THE FEDERAL POLYTECHNIC, BAUCHI

DEPARTMENT OF CYBER SECURITY AND DATA PROTECTION

CDP 312: OPERATING SYSTEM SECURITY

Lecture Notes Designed For:

HND I - Cyber Security and Data Protection (CDP)

Prepared By:

IDRIS YA’U IDRIS

(DEPARTMENT OF CYBER SECURITY AND DATA PROTECTION)

 INTRODUCTION TO OPERATING SYSTEM
1. MEANING AND CONCEPT OF AN OPERATING SYSTEM

An Operating System (OS) is a specialized system software that acts as an intermediary between
computer hardware and the user. It manages hardware resources such as the CPU, memory, storage
devices, and input/output peripherals while providing an environment for application programs to
run efficiently. Without an operating system, a computer cannot function in a structured or user-
friendly manner. In practical terms, when you power on your laptop in a lecture hall or office in
Abuja, it is the OS that initializes the hardware, loads system services, and presents the desktop
environment that allows you to open applications like Word or Chrome. The OS ensures
coordination, fairness, efficiency, and security in the use of computer resources.

Common examples of operating systems include:

Microsoft Windows
macOS
Linux
Android

2. EVOLUTION OF OPERATING SYSTEMS

Understanding the historical development of operating systems helps us appreciate modern

computing complexity.

Early Systems (No Operating System)

In the 1940s and early 1950s, computers had no operating systems. Programs were written directly
in machine language and executed manually. Each task had to be loaded and managed by human
operators. There was no multitasking, no memory protection, and no graphical interface. These
systems were large, expensive, and used primarily in research institutions and government
establishments.

Batch Processing Systems

In batch systems, similar jobs were grouped together and processed sequentially without user
interaction. For example, payroll processing in government ministries would involve feeding
stacks of punched cards into the computer. The system would execute all jobs one after another.
While this improved efficiency, it lacked real-time interaction and flexibility.

Multiprogramming Systems

2
Multiprogramming allowed multiple programs to reside in memory at the same time. When one
program was waiting for input/output operations, the CPU could switch to another. This improved
CPU utilization significantly. This development laid the foundation for modern multitasking
systems where multiple applications run simultaneously.

Time-Sharing Systems

Time-sharing systems allowed multiple users to interact with a computer simultaneously. Each
user was given a small slice of CPU time. Universities were early adopters of time-sharing systems.
This concept evolved into today’s cloud-based multi-user environments.

Modern Operating Systems

Modern systems incorporate graphical interfaces, networking capabilities, virtualization, security

mechanisms, and support for distributed computing. They are designed not only for performance
but also for security and scalability. Today’s operating systems power desktops, servers,
smartphones, and even embedded systems.

3. CORE FUNCTIONS OF AN OPERATING SYSTEM

3.1 Process Management

Process management refers to the OS’s ability to create, schedule, execute, and terminate
processes. A process is simply a program in execution. The operating system determines which
process gets access to the CPU and for how long. In Windows, you can observe active processes
using Task Manager. For instance, when running a web browser, media player, and coding
software simultaneously, the OS allocates CPU time among them using scheduling algorithms.
Windows uses preemptive multitasking, meaning it can interrupt a running process to allow
another process to execute. This ensures fairness and system responsiveness.

3.2 Memory Management

Memory management involves allocating and deallocating memory space as needed by processes.
Each program is given a separate memory space to prevent interference. Modern operating systems
implement virtual memory, which allows systems to use disk space as an extension of RAM. For
example, if your laptop has 4GB RAM and you open heavy applications like video editing
software, the OS creates a page file to store inactive memory pages on disk temporarily. This
technique ensures continuity of operations but may reduce speed due to disk access latency.

3.3 File System Management

3
The operating system organizes and manages data stored on disks using a file system. In Windows,
the most common file system is NTFS. The file system determines how data is stored, retrieved,
and protected. For example, when you save a research document, the OS assigns it a logical
location within directories and physically stores it on disk sectors. NTFS also supports file
permissions and encryption, which are essential in corporate and academic environments where
data security is critical.

3.4 Device Management

Device management involves controlling hardware components through device drivers. A driver
is a small software program that enables communication between the OS and hardware. For
instance, when you connect a printer to your system, Windows automatically installs the
appropriate driver to allow printing. If drivers are corrupted, hardware devices may fail to function
properly. In extreme cases, faulty drivers can cause system crashes.

3.5 Security and Access Control

Security is a major responsibility of modern operating systems. The OS ensures that only
authorized users access specific resources. It manages authentication (verifying identity) and
authorization (granting permissions). Windows includes features like User Account Control,
Windows Defender, and BitLocker encryption. In financial institutions, encryption ensures that
even if a laptop is stolen, confidential information remains inaccessible without proper credentials.

4. HISTORY OF WINDOWS OPERATING SYSTEM

Developed by: Microsoft

Co-founded by: Bill Gates

Windows 1.0 (1985)

Figure 1: Example of Windows 1.0 screen Layout

4
Windows 1.0 was a graphical extension of MS-DOS. It introduced mouse support and tiled
windows but lacked overlapping window functionality. It was not widely adopted, but it laid the
foundation for graphical user interfaces in personal computing.

Windows 95 (1995)

Figure 2: Example of Windows 95 screen Layout

Windows 95 introduced the Start Menu, taskbar, and 32-bit architecture. It significantly improved
hardware compatibility and usability. It marked a turning point in personal computing and became
extremely popular worldwide.

Windows XP (2001)

Figure 3: Example of Windows XP screen Layout

Built on the Windows NT kernel, XP provided improved stability and networking features. Its
user-friendly interface made it one of the most successful Windows versions ever released.

Windows 10 (2015)

5
 Figure 4: Example of Windows 10 screen Layout

Windows 10 adopted a “Windows as a Service” model with continuous updates. It integrated cloud
services and improved security features. It became the standard for business and educational
institutions.

Windows 11 (2021 - Present)

Figure 5: Example of Windows 11 screen Layout

Windows 11 emphasizes design modernization and security enhancements. It requires TPM 2.0
for improved hardware-based security and introduces better multitasking tools like Snap Layouts.

5 ARCHITECTURE AND OPERATIONS OF WINDOWS

Overview of Windows NT Hybrid Architecture

Modern Windows operating systems, beginning with Windows 2000 and continuing through
Windows 10 and Windows 11, are built on the Windows NT hybrid kernel architecture. A hybrid
kernel combines the performance advantages of a monolithic kernel with the modularity and
stability principles of a microkernel. This means that while core components run in kernel mode
for speed, the system still maintains structured separation to prevent failures from spreading across
the entire operating system. The result is a system designed to balance performance, security,

6
hardware compatibility, and stability, making Windows suitable for personal computers, enterprise
servers, and institutional environments such as universities and corporate offices.

5.1 Windows Architectural Structure

Figure 6: Simple Windows Architectural Structure

Windows architecture is broadly divided into User Mode and Kernel Mode, with clearly defined
boundaries that prevent unauthorized access to critical system components. This separation is
fundamental to system stability and security.

a) User Mode

7
User Mode is the environment where regular applications and certain system services execute.
Programs running in User Mode do not have direct access to hardware or critical memory areas.
Instead, they must request services from the operating system through well-defined interfaces such
as the Win32 API. This restriction prevents applications from interfering with core system
operations.

For example, when a student opens Microsoft Word in a computer lab to prepare an assignment,
the application runs in User Mode. If Word freezes due to a bug or crashes because of corrupted
data, the operating system remains unaffected. The user may lose unsaved work, but the entire
computer does not shut down. This isolation mechanism ensures that one faulty program cannot
compromise the stability of the entire system.

Additionally, browsers like Chrome run each tab as a separate User Mode process. If one webpage
crashes due to malicious scripts, other tabs and the operating system continue functioning
normally. This design significantly improves reliability and user experience.

b) Kernel Mode

Kernel Mode is the privileged part of the operating system that has unrestricted access to hardware
and system memory. It contains the most critical components responsible for managing system
resources and ensuring proper communication between software and hardware.

Because Kernel Mode operates with full privileges, any error at this level can potentially crash the
entire system. This is why Windows carefully controls which components are allowed to run in
Kernel Mode, primarily limiting it to trusted OS components and hardware drivers.

For instance, when you connect a USB flash drive, the system loads the appropriate driver in
Kernel Mode. The driver communicates directly with the hardware and informs the OS about the
device’s availability. If that driver is corrupted or incompatible, it may cause a system-wide crash,
commonly known as the Blue Screen of Death (BSOD). This demonstrates both the power and
sensitivity of Kernel Mode operations.

i. The Executive

The Executive is a core component within Kernel Mode responsible for managing high-level
system functions such as process management, memory management, I/O operations, and security
enforcement. It acts as the control center of the Windows operating system, ensuring that system
resources are allocated efficiently and fairly among running programs.

For example, when multiple students in a lab are running programming software, media players,
and browsers simultaneously, the Executive ensures that each process receives appropriate CPU

8
time and memory allocation. Without this centralized management, one program could
monopolize system resources, leading to poor performance or crashes.

ii. Hardware Abstraction Layer (HAL)

The Hardware Abstraction Layer (HAL) provides an interface between the Windows kernel and
the physical hardware. Instead of the operating system communicating directly with specific
hardware models, it communicates with the HAL, which translates instructions into hardware-
specific commands.

This abstraction enables Windows to run on various hardware platforms without requiring a
complete redesign. For example, whether a computer uses an Intel or AMD processor, Windows
interacts through the HAL, ensuring compatibility. In real-life enterprise environments, this
flexibility allows IT departments to deploy Windows across diverse hardware configurations with
minimal modification.

iii. Device Drivers

Device drivers are specialized software components that allow the operating system to
communicate with hardware devices such as printers, keyboards, graphics cards, and network
adapters. Since drivers operate in Kernel Mode, they must be carefully designed and verified to
prevent instability.

For example, when printing examination scripts in a university office, the printer driver translates
the document data into signals the printer understands. If the driver functions correctly, printing is
seamless. However, if a faulty driver is installed, it may result in system crashes or printing
failures. This highlights the importance of secure and stable driver implementation.

5.2 KEY WINDOWS OPERATIONS

I. Boot Process

The boot process begins when the system is powered on. The BIOS or UEFI initializes hardware
components, then loads the Windows Boot Manager. The kernel is loaded into memory, followed
by drivers and system services. Finally, the user login interface appears.

II. Scheduling and Multitasking

Windows uses priority-based scheduling to manage CPU allocation. High-priority tasks such as
system processes are given more CPU time. This ensures system responsiveness and reliability.

III. Virtual Memory Operation

9
When physical RAM is insufficient, Windows uses a page file stored on disk. This allows
programs to continue running even when RAM is exhausted. However, performance decreases
because disk access is slower than RAM.

IV. Interrupt Handling

Interrupts are signals from hardware devices requesting CPU attention. For example, when a key
is pressed, the keyboard generates an interrupt. The OS temporarily halts the current process to
handle the input, then resumes normal execution.

V. Process Management

Process management in Windows involves creating, scheduling, and terminating processes and
threads. When a user launches a program, Windows uses the CreateProcess API to allocate system
resources and establish a protected memory space for that application.

For instance, when a lecturer opens PowerPoint, a new process is created with its own memory
space and execution threads. If PowerPoint stops responding, Windows allows the user to
terminate that process through Task Manager without affecting other applications like Excel or a
web browser.

Windows also uses scheduling algorithms to assign CPU time based on priority levels. Antivirus
software may receive higher priority during system scans, while background updates operate at
lower priority to avoid disturbing active tasks. This intelligent scheduling ensures balanced system
performance.

VI. Memory Management

Windows employs a virtual memory system that gives each process the illusion of having
exclusive access to a large memory space. Even if a computer has limited physical RAM, the
operating system uses a paging mechanism to move inactive memory pages to disk storage (page
file) when necessary.

Consider a laptop with 8GB RAM running multiple applications simultaneously. If RAM becomes
insufficient, Windows temporarily stores less-used data on the hard drive. When the user switches
back to a minimized application, the required data is loaded back into RAM. This process is known
as paging, and if data must be retrieved from disk, a page fault occurs.

This system prevents one program from accessing another program’s memory, thereby enhancing
security. For example, a malicious application cannot read passwords stored in another
application's memory space due to enforced isolation.

10
VII. Input/ Output (I/O) Operations

Windows manages input and output through a structured I/O system that coordinates
communication between software and hardware devices. The I/O Manager processes requests such
as reading files, writing documents, or accessing network resources.

The primary file system used by Windows is NTFS (New Technology File System). NTFS
supports advanced features such as file permissions, encryption, compression, and journaling.
Journaling ensures that in case of sudden power failure, the file system can recover to a consistent
state.

For example, if a student saves a final-year project and power suddenly goes out, NTFS uses its
journal log to restore unsaved or partially written data upon reboot. This reliability is crucial in
academic and corporate environments where data integrity is essential.

VIII. Security Model (Access Control Lists – ACLs)

Windows enforces security using Access Control Lists (ACLs), which define who can access
specific files or system resources and what actions they are permitted to perform. Each file or
resource has an owner and a set of permissions assigned to users or groups.

In a university setting, students may have permission to read lecture materials but cannot install
software or modify system settings. Administrators, however, possess broader privileges. These
permissions are enforced automatically by the OS, preventing unauthorized access.

This layered security model ensures controlled access, reduces the risk of malware spreading, and
protects sensitive institutional data.

IX. Enterprise Integration (Active Directory)

In enterprise environments, Windows integrates with Active Directory to provide centralized

authentication and policy management. Active Directory allows organizations to manage users,
computers, and permissions from a central server.

For example, when students log into campus computers using their institutional credentials, Active
Directory verifies their identity and applies predefined policies. If a student graduates, the IT
department can disable the account centrally, preventing access across all systems. This centralized
control enhances both security and administrative efficiency.

5.3 Architectural Benefits: Stability and Security

11
The separation between User Mode and Kernel Mode ensures that application-level errors do not
compromise the entire system. Memory protection mechanisms prevent unauthorized access
between processes, while HAL provides hardware independence. Additionally, ACL-based
security and enterprise authentication mechanisms strengthen system protection.

Together, these architectural principles ensure that Windows remains stable even under heavy
workload conditions, such as running multiple applications in an academic lab or enterprise office.
The hybrid kernel design minimizes system crashes, enhances hardware compatibility, and
provides layered security protections that safeguard both individual users and large organizations.

6. CONFIGURING, MONITORING, AND SECURING WINDOWS

Modern Windows operating systems such as Windows 10 and Windows 11 provide built-in tools
for system configuration, performance monitoring, and security enforcement. Proper configuration
ensures the system operates according to user or organizational requirements. Continuous
monitoring helps detect performance issues and system faults early, while layered security
mechanisms protect against cyber threats such as malware, ransomware, phishing attacks, and
unauthorized access.

In real-world environments like universities, banks, hospitals, and corporate offices, failure to
properly configure, monitor, and secure Windows systems can result in data breaches, system
downtime, or financial loss. Therefore, system administrators must understand how these
components work together.

1. Windows Configuration

12
13
Windows configuration refers to adjusting system settings to meet specific user or organizational
requirements. This includes managing user accounts, defining password policies, configuring
system behavior, and applying administrative controls.

A. User Account Configuration

User accounts in Windows are managed through Settings > Accounts or via administrative tools
such as Computer Management. Administrators can create standard users, administrators, guest
accounts, or domain accounts in enterprise environments.

Real-Life Example

In a university computer laboratory:

Students are given standard accounts.

They can use Microsoft Word, browsers, and academic software.
They cannot install software or modify system settings.

The IT administrator has an administrator account with full privileges to:

Install drivers
Configure printers
Update system software

This separation prevents accidental or malicious system modification.

14
B. Group Policy ([Link])

Group Policy is a powerful Windows feature used mainly in enterprise environments to enforce
security and operational rules across multiple computers. It is accessed through [Link]
(Local Group Policy Editor) or managed centrally via domain controllers.

Administrators can configure:

Password complexity requirements

Account lockout policies
Software restrictions
Desktop restrictions

Real-Life Example

In a bank:

Passwords must contain uppercase, lowercase, numbers, and special characters.

Accounts lock after three failed login attempts.
USB storage devices may be disabled to prevent data theft.

These policies are enforced automatically through Group Policy, ensuring compliance without
requiring manual configuration on each machine.

2. Windows Monitoring

15
16
17
Monitoring ensures that system performance remains stable and that issues are detected early
before they cause failure. Windows provides several built-in monitoring tools.

A. Task Manager

Task Manager provides real-time monitoring of CPU, memory, disk, and network usage. It also
shows running processes and startup applications.

Real-Life Example

A student complains that a computer is “very slow.” The IT technician opens Task Manager and
notices:

CPU usage at 100%

A background application consuming excessive memory

By ending the unnecessary process, performance improves immediately. Task Manager therefore
helps identify and resolve real-time performance issues.

B. Performance Monitor (perfmon)

Performance Monitor allows administrators to track system performance over time by collecting
logs and generating graphical reports. It monitors counters such as:

Processor usage
Disk read/write rates
Network activity
Memory utilization

Real-Life Example

In a corporate office, employees report that systems become slow every afternoon. Using
Performance Monitor, the administrator discovers:

Network bandwidth spikes daily at 2 PM

Backup software runs during working hours

The schedule is adjusted to midnight, solving the issue. Without monitoring tools, diagnosing such
problems would be difficult.

C. Event Viewer

18
Event Viewer logs system events including:

Application errors
Security warnings
Login attempts
System crashes

Real-Life Example

If a server suddenly restarts overnight, the administrator can check Event Viewer to determine
whether the cause was:

A power issues
A failed driver
A malware attempts
A system updates

Event Viewer acts like a “black box recorder” for Windows systems.

3. Windows Security

Security in Windows involves protecting data, preventing unauthorized access, and defending
against cyber threats.

A. Windows Defender Firewall

Windows Defender Firewall filters incoming and outgoing network traffic based on predefined
security rules. It prevents unauthorized external access while allowing legitimate communication.

Real-Life Example

If a hacker attempts to access a university server remotely, the firewall blocks suspicious network
traffic. Without a firewall, attackers could exploit open ports to gain access.

19
B. Windows Update

Windows Update automatically installs security patches and bug fixes. Many cyberattacks exploit
known vulnerabilities in outdated systems.

Real-Life Example

The WannaCry ransomware attack exploited unpatched Windows systems. Organizations that
enabled automatic updates were protected because security patches had already been installed.

Keeping Windows updated closes security loopholes before attackers exploit them.

C. BitLocker Drive Encryption

BitLocker encrypts entire drives, protecting data even if a device is stolen.

Real-Life Example

If a lecturer’s laptop containing student results is stolen, BitLocker ensures that thieves cannot
access the files without authentication. Even if the hard drive is removed and connected to another
computer, the data remains encrypted.

D. User Account Control (UAC) - Least Privilege Principle

User Account Control enforces the principle of least privilege, meaning users operate with the
minimal permissions necessary. When a task requires administrative rights, Windows prompts for
confirmation.

Real-Life Example

When installing new software, a UAC prompt appears asking for administrator approval. This
prevents malware from installing itself silently without user consent.

E. Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra security layer by requiring:

Something you know (password)

Something you have (OTP, phone)
Something you are (fingerprint)

Real-Life Example

20
In an enterprise environment using Microsoft accounts, employees may enter a password and then
confirm login via a mobile authentication app. Even if a hacker steals the password, access is
denied without the second factor.

4. Common Threats and Mitigation

Common Windows threats include:

Malware
Ransomware
Phishing attacks
Insider threats
Exploitation of unpatched vulnerabilities

Most attacks succeed because systems are:

Not updated
Using weak passwords
Running without firewalls
Granting excessive privileges

21