The document discusses the concept of file paths in computer systems, including how they represent unique locations within a filesystem using delimiters like slashes and backslashes. It outlines operating system access rights (CRUD), the nature of malware such as viruses, worms, and trojans, and how they propagate, as well as detailing Microsoft's process for addressing software vulnerabilities through patching. Overall, it emphasizes the importance of security in computing environments and the methods by which users can be protected from malicious software.

1. Ans.1
A path, the general form of the name of a file or directory, specifies a unique location in a
filesystem. A path points to a file system location by following the directory tree
hierarchyexpressed in a string of characters in which path components, separated by a
delimitingcharacter, represent each directory.
The delimiting character is most commonly the slash ("/"),the backslash character (""), or
colon (":"), though some operating systems may use a differentdelimiter. Paths are used
extensively in computer science to represent the directory/filerelationships common in modern
operating systems, and are essential in the construction ofUniform Resource Locators
(URLs).Systems can use either absolute or relative paths.
A full path or absolute path is a path thatpoints to the same location on one file system regardless
of the working directory or combinedpaths. It is usually written in reference to a root directory.
Ans.2
An operating system provides four access rights for files and most other resources:
• Create a new instance of the resource (for example, a new file).
• Read the contents of a particular resource.
• Update or write ” or “modify” a particular resource.
• Delete or destroy an existing resource.
The names of these four rights form the acronym CRUD While the four rights also may apply to
RAM and processes, its more common for programs to apply them to files. When a process tries
to create or use a file, it inherits whatever rights belong to the user who started the process. Some
systems also provide a right to append to a file; that is, add data to the end of the file without
reading its contents. There also may be an execute right.
Ans. 8
Computer worms are similar to viruses in that they replicate functional copies of themselves and
can cause the same type of damage. In contrast to viruses, which require the spreading of an
infected host file, worms are standalone software and do not require a host program or human
help to propagate.A Trojan is another type of malware named after the wooden horse the Greeks
used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically
tricked into loading and executing it on their systems. After it is activated, it can achieve any
number of attacks on the host, from irritating the user (popping up windows or changing
desktops) to damaging the host (deleting files, stealing data, or activating and spreading other
malware, such as viruses). Trojans are also known to create back doors to give malicious users
access to the system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-

2. replicate. Trojans must spread through user interaction such as opening an e-mail attachment or
downloading and running a file from the Internet.
ans. 18
"Malware" is a term for any software that gets installed on your machine and performs
unwanted tasks, often for some third party's benefit. Malware programs can range from being
simple annoyances (pop-up advertising) to causing serious computer invasion and damage (e.g.,
stealing passwords and data or infecting other machines on the network). Additionally, some
malware programs are designed to transmit information about your web-browsing habits to
advertisers or other third party interests without you knowing.
Types of malware
Some categories of malware are:
How malware gets through
Malware writers are very experienced in using tricks to get users to download their malware.
Software that comes bundled with "other software" is often called a "Trojan Horse." For
example, an instant messenger software could be bundled with a program such as WildTangent,
a known spyware offender. Peer-to-peer file sharing software bundle various types of malware
that are categorized as spyware or adware. Software that promises to speed up your internet
connection or assist with downloads (e.g., My Web Search) will often contain adware. Another
common way to infect a computer is through email containing a seemingly benign link or email
attachment.
Malware can exploit security holes in your browser as a way of invading your machine.
Sometimes websites state that software is needed to view the site, in an attempt to trick users into
clicking "Yes," thus installing software onto their machines. Another trick is if you click
"No," many error windows display. Other sites will tell you that using a certificate makes their
site "safe" which is not the case. Certificate verification means only that the company that
wrote the software is the same as the company whose name appears on the download prompt.
Some malware provides no uninstall option, and installs code in unexpected and hidden places
(e.g., the Windows registry) or modifies the operating system, thus making it more difficult to
remove.
ans. 12
A vendor follows the general steps of reporting, investigation, development, test, and release of a
software patch.An example of microsoft is explained hereby.
Microsoft uses our membership in the Organization for Internet Safety to strongly promote the
principles of responsible reporting. A central principle is the belief that the best way to minimize
customer risk is for security researchers to work closely with vendors to identify issues and fix
them before they are publicized.

3. When Microsoft releases a patch concurrently with an announcement of a vulnerability, it is a
result of having identified the issue and worked through the patch release process prior to
communicating publicly. This means our customers will have an opportunity to protect
themselves from malicious hackers seeking to exploit the vulnerability. However, when
vulnerabilities are announced publicly at the same time Microsoft is notified, customers remain
exposed to malicious attackers.
Once a potential issue is reported to Microsoft, either privately or publicly, our team immediately
begins an investigation to reproduce and verify the reported issue and to identify any associated
or variant issues. Historically, only about 1 out of 10 reported issues turns out to be a new and
unique security issue that warrants opening an investigation, while the other 9 fall into categories
of known issues, non-security issues, or errors.
If an issue is replicable, a priority is assigned to it and potential fixes, mitigations, and
workarounds are developed. We’ve learned over time that mitigations and workarounds are very
important for empowering users to control when and how they manage their risk. Chartered with
defining and implementing the process for responding to reported software security issues, the
Microsoft Security Response Center works closely with the affected product group to do this
investigation, and, further, to expand the investigation to other supported versions of products so
that we can gain a complete understanding of how an issue may affect customers.
Solution
Ans.1
A path, the general form of the name of a file or directory, specifies a unique location in a
filesystem. A path points to a file system location by following the directory tree
hierarchyexpressed in a string of characters in which path components, separated by a
delimitingcharacter, represent each directory.
The delimiting character is most commonly the slash ("/"),the backslash character (""), or
colon (":"), though some operating systems may use a differentdelimiter. Paths are used
extensively in computer science to represent the directory/filerelationships common in modern
operating systems, and are essential in the construction ofUniform Resource Locators
(URLs).Systems can use either absolute or relative paths.
A full path or absolute path is a path thatpoints to the same location on one file system regardless
of the working directory or combinedpaths. It is usually written in reference to a root directory.
Ans.2
An operating system provides four access rights for files and most other resources:
• Create a new instance of the resource (for example, a new file).

4. • Read the contents of a particular resource.
• Update or write ” or “modify” a particular resource.
• Delete or destroy an existing resource.
The names of these four rights form the acronym CRUD While the four rights also may apply to
RAM and processes, its more common for programs to apply them to files. When a process tries
to create or use a file, it inherits whatever rights belong to the user who started the process. Some
systems also provide a right to append to a file; that is, add data to the end of the file without
reading its contents. There also may be an execute right.
Ans. 8
Computer worms are similar to viruses in that they replicate functional copies of themselves and
can cause the same type of damage. In contrast to viruses, which require the spreading of an
infected host file, worms are standalone software and do not require a host program or human
help to propagate.A Trojan is another type of malware named after the wooden horse the Greeks
used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically
tricked into loading and executing it on their systems. After it is activated, it can achieve any
number of attacks on the host, from irritating the user (popping up windows or changing
desktops) to damaging the host (deleting files, stealing data, or activating and spreading other
malware, such as viruses). Trojans are also known to create back doors to give malicious users
access to the system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-
replicate. Trojans must spread through user interaction such as opening an e-mail attachment or
downloading and running a file from the Internet.
ans. 18
"Malware" is a term for any software that gets installed on your machine and performs
unwanted tasks, often for some third party's benefit. Malware programs can range from being
simple annoyances (pop-up advertising) to causing serious computer invasion and damage (e.g.,
stealing passwords and data or infecting other machines on the network). Additionally, some
malware programs are designed to transmit information about your web-browsing habits to
advertisers or other third party interests without you knowing.
Types of malware
Some categories of malware are:
How malware gets through
Malware writers are very experienced in using tricks to get users to download their malware.
Software that comes bundled with "other software" is often called a "Trojan Horse." For
example, an instant messenger software could be bundled with a program such as WildTangent,
a known spyware offender. Peer-to-peer file sharing software bundle various types of malware

5. that are categorized as spyware or adware. Software that promises to speed up your internet
connection or assist with downloads (e.g., My Web Search) will often contain adware. Another
common way to infect a computer is through email containing a seemingly benign link or email
attachment.
Malware can exploit security holes in your browser as a way of invading your machine.
Sometimes websites state that software is needed to view the site, in an attempt to trick users into
clicking "Yes," thus installing software onto their machines. Another trick is if you click
"No," many error windows display. Other sites will tell you that using a certificate makes their
site "safe" which is not the case. Certificate verification means only that the company that
wrote the software is the same as the company whose name appears on the download prompt.
Some malware provides no uninstall option, and installs code in unexpected and hidden places
(e.g., the Windows registry) or modifies the operating system, thus making it more difficult to
remove.
ans. 12
A vendor follows the general steps of reporting, investigation, development, test, and release of a
software patch.An example of microsoft is explained hereby.
Microsoft uses our membership in the Organization for Internet Safety to strongly promote the
principles of responsible reporting. A central principle is the belief that the best way to minimize
customer risk is for security researchers to work closely with vendors to identify issues and fix
them before they are publicized.
When Microsoft releases a patch concurrently with an announcement of a vulnerability, it is a
result of having identified the issue and worked through the patch release process prior to
communicating publicly. This means our customers will have an opportunity to protect
themselves from malicious hackers seeking to exploit the vulnerability. However, when
vulnerabilities are announced publicly at the same time Microsoft is notified, customers remain
exposed to malicious attackers.
Once a potential issue is reported to Microsoft, either privately or publicly, our team immediately
begins an investigation to reproduce and verify the reported issue and to identify any associated
or variant issues. Historically, only about 1 out of 10 reported issues turns out to be a new and
unique security issue that warrants opening an investigation, while the other 9 fall into categories
of known issues, non-security issues, or errors.
If an issue is replicable, a priority is assigned to it and potential fixes, mitigations, and
workarounds are developed. We’ve learned over time that mitigations and workarounds are very
important for empowering users to control when and how they manage their risk. Chartered with
defining and implementing the process for responding to reported software security issues, the
Microsoft Security Response Center works closely with the affected product group to do this

6. investigation, and, further, to expand the investigation to other supported versions of products so
that we can gain a complete understanding of how an issue may affect customers.