Software Development: Build your own Windows Security Center

• Download source - 219.41 KB

Introduction

Windows Security Center in Windows® XP was made and designed to monitor three different security essentials, Windows Firewall status, Windows Updates settings and antivirus product status. The Windows Security Center has succeeded in protecting and keeping the user updated about each security essential.

The Windows Security Center User Interface

Windows Security Center has a very simple and basic graphic user interface (GUI) as described below:

The Windows Security Center user interface is very easy to understand. But at the same time, Windows Security Center user interface is still advanced. However, each message alerts and describes something. 

If you're using the Windows Firewall or [3rd party firewall], have Automatic Updates turned on, and use an antivirus program, all windows should show on with a green light.

You will see this if Automatic Updates or the Windows Firewall is turned off [or if you aren't using a 3^rd party one].

 You will see this if an antivirus program isn't found. 

You will see this if you've told Windows Security Center to not monitor your Windows Firewall [or your 3^rd party firewall] or antivirus settings.

How Does Windows Security Center Work?

In order to build your own Windows Security Center, you should first understand how an already working security center works. The Windows Security Center in Windows® XP was the first security center Microsoft made. The Windows Security Center finds information about the three security essentials like this:

• Windows Firewall Status: Windows Security Center finds the Windows Firewall settings through the Windows Firewall API. The file that has these is: hnetcfg.dll.
  
  However, we need the Class Identifier (CLSID) which is also required to obtain a reference to the Windows Firewall Manager class.

  CLSID = {304CE942-6E39-40D8-943A-B913C40C9CD4}

  Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}

• 3rd Party Firewall Status: The Windows Security Center finds 3^rd party firewalls through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.
  
  WMI root path: \\HOSTNAME\ROOT\SecurityCenter:FirewallProduct

• Windows Updates Status: Windows Security Center finds the automatic update settings through the Windows Registry.

  Registry path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\WindowsUpdate\Auto Update\

  Key: AUOptions

• Antivirus Status: Windows Security Center finds the antivirus product through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.

  WMI root path: \\HOSTNAME\ROOT\SecurityCenter:AntiVirusProduct

• The Windows Security Center, in fact, does not have these three security status essential functions inside itself. However, the real fact is that Windows Security Center keeps monitoring the three security essentials thanks to its Windows Security Center Service running in the background.

You can also look at the architecture illustration below, to gain a better understanding.

Build Your Own Windows Security Center  

Now, to the final one: we are going to build our own Windows Security Center.
Starting off with the Windows Forms GUI, I added about 8 panel controls. I also added some labels, pictureboxes and three timers. 

Add the Windows Firewall API 

To control the Windows Firewall from your windows application, you need to add some references.

// Adding the Windows Firewall API namespaces
using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib; 

Now add the following code which is the Windows Firewall Manager code:

 #region Windows Firewall Manager

        //A reference to the Windows Firewall Manager class. 
        private static NetFwTypeLib.INetFwMgr GetFirewallManager()
        {
            // CLSID of the Windows Firewall Manager class
            const string CLSID_FIREWALL_MANAGER = 
			"{304CE942-6E39-40D8-943A-B913C40C9CD4}";

            Type objType = Type.GetTypeFromCLSID(new Guid(CLSID_FIREWALL_MANAGER));
            return Activator.CreateInstance(objType) as NetFwTypeLib.INetFwMgr;
        }


        // The instance of Windows Firewall Manager
        private static INetFwMgr netFwMgr = GetFirewallManager();

  #endregion 

Now to call the Windows Firewall Manager code inside our Timer_Event(), this allows us to monitor our Windows Firewall in real-time.

  #region Monitor Windows Firewall
        private void WindowsFirewall_Tick(object sender, EventArgs e)
        {
            if (netFwMgr.LocalPolicy.CurrentProfile.FirewallEnabled == true)
            {
                this.btnTurnOnWinFirewall.Visible = false;
                this.panel9.Visible = false;  
                this.Firewallpanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(220)))), ((int)(((byte)(228)))), 
			((int)(((byte)(252)))));
                this.FirewallStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_check_f;
                this.winFirewallStatusTxt.Text = "On";
                this.FirewallDescribTxt.Text = 
			"Windows Firewall is protecting your PC from hackers.";
            }
            else
            {
                this.btnTurnOnWinFirewall.Visible = true;
                this.panel9.Visible = true;  
                this.Firewallpanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                this.FirewallStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_error_f;
                this.winFirewallStatusTxt.Text = "Off";
                this.FirewallDescribTxt.Text = 
		"The Windows Firewall is turned off and you can be hacked, 
		turn it On again!";
            }
        }
  #endregion

Accessing the Windows Update Settings 

Now we must add the code to monitor the Windows Updates settings.

#region Monitor Windows Updates Settings
        private void MonitorWindowsUpdate_Tick(object sender, EventArgs e)
        {
            RegistryKey key = Registry.LocalMachine.OpenSubKey
	    (@"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\");
            int value = (Int32)key.GetValue("AUOptions");

           /* 
               Each value [inside the switch ()] below describes a setting property: 
               
               1 = The Windows Automatic Update is turned off.
               2 = The Windows Automatic Updates still on. But it's using this settings
                   instead: "Check for updates but let me choose 
		 whether to download and install them".
               3 = The Windows Automatic Updates still on. But it's using this setting 
                   instead: "Download updates but let me choose whether to install them".
               4 = The Windows Automatic Updates is turned on.
                                                           
           */

            switch(value)
            {
                //If the value=1 then set these properties. 
                //The properties are changed to alerting design, 
                //so the user gets informed. 
                case 1:
                    this.btnTurnONAU.Visible = true;
                    this.panel10.Visible = true; 
                    this.automaticUpdatePanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "Off";
                    this.AutomaticUpdatesDescribTxt.Text = 
			"Automatic Update is Off.\nAutomatic Updates is turned off.
			\nAutomatic Update helps you keep Windows up-to-date, 
			so turn it On again."; 
                    break;
                case 2:
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(234)))), 
			((int)(((byte)(144)))), ((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "";
                    break;
                case 3:
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(234)))), 
			((int)(((byte)(144)))), ((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "";
                    break;
                case 4:
                    this.btnTurnONAU.Visible = false;
                    this.panel10.Visible = false; 
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(220)))), 
			((int)(((byte)(228)))), ((int)(((byte)(252)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_check_f;
                    this.autoUpatesStatusTxt.Text = "On";
                    this.AutomaticUpdatesDescribTxt.Text = 
			"Automatic Update is On.\nAutomatic 
			Update helps you keep Windows up-to-date."; 
                    break;
            }
        }
#endregion 

Find the Antivirus Product

Now we must add the code that will allow our application to find the antivirus product in the user's PC.

#region Monitor Antivirus Program
        private void MonitorAntivirusProduct_Tick(object sender, EventArgs e)
        {
            try
            {
                ManagementObjectSearcher search = new ManagementObjectSearcher
					("SELECT * FROM AntiVirusProduct");
                string name = "";
                foreach (ManagementObject obj in search.Get())
                {
                    name = obj["displayName"].ToString();
                }

                this.virusProtectionDescribTxt.Text = name + 

					" is protecting your system.";
                this.virusProtectionPanel.BackColor = System.Drawing.Color.FromArgb
		(((int)(((byte)(220)))), ((int)(((byte)(228)))), 
		((int)(((byte)(252)))));
                this.VirusProtectionStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_check_f;
                this.virusProtectionStatusTxt.Location = new System.Drawing.Point(453, 7);
                this.virusProtectionStatusTxt.Text = "On";
            }
            catch
            {
                this.virusProtectionPanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                this.VirusProtectionStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_error_f;
                this.virusProtectionStatusTxt.Location = new System.Drawing.Point(404, 7);
                this.virusProtectionStatusTxt.Text = "Not found";
                this.virusProtectionDescribTxt.Text = 
			"No antivirus program is installed on this PC.";
            }
        }
 #endregion

Now finally, our own Windows Security Center is built and runs.

Conclusions

As you might see, the Windows Security Center in Windows® XP is built very easily. What did we learn? – Well, we learned more about how a security center works; we also researched deeply and studied the Windows Security Center. We also made our own full working security center based on APIs and other functions that are available. So as you might see, you can build anything, just study it first. Good luck! I hope this article has been helpful to all users and developers. 

References  

• About Windows Firewall API 
• Using Windows Firewall API 
• Windows Security Center API