DOCSLIB.ORG

Counter Intrusion Software: Malware Detection Using Structural and Behavioural Features and Machine Learning

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Counter Intrusion Software: Malware Detection Using Structural and Behavioural Features and Machine Learning Counter Intrusion Software Malware Detection using Structural and Behavioural Features and Machine Learning by Joseph Rabaiotti School of Computer Science Cardiff University A thesis submitted in partial fulfilment of the requirement for the degree of Doctor of Philosophy Version: August 4, 2007 1 Abstract Over the past twenty-five years malicious software has evolved from a minor annoyance to a major security threat. Authors of malicious software are now more likely to be organised criminals than bored teenagers, and modern malicious software is more likely to be aimed at stealing data (and hence money) than trashing data. The arms race between malware authors and manufacturers of anti-malware software continues apace, but despite this, the majority of anti-malware solutions still rely on relatively old technology such as signature scanning, which works well enough in the majority of cases but which has long been known to be ineffective if signatures are not updated regularly. The need for regular updating means there is often a critical window between the publication of a flaw exploitable by malware and the distribution of the appropriate counter measures or signature. At this point a user system is open to attack by hitherto unseen malware. The object of this thesis is to determine if it is practical to use machine learning techniques to abstract generic structural or behavioural features of malware which can then be used to recognise hitherto unseen examples. Although a sizeable amount of research has been done on various ways in which malware detection might be automated, most of the proposed methods are burdened by excessive complexity. This thesis looks specifically at the possibility of using learning systems to classify software as malicious or nonmalicious based on easily-collectable structural or behavioural data. On the basis of the experimental results presented herein it may be concluded that classification based on such structural data is certainly possible, and on behavioural data is at least feasible. Malware Detection using Structural and Behavioural Features and Machine Learning Joseph Rabaiotti 2 Acknowledgements Personal acknowledgements I would like to thank my supervisor Professor Antonia Jones for her support and encouragement during the past three years. I must also thank my friend Stuart Goring, without whose keen observations Chapter 3 would not have come into being, my parents Robert and Carole for supporting me financially and providing me with accommodation for the first two and a half years, and Mark, for supporting and putting up with me for the remainder of the time and without whose love and encouragement this thesis could never have been written. Technical acknowledgements I must also acknowledge the significant contribution to this work made by the authors of the website which hosted the virus/malware library, without which this work could not have proceeded. I hope they will forgive me for not naming them explicitly, but they probably know who they are. Work of this type is not without risk and approaches a grey area of UK Law. Everyone involved has taken great pains to remain within the law as we understand it. Con- siderable thought and discussion occurred within the School and University, before agreements were reached which ensured that the work could be undertaken safely, i.e. that no harm would be caused by the study. A number of precautions were put in place in order to isolate, and limit access to, the computers used in this work. There- fore, thanks are also due to my Supervisor Professor Antonia J. Jones, the Head of the Cardiff School of Computer Science Professor Nick Fiddian, Robert Evans of the School's Computer Support Group, to the University level Computer Support team in INSRV, and to the Corporate Compliance and HR sections in the University,1 who collectively, and somewhat courageously, trusted me sufficiently to allow the work to go forward. 1http://www.cf.ac.uk/az/divisions/index.html Malware Detection using Structural and Behavioural Features and Machine Learning Joseph Rabaiotti 3 Contents Contents 3 List of Figures 9 List of Tables 11 1 Introduction 14 1.1 What Is Malicious Software? . 14 1.2 The Connectivity Issue . 15 1.3 Combat Approaches . 19 1.4 Scope and Aim . 20 1.4.1 Hypotheses . 20 1.4.2 Aims . 20 1.4.3 Principal Contributions . 21 2 Historical Background and Literature Review 22 2.1 Types of Malware . 22 2.1.1 Viruses . 23 2.1.2 Worms . 27 2.1.3 Other Email Tricks . 28 2.1.4 Trojan Horses . 29 2.1.5 Backdoors . 29 2.1.6 Spyware and Adware . 30 2.1.7 Botnets and DDoS Attacks . 32 2.1.8 Rootkits . 35 2.1.9 Malware Payloads . 35 Malware Detection using Structural and Behavioural Features and Machine Learning Joseph Rabaiotti CONTENTS 4 2.2 Vulnerabilities exploited by malware . 36 2.2.1 Code Injection . 36 2.2.2 Buffer Overflow . 36 2.3 Malware Naming Conventions . 37 2.4 Detection and Prevention Techniques . 38 2.4.1 Heuristic Scanners . 40 2.4.2 Structure-Based Detection . 41 2.4.3 Activity Monitors . 41 2.4.4 Behaviour-Based Anomaly Detection . 42 2.5 Detection Countermeasures . 42 2.5.1 Heuristic Frustration: Concealment . 43 2.5.2 Polymorphism and Metamorphism . 43 2.5.3 Encryption and Packing . 43 2.5.4 Retroviruses . 44 2.6 Malware and the Law . 44 2.7 Literature Review . 45 2.7.1 Introduction . 45 2.7.2 Early Research and Theory . 46 2.7.3 Practical Detection Systems . 48 2.7.4 Static and Semantic Analysis . 49 2.8 Tools and Sources of Information . 54 3 The law of unintended consequences: a case study 55 3.1 Introduction . 55 3.2 Disclaimer . 56 3.3 Unintended consequences . 56 3.4 The login procedure . 57 3.5 The Vulnerability . 58 3.6 Attack Methodology . 59 3.7 Probabilistic Analysis . 61 3.8 Conclusions . 63 Malware Detection using Structural and Behavioural Features and Machine Learning Joseph Rabaiotti CONTENTS 5 4 Machine learning classification methods and systems 66 4.1 Introduction . 66 4.2 Classification methods . 66 4.2.1 Decision Trees . 67 4.2.2 Naive Bayes . 68 4.2.3 Artificial Neural Networks . 69 4.3 Classifier Implementations: Machine Learning Systems . 70 4.3.1 C4.5 . 71 4.3.2 WEKA . 73 4.4 Conclusion . 74 5 Gathering structural and behavioural data in Windows 76 5.1 Introduction . 76 5.2 Structural Data . 77 5.2.1 What sort of data to use? . 77 5.2.2 The Portable Executable (PE) file format . 77 5.2.3 The PE Header . 79 5.2.4 Sections and the Section Table . 79 5.2.5 Viruses and the PE format . 80 5.2.6 Collecting Structural Data . 87 5.3 Behavioural Monitoring . 88 5.3.1 The collection of real-time process data . 88 5.3.2 Behavioural Data Gathering Methods . 97 5.3.3 Two Means of Monitoring . 99 5.3.4 Windows Performance Data . 100 5.3.5 Lower-Level Methods . 102 5.3.6 Collecting Other Relevant Behavioural Data . 103 5.3.7 Behavioural Monitoring: Conclusion . 104 6 Structural identification experiments 106 6.1 Introduction . 106 6.2 Methodology . 106 6.2.1 The data-gathering program . 107 6.2.2 The source datasets . 109 Malware Detection using Structural and Behavioural Features and Machine Learning Joseph Rabaiotti CONTENTS 6 6.2.3 Creating experimental datasets . 110 6.2.4 Splitting into Training and Test sets . 110 6.3 Results . 110 6.3.1 The kappa statistic κ . 111 6.3.2 Baseline . 111 6.3.3 Learning curves . 111 6.3.4 Experiment One . 113 6.3.5 Experiment Two . 114 6.3.6 Experiment Three . 115 6.3.7 Experiment Four . 116 6.3.8 Experiment Five . 117 6.4 Analysis . 118 6.4.1 General Trends . 118 6.4.2 Specifics . 119 6.5 Conclusion . 120 7 Behavioural identification experiments 121 7.1 Introduction . 121 7.2 Methodology . 121 7.3 The Data-Gathering Program . 122 7.3.1 Real-time Data . 123 7.3.2 Choice of Malicious Examples . 123 7.3.3 Final Datasets . ..
Load more

Recommended publications
  • Why Os/2 Failed: Business Mistakes Compounded by Memory Prices
    Mountain Plains Journal of Business and Economics Volume 10 Issue 1 Article 4 Date Published: 10-1-2009 Why Os/2 Failed: Business Mistakes Compounded By Memory Prices Eric G. Swedin Weber State University Davis Follow this and additional works at: https://openspaces.unk.edu/mpjbt Part of the Business Commons Recommended Citation Swedin, E. G. (2009). Why Os/2 Failed: Business Mistakes Compounded By Memory Prices. Mountain Plains Journal of Business and Economics, 10(1). Retrieved from https://openspaces.unk.edu/mpjbt/ vol10/iss1/4 This Case Study is brought to you for free and open access by OpenSPACES@UNK: Scholarship, Preservation, and Creative Endeavors. It has been accepted for inclusion in Mountain Plains Journal of Business and Economics by an authorized editor of OpenSPACES@UNK: Scholarship, Preservation, and Creative Endeavors. For more information, please contact [email protected]. 36 WHY OS/2 FAILED: BUSINESS MISTAKES COMPOUNDED BY MEMORY PRICES ERIC G. SWEDIN WEBER STATE UNIVERSITY DAVIS ABSTRACT In 2006, IBM ended their support of OS/2, closing the book on an ambitious effort to create a modern operating system for the personal computer. IBM and Microsoft released the OS/2 operating system in December 1987 to replace the primitive DOS with a more sophisticated, preemptive multitasking operating system for personal computers. This article argues that OS/2 failed because of the U.S.-Japan Semiconductor Trade Agreement of 1986, subsequent accusations of DRAM chip dumping by the United States, and the resulting tariffs on Japanese memory chips, led to a memory chip shortage that drove up memory prices.
    [Show full text]
  • Page 1 of 3 How to Enable NTLM 2 Authentication 2/8/2012 Http
    How to enable NTLM 2 authentication Page 1 of 3 Article ID: 239869 - Last Review: January 25, 2007 - Revision: 4.7 How to enable NTLM 2 authentication System Tip This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center This article was previously published under Q239869 SUMMARY Historically, Windows NT supports two variants of challenge/response authentication for network logons: • LAN Manager (LM) challenge/response • Windows NT challenge/response (also known as NTLM version 1 challenge/response) The LM variant allows interoperability with the installed base of Windows 95, Windows 98, and Windows 98 Second Edition clients and servers. NTLM provides improved security for connections between Windows NT clients and servers. Windows NT also supports the NTLM session security mechanism that provides for message confidentiality (encryption) and integrity (signing). Recent improvements in computer hardware and software algorithms have made these protocols vulnerable to widely published attacks for obtaining user passwords. In its ongoing efforts to deliver more secure products to its customers, Microsoft has developed an enhancement, called NTLM version 2, that significantly improves both the authentication and session security mechanisms. NTLM 2 has been available for Windows NT 4.0 since Service Pack 4 (SP4) was released, and it is supported natively in Windows 2000. You can add NTLM 2 support to Windows 98 by installing the Active Directory Client Extensions. After you upgrade all computers that are based on Windows 95, Windows 98, Windows 98 Second Edition, and Windows NT 4.0, you can greatly improve your organization's security by configuring clients, servers, and domain controllers to use only NTLM 2 (not LM or NTLM).
    [Show full text]
  • Windows 95, Windows 98, Windows 98SE, and Windows ME Courtesy of Nashville Home Linux Solutions
    Important information for users of Windows 95, Windows 98, Windows 98SE, and Windows ME courtesy of Nashville Home Linux Solutions FACT: As of July 2006, Microsoft has officially ended support for Windows 95, Windows 98, Windows 98SE, and Windows ME (Millennium Edition). What does this mean for you? Microsoft©s end-of-support announcement means that users of Windows 95, 98, and ME will no longer receive security updates, bug fixes, and other patches for their computer©s operating system. It also means that future releases of Microsoft software (such as Media Player, Internet Explorer, and Outlook Express) will no longer support these operating systems. Users of these versions of Windows will not benefit from enhanced features and security in these new versions. Why should I be concerned? Windows 95, 98, and ME are based around the DOS operating system, an inherently insecure operating system. Users of DOS-based Windows will become increasingly at risk for viruses, spyware, malware, and system intrusions as new holes and exploits are discovered in these operating systems and the older software that runs on them. In addition, software vendors (including makers of anti-virus and other security products) will be phasing out support for these operating systems now that Microsoft has ended its support. If you are connecting your DOS-based Windows operating system to the Internet, you need to take action to secure your computer. What are my options? If you would like to continue to operate on your current hardware, you have a few options available to you: 1. Upgrade Windows Microsoft©s only currently-available Windows workstation operating system is Windows XP (Home or Professional).
    [Show full text]
  • Windows 95 and Window 98® Operating System
    ® Windows 95 and Window 98® Operating System Microsoft Base Cryptographic Provider FIPS 140-1 Documentation: Security Policy September 20, 2000 11:33 AM Abstract This document specifies the security policy for the Microsoft Base Cryptographic Provider (RSABASE) as described in FIPS PUB 140-1. CONTENTS INTRODUCTION .......................................................................... 1 SECURITY POLICY...................................................................... 2 SPECIFICATION OF ROLES ........................................................ 3 SPECIFICATION OF SERVICES................................................... 4 CRYPTOGRAPHIC KEY MANAGEMENT ..................................... 9 SELF-TESTS .............................................................................. 11 MISCELLANEOUS...................................................................... 12 FOR MORE INFORMATION ....................................................... 13 { TC "INTRODUCTION" \F SP }INTRODUCTION Microsoft Base Cryptographic Provider (RSABASE) is a FIPS 140-1 Level 1 compliant, general- purpose, software-based, cryptographic module. Like other cryptographic providers that ship with nternet Explorer 5.1 or later, RSABASE encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography. Cryptographic Boundary The Microsoft
    [Show full text]
  • Starburn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started
    StarBurn Software Technical Reference Series StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started April 18, 2016 StarBurn Software www.starburnsoftware.com Copyright © Rocket Division Software 2001-2016. All rights reserved. Copyright © StarBurn Software 2009-2016. All rights reserved. StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started Page 1 of 13 StarBurn Software Technical Reference Series INTRODUCTION .................................................................................................. 4 KEY BENEFITS ..................................................................................................... 5 KEY FEATURES .................................................................................................... 7 SUPPORTED PLATFORMS .................................................................................. 11 SYSTEM REQUIREMENTS................................................................................... 12 CONTACTS........................................................................................................ 13 StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started Page 2 of 13 StarBurn Software Technical Reference Series COPYRIGHT Copyright © Rocket Division Software 2001-2016. All rights reserved. Copyright © StarBurn Software 2009-2016. All rights reserved. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written
    [Show full text]
  • Windows 95 & NT
    Windows 95 & NT Configuration Help By Marc Goetschalckx Version 1.48, September 19, 1999 Copyright 1995-1999 Marc Goetschalckx. All rights reserved Version 1.48, September 19, 1999 Marc Goetschalckx 4031 Bradbury Drive Marietta, GA 30062-6165 tel. (770) 565-3370 fax. (770) 578-6148 Contents Chapter 1. System Files 1 MSDOS.SYS..............................................................................................................................1 WIN.COM..................................................................................................................................2 Chapter 2. Windows Installation 5 Setup (Windows 95 only)...........................................................................................................5 Internet Services Manager (Windows NT Only)........................................................................6 Dial-Up Networking and Scripting Tool....................................................................................6 Direct Cable Connection ..........................................................................................................16 Fax............................................................................................................................................17 Using Device Drivers of Previous Versions.............................................................................18 Identifying Windows Versions.................................................................................................18 User Manager (NT Only) .........................................................................................................19
    [Show full text]
  • Keysight Technologies U2500A Series USB Modular Simultaneous Sampling Multifunction DAQ Devices
    Keysight Technologies U2500A Series USB Modular Simultaneous Sampling Multifunction DAQ Devices Data Sheet Introduction The Keysight Technologies, Inc. U2500A Series USB modular simultaneous sampling multifunction data acquisition (DAQ) devices are high-performance modules that consist of three models – the U2531A, U2541A and U2542A. The U2500A Series has up to four channels with resolutions of 14-bit and 16-bit. The U2531A can sample up to 2 MSa/s for each channel with a resolution of 14 bits, while the U2541A and U2542A can sample up to 250 kSa/s and 500 kSa/s for each channel respectively with a resolution of 16 bits. Features –Simultaneous sampling with up to 2 MSa/s sampling rate for each channel –Multifunction DAQ solution - AI, AO, DIO, counter –Dedicated ADC per channel –14-bit or 16-bit resolution –24-bit programmable digital input/output –Functions as a standalone or modular unit –Supports SCPI and IVI-COM –Compatible with a wide range of ADEs – Easy-to-use bundled software –Command logger function –USB 2.0 and USBTMC-USB488 standards Various features of the U2500A Series –Quick and easy USB setup –High sampling rate of up to 2 MSa/s for each channel –Dedicated analog-to-digital (ADC) that allows simultaneous sampling of data –Flexible standalone or modular capability that enables lower startup cost –SCPI and IVI-COM supported with a wide range of ADE compatibility that minimizes work time and increases software choices –Easy-to-use application software and command logger function for easy SCPI command conver- sion into snippets of VEE, VB, C++, and C# code High sampling rate of up to 2 MSa/s The U2500A Series provides a high analog input sampling rate coverage of up to 2 MSa/s for each channel.
    [Show full text]
  • Things Are Getting Worse
    Security Now! Transcript of Episode #616 Page 1 of 30 Transcript of Episode #616 Things Are Getting Worse Description: This week we discuss clever malware hiding its social media communications. The NSA documents the Russian election hacking two-factor authentication bypass; meanwhile, other Russian attackers leverage Google's own infrastructure to hide their spoofing. Tavis finds more problems in Microsoft's anti- malware protection; a cryptocurrency stealing malware; more concerns over widespread Internet-connected camera design; malware found to be exploiting Intel's AMT motherboard features; the new danger of mouse-cursor hovering; Apple's iCloud sync security claims; Azure changes their CA; a bunch of catch-up miscellany; and a bit of "closing the loop" feedback from our listeners. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-616.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-616-lq.mp3 SHOW TEASE: It's time for Security Now! with Steve Gibson. Malware that uses social media as a command-and-control node. Microsoft has a new malware vulnerability in their malware vulnerability engine. The fastest way to lose more than $30,000 in bitcoins. And you know how you tell your friends and family just not to click on anything suspicious? Yeah, that's not good enough anymore. Security Now! is next. FATHER ROBERT BALLECER: This is Security Now! with Steve Gibson, Episode 616, recorded June 13th, 2017: Things Are Getting Worse. This is Security Now!, where the only thing to fear is fear itself, and of course everything else that could potentially destroy your digital life.
    [Show full text]
  • A+ Guide to Managing and Maintaining Your PC, 7E
    A+ Guide to Managing and Maintaining Your PC, 7e Chapter 12 Installing Windows Objectives • How to plan a Windows installation • How to install Windows Vista • How to install Windows XP • How to install Windows 2000 2 How to Plan a Windows Installation • Situations requiring a Windows installation – New hard drive – Existing Windows version corrupted – Operating system Upgrade • Decisions – Version to purchase – Hardware compatibility – Installation method – Decisions needed after installation has begun 3 Choose the Version of Windows • Purchase options – Retail – Original Equipment Manufacturer (OEM) • Vista editions – Variety of consumer needs satisfied – All editions included on Vista setup DVD • Windows Anytime Upgrade feature 4 Editions of Vista • Windows Vista Starter: most limited features, intended to be used in developing nations • Windows Vista Home Basic: similar to XP Home Edition, designed for low cost home system which does not require full security and network features • Windows Vista Business: for business users, with domain environment, supports group policy, uses EFS, can buy multiple licenses • Consumer features are not included such as Movie maker, DVD maker, parental controls 5 Editions of Vista • Windows Vista Enterprise, has BitLocker which is useful to secure data stored on a hd if the drive is stolen • Multiple site licensing available • Windows Vista Ultimate: Has every Windows Vista feature, but you cannot purchase multiple licensing with this edition 6 Table 12-1 Vista editions and their features 7 Choose the
    [Show full text]
  • Microsoft® Windows® Operating System Licensing Guide for Refurbished Personal Computers (PC)
    Microsoft® Windows® Operating System Licensing Guide for Refurbished Personal Computers (PC) Using genuine Windows operating systems is as important for refurbished PCs as it is for new PCs. Only genuine Windows operating systems offer end users the quality they expect plus additional benefits—such as full access to downloads, updates, and enhanced features. What is a Refurbished PC? A refurbished PC is a used PC that has gone through one or more of the following processes that leave the PC ready for use by a new owner: ● Data wiping ● Testing ● Cosmetic repair and/or replacement of defective minor PC components A PC is considered to be a refurbished PC if it has the original motherboard, or a replacement was made of a defective motherboard with one of exactly the same make, model and specification. Major repairs, such as the installation of a new model motherboard, results in a “new” PC and not a “refurbished” PC. When is a new Windows operating system license required and when is one not required? A new Windows license is not required for a refurbished PC that has: (1) The original Certificate of Authenticity (COA) for a Windows operating system affixed to the PC, and (2) The original recovery media or hard-disk based recovery image associated with the PC. The operating system identified on the original COA indicates the edition of Windows that was originally licensed for that PC and the refurbisher can use either: (1) The original recovery media or (2) The original hard-disk based recovery image to re-install the operating system software specified on the COA.
    [Show full text]
  • Restoring from a Backup with Image for Windows
    User’s Guide TERABYTE UNLIMITED 10220 Lazy Bear Street Las Vegas, NV 89131 http://www.TeraByteUnlimited.com ASP Member Copyright © 1996-2007 by TeraByte Unlimited, All Rights Reserved. Trademarks BootIt, PHYLock, and TBIView are trademarks of TeraByte Unlimited. Microsoft, MS, MS-DOS and Windows are registered trademarks of Microsoft Corporation. IBM, PC-DOS and OS/2 are registered trademarks of the International Business Machines Corporation. All other trademarks and copyrights referred to are the property of their respective owners. Technical Support Policy Technical support is provided online. Software and documentation updates are available at www.terabyteunlimited.com. • The Image for Windows home page, with software and documentation update information, and support resources, can be found at www.terabyteunlimited.com/imagew.html. • A support knowledge base for all TeraByte Unlimited products, including Image for Windows, can be found at www.terabyteunlimited.com/kb. Registered users can email their questions to [email protected], if no suitable resolution is found via the aforementioned support resources. If the issue is not resolved via email, telephone support may be provided. Unregistered users will be provided technical support and product information through email only. In all cases, TeraByte Unlimited reserves the right to refuse any communication method that would incur a cost. Ombudsman Statement This program is produced by a member of the Association of Shareware Professionals (ASP). ASP wants to make sure that the shareware principle works for you. If you are unable to resolve a shareware-related problem with an ASP member by contacting the member directly, ASP may be able to help.
    [Show full text]
  • A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5E
    A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives • How to plan a Windows installation • How to install Windows Vista • How to install Windows XP • How to install Windows 2000 A+ Guide to Software 2 How to Plan a Windows Installation • Situations requiring a Windows installation – New hard drive – Existing Windows version corrupted – Operating system Upgrade • Decisions – Version to purchase – Hardware compatibility – Installation method – Decisions needed after installation has begun A+ Guide to Software 3 Choose the Version of Windows • Purchase options – Retail – Original Equipment Manufacturer (OEM) • Vista editions – Variety of consumer needs satisfied – All editions included on Vista setup DVD • Windows Anytime Upgrade feature A+ Guide to Software 4 Table 3-1 Vista editions and their features A+ Guide to Software 5 Choose the Version of Windows (cont’d.) • Windows XP editions – Windows XP Home Edition – Windows XP Professional – Windows XP Media Center Edition • Enhanced edition of Windows XP Professional – Windows XP Tablet PC Edition • Designed for laptops and tablet PCs – Windows XP Professional x64 Edition A+ Guide to Software 6 Choose the Version of Windows (cont’d.) • Vista and XP 64-bit offerings – Ability to install more RAM • Upgrade paths – Clean install or upgrade license Table 3-2 Maximum memory supported by Windows editions A+ Guide to Software 7 Table 3-3 Upgrade paths to Windows Vista Table 3-4 Upgrade paths to Windows XP A+ Guide to Software 8 Choose the
    [Show full text]