmful software contain routines to evade identification and/or removal attempts, not merely to hide themselves. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:

Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.

Backdoors

A backdoor is a broad term for a computer program that allows an attacker persistent unauthorised remote access to a victim's machine often without their knowledge. The attacker typically uses another attack (such as a trojan, worm or virus) to bypass authentication mechanisms usually over an unsecured network such as the Internet to install the backdoor application. A backdoor can also be a side effect of a software bug in legitimate software that is exploited by an attacker to gain access to a victim's computer or network.

The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. It was reported in 2014 that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world. Backdoors may be installed by Trojan horses, worms, implants, or other methods.

Trojan horse

A Trojan horse misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth.

Trojan horses are generally spread by some form of social engineering, for example, where a user is duped into executing an email attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by drive-by download. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller (phoning home) which can then have unauthorized access to the affected computer, potentially installing additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan. While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower, emit more heat or fan noise due to heavy processor or network usage, as may occur when cryptomining software is installed. Cryptominers may limit resource usage and/or only run during idle times in an attempt to evade detection.

Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.

In spring 2017 Mac users were hit by the new version of Proton Remote Access Trojan (RAT) trained to extract password data from various sources, such as browser auto-fill data, the Mac-OS keychain, and password vaults.

Droppers

Droppers are a sub-type of Trojans that solely aim to deliver malware upon the system that they infect with the desire to subvert detection through stealth and a light payload. It is important not to confuse a dropper with a loader or stager. A loader or stager will merely load an extension of the malware (for example a collection of malicious functions through reflective dynamic link library injection) into memory. The purpose is to keep the initial stage light and undetectable. A dropper merely downloads further malware to the system.

Ransomware

Ransomware prevents a user from accessing their files until a ransom is paid. There are two variations of ransomware, being crypto ransomware and locker ransomware. Locker ransomware just locks down a computer system without encrypting its contents, whereas crypto ransomware locks down a system and encrypts its contents. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial sum of money.

Some malware is used to generate money by click fraud, making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser. It was estimated in 2012 that about 60 to 70% of all active malware used some kind of click fraud, and 22% of all ad-clicks were fraudulent.

Lock-screens, or screen lockers is a type of "cyber police" ransomware that blocks screens on Windows or Android devices with a false accusation in harvesting illegal content, trying to scare the victims into paying up a fee. Jisut and SLocker impact Android devices more than other lock-screens, with Jisut making up nearly 60 percent of all Android ransomware detections.

Encryption-based ransomware, like the name suggests, is a type of ransomware that encrypts all files on an infected machine. These types of malware then display a pop-up informing the user that their files have been encrypted and that they must pay (usually in Bitcoin) to recover them. Some examples of encryption-based ransomware are CryptoLocker and WannaCry.

Grayware

Grayware is any unwanted application or file that can worsen the performance of computers and may cause security risks but which there is insufficient consensus or data to classify them as malware. Types of greyware typically includes spyware, adware, fraudulent dialers, joke programs ("jokeware") and remote access tools. For example, at one point, Sony BMG compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying.

Potentially Unwanted Program (PUP)

Potentially unwanted programs (PUPs) are applications that would be considered unwanted despite often being intentionally downloaded by the user. PUPs include spyware, adware, and fraudulent dialers.

Many security products classify unauthorised key generators as PUPs, although they frequently carry true malware in addition to their ostensible purpose. In fact, Kammerstetter et. al. (2012) estimated that as much as 55% of key generators could contain malware and that about 36% malicious key generators were not detected by antivirus software.

Adware

Some types of adware (using stolen certificates) turn off anti-malware and virus protection; technical remedies are available.

Spyware

Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software. The Sony BMG rootkit was intended to prevent illicit copying; but also reported on users' listening habits, and unintentionally created extra security vulnerabilities.

Detection

Antivirus software typically uses two techniques to detect malware: (i) static analysis and (ii) dynamic/heuristic analysis. Static analysis involves studying the software code of a potentially malicious program and producing a signature of that program. This information is then used to compare scanned files by an antivirus program. Because this approach is not useful for malware that has not yet been studied, antivirus software can use dynamic analysis to monitor how the program runs on a computer and block it if it performs unexpected activity.

The aim of any malware is to conceal itself from detection by users or antivirus software. Detecting potential malware is difficult for two reasons. The first is that it is difficult to determine if software is malicious. The second is that malware uses technical measures to make it more difficult to detect it. An estimated 33% of malware is not detected by antivirus software.

The most commonly employed anti-detection technique involves encrypting the malware payload in order to prevent antivirus software from recognizing the signature. Tools such as crypters come with an encrypted blob of malicious code and a decryption stub. The stub decrypts the blob and loads it into memory. Because antivirus does not typically scan memory and only scans files on the drive, this allows the malware to evade detection. Advanced malware has the ability to transform itself into different variations, making it less likely to be detected due to the differences in its signatures. This is known as polymorphic malware. Other common techniques used to evade detection include, from common to uncommon: (1) evasion of analysis and detection by fingerprinting the environment when executed; (2) confusing automated tools' detection methods. This allows malware to avoid detection by technologies such as signature-based antivirus software by changing the server used by the malware; (3) timing-based evasion. This is when malware runs at certain times or following certain actions taken by the user, so it executes during certain vulnerable periods, such as during the boot process, while remaining dormant the rest of the time; (4) obfuscating internal data so that automated tools do not detect the malware; (v) information hiding techniques, namely stegomalware; and (5) fileless malware which runs within memory instead of using files and utilizes existing system tools to carry out malicious acts. The use of existing binaries to carry out malicious activities is a technique known as LotL, or Living off the Land.  This reduces the amount of forensic artifacts available to analyze. Recently these types of attacks have become more frequent with a 432% increase in 2017 and makeup 35% of the attacks in 2018. Such attacks are not easy to perform but are becoming more prevalent with the help of exploit-kits.

Risks

Vulnerable software

A vulnerability is a weakness, flaw or software bug in an application, a complete computer, an operating system, or a computer network that is exploited by malware to bypass defences or gain privileges it requires to run. For example, TestDisk 6.4 or earlier contained a vulnerability that allowed attackers to inject code into Windows. Malware can exploit security defects (security bugs or vulnerabilities) in the operating system, applications (such as browsers, e.g. older versions of Microsoft Internet Explorer supported by Windows XP), or in vulnerable versions of browser plugins such as Adobe Flash Player, Adobe Acrobat or Reader, or Java SE. For example, a common method is exploitation of a buffer overrun vulnerability, where software designed to store data in a specified region of memory does not prevent more data than the buffer can accommodate being supplied. Malware may provide data that overflows the buffer, with malicious executable code or data after the end; when this payload is accessed it does what the attacker, not the legitimate software, determines.

Malware can exploit recently discovered vulnerabilities before developers have had time to release a suitable patch. Even when new patches addressing the vulnerability have been released, they may not necessarily be installed immediately, allowing malware to take advantage of systems lacking patches. Sometimes even applying patches or installing new versions does not automatically uninstall the old versions. Security advisories from plug-in providers announce security-related updates. Common vulnerabilities are assigned CVE IDs and listed in the US National Vulnerability Database. Secunia PSI is an example of software, free for personal use, that will check a PC for vulnerable out-of-date software, and attempt to update it. Other approaches involve using firewalls and intrusion prevention systems to monitor unusual traffic patterns on the local computer network.

Excessive privileges

Users and programs can be assigned more privileges than they require, and malware can take advantage of this. For example, of 940 Android apps sampled, one third of them asked for more privileges than they required. Apps targeting the Android platform can be a major source of malware infection but one solution is to use third party software to detect apps that have been assigned excessive privileges.

Some systems allow all users to modify their internal structures, and such users today would be considered over-privileged users. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an administrator or root, and a regular user of the system. In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This can be because users tend to demand more privileges than they need, so often end up being assigned unnecessary privileges.

Some systems allow code executed by a user to access all rights of that user, which is known as over-privileged code. This was also standard operating procedure for early microcomputer and home computer systems. Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user.

Weak passwords

A credential attack occurs when a user account with administrative privileges is cracked and that account is used to provide malware with appropriate privileges. Typically, the attack succeeds because the weakest form of account security is used, which is typically a short password that can be cracked using a dictionary or brute force attack. Using strong passwords and enabling two-factor authentication can reduce this risk. With the latter enabled, even if an attacker can crack the password, they cannot use the account without also having the token possessed by the legitimate user of that account.

Use of the same operating system

Homogeneity can be a vulnerability. For example, when all computers in a network run the same operating system, upon exploiting one, one worm can exploit them all. In particular, Microsoft Windows or Mac OS X have such a large share of the market that an exploited vulnerability concentrating on either operating system could subvert a large number of systems. It is estimated that approximately 83% of malware infections between January and March 2020 were spread via systems running Windows 10. This risk is mitigated by segmenting the networks into different subnetworks and setting up firewalls to block traffic between them.

Mitigation

Antivirus / Anti-malware software

Anti-malware (sometimes also called antivirus) programs block and remove some or all types of malware. For example, Microsoft Security Essentials (for Windows XP, Vista, and Windows 7) and Windows Defender (for Windows 8, 10 and 11) provides real-time protection. The Windows Malicious Software Removal Tool removes malicious software from the system. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use). Tests found some free programs to be competitive with commercial ones.

Typically, antivirus software can combat malware in the following ways:

  1. Real-time protection: They can provide real time protection against the installation of malware software on a computer. This type of malware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming network data for malware and blocks any threats it comes across.
  2. Removal: Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. This type of anti-malware software scans the contents of the Windows registry, operating system files, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which files to delete or keep, or to compare this list to a list of known malware components, removing files that match.
  3. Sandboxing: Provide sandboxing of apps considered dangerous (such as web browsers where most vulnerabilities are likely to be installed from).

Real-time protection

A specific component of anti-malware software, commonly referred to as an on-access or real-time scanner, hooks deep into the operating system's core or kernel and functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system. Any time the operating system accesses a file, the on-access scanner checks if the file is infected or not. Typically, when an infected file is found, execution is stopped and the file is quarantined to prevent further damage with the intention to prevent irreversible system damage. Most AVs allow users to override this behaviour. This can have a considerable performance impact on the operating system, though the degree of impact is dependent on how many pages it creates in virtual memory.

Sandboxing

Because many malware components are installed as a result of browser exploits or user error, using security software (some of which are anti-malware, though many are not) to "sandbox" browsers (essentially isolate the browser from the computer and hence any malware induced change) can also be effective in helping to restrict any damage done.

Website security scans

Website vulnerability scans check the website, detect malware, may note outdated software, and may report known security issues, in order to reduce the risk of the site being compromised.

Network Segregation

Structuring a network as a set of smaller networks, and limiting the flow of traffic between them to that known to be legitimate, can hinder the ability of infectious malware to replicate itself across the wider network. Software-defined networking provides techniques to implement such controls.

"Air gap" isolation or "parallel network"

As a last resort, computers can be protected from malware, and the risk of infected computers disseminating trusted information can be greatly reduced by imposing an "air gap" (i.e. completely disconnecting them from all other networks) and applying enhanced controls over the entry and exit of software and data from the outside world. However, malware can still cross the air gap in some situations, not least due to the need to introduce software into the air-gapped network and can damage the availability or integrity of assets thereon. Stuxnet is an example of malware that is introduced to the target environment via a USB drive, causing damage to processes supported on the environment without the need to exfiltrate data.

AirHopper, BitWhisper, GSMem  and Fansmitter are four techniques introduced by researchers that can leak data from air-gapped computers using electromagnetic, thermal and acoustic emissions.

Research

Utilizing bibliometric analysis, the study of malware research trends from 2005 to 2015, considering criteria such as impact journals, highly-cited articles, research areas, productivity, keyword frequency, institutions, and authors, revealed an annual growth rate of 34.1%. North America led in research output, followed by Asia and Europe. China and India were identified as emerging contributors.

Delayed-choice quantum eraser

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Delayed-choice_quantum_eraser A delayed-cho...