OS Vulnerabilities

An operating system is an essential component of the system software in a computer system .It is a collection of software that manages computer hardware resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function, because it acts as an intermediary between the programs and the computer hardware. Operating systems can be found on almost any device that.

Because OS is a software it may have vulnerabilities inside no matter whether it is a Linux, Windows, BSD.
Vulnerabilities in the OS are exploited by a malware or some kind of network attack. The purpose is to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can be in the form of code, scripts, active content, and all other kind of hostile and intrusive software. Malware is used primarily to steal sensitive information of personal, financial, or business importance. Infected computers are put under control (zombified) and are used to send email spam, to host contraband data or to engage in distributed denial-of-service attacks.

Attacks against OS could be:
• Active attack – it attempts to alter system resources or affect their operation
• Passive attack – it attempts to learn or make use of information from the system but does not affect system resources
• Inside attack – it is an attack initiated by an entity inside the security perimeter, i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization
• Outside attack – is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
A whole industry is working trying to minimize the likelihood and the consequence of an information attack.

Mitigation
OS vulnerabilities mitigating techniques follows some basic rules:
• Regular software patching of virtual machine operating system
• Installing minimum software application, because they also could have vulnerabilities
• Use of virtual security appliance which has traffic isolation and firewalling capabilities