Tuesday, July 7, 2009

Build your own Windows Security Center

Introduction

Windows Security Center in Windows® XP was made and designed to monitor three different security essentials, Windows Firewall status, Windows Updates settings and antivirus product status. The Windows Security Center has succeeded in protecting and keeping the user updated about each security essential.


1.png
Figure A: The Windows Security Center in Windows® XP.

The Windows Security Center User Interface

Windows Security Center has a very simple and basic graphic user interface (GUI). As described below.

2.png
Figure B: The Windows Security Center user interface described.

The Windows Security Center user interface is very easy to understand. But at the same time Windows Security Center user interface still advanced. However, each message alerts and describes something.

3.gif If you're using the Windows Firewall or [3rd party firewall], have Automatic Updates turned on, and use an antivirus program all windows should show on with a green light.

4.gif You will see this if Automatic Updates or the Windows Firewall is turned off [or if you aren't using a 3rd party one].

5.gif You will see this if an antivirus program isn't found.

6.gif You will see this if you've told Windows Security Center to not monitor your Windows Firewall [or you’re 3rd party firewall] or antivirus settings.

How does Windows Security Center Work?

In order to build your own Windows Security Center, you should first understand how an already working security center works. The Windows Security Center in Windows® XP was the first security center Microsoft made. The Windows Security Center finds information about the three security essentials like this:

  • Windows Firewall Status: Windows Security Center finds the Windows Firewall settings through the Windows Firewall API. The file that has these is: hnetcfg.dll.

    However, we need the Class Identifier (CLSID) which also is required to obtain a reference to the Windows Firewall Manager class.

    CLSID = {304CE942-6E39-40D8-943A-B913C40C9CD4}

    Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
  • 3rd Party Firewall Status: The Windows Security Center finds 3rd party firewalls through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.

    WMI root path: \\HOSTNAME\ROOT\SecurityCenter:FirewallProduct

  • Windows Updates Status: Windows Security Center finds the automatic update settings through the Windows Registry.

    Registry path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\

    Key: AUOptions

  • Antivirus Status: Windows Security Center finds the antivirus product through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.

    WMI root path: \\HOSTNAME\ROOT\SecurityCenter:AntiVirusProduct

  • The Windows Security Center, in fact, does not have these three security status essential functions inside its self. However, the real fact is that Windows Security Center keeps monitoring the three security essentials thanks to its Windows Security Center Service running in the background.

You can also look at the architecture illustration below, to gain better understanding.
WindowsSecurityCenter.png
Illustration: The way Windows Security Center in Windows® XP works. Windows Security Center checks and monitors all the three security essentials.
(I used some nice icons here to make a better illustration).

Build your Own Windows Security Center

Now, to the final: we are going to build our own Windows Security Center.
Starting off with the Windows Forms GUI, I added about 8 panel controls. I also added some labels, pictureboxes and three timers.

Add the Windows Firewall API

To control the Windows Firewall from your windows application you need to add some references.


See full detail: http://www.codeproject.com/KB/cs/xpsecuritycenter.aspx

No comments: