Security Intelligence Report Volume 6
The sixth edition of the Security Intelligence Report (SIR), Microsoft’s semi-annual report on the state of computer security was published on April 8, 2009. Using data derived from hundreds of millions of computers worldwide and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in:
- Software vulnerabilities (both in Microsoft software and in third-party software)
- Software exploits
- Security and privacy breaches
- Malicious and potentially unwanted software
- E-mail, spam, and phishing
When I say 'in-depth', I mean it. At 184 pages in length, the report is extremely comprehensive and data driven. If you are a data junkie like me, the whole report is fascinating. I love reading about the industry vulnerability trends, seeing the history of where we have come from and the progress we have made, as well as where things are going and thinking about how we stay ahead in security. But if you are an IT Admin, the SIR can be far more than just fascinating. The SIR can help you understand the threat landscape and assess risk in your environment. For example:
Malicious software infection rates differ significantly for different versions of the Microsoft Windows operating system. Windows Vista was less infected at any service pack level than Windows XP. Comparing the latest service packs for each version, the infection rate of Windows Vista SP1 is 60.6 percent less than that of Windows XP SP3.
This is hard data that helps you make a decision about the most secure Microsoft operating system to deploy in your environment. And the SIR doesn’t just include a wealth of datapoints, it also includes clear guidance on mitigations and countermeasures for most threat and exploit trends investigated.
There are a number of key findings in the SIR relevant to Trustworthy Browsing as well. Rogue security software, phishing, and malicious website threats are rapidly increasing. These threats make it even more important for browsers to help users avoid the dangers of social engineering attacks and make safe browsing choices. Internet Explorer 8 does this with our SmartScreen Filter, which identifies and blocks sites on the web that are distributing malicious software.
I could easily take the SIR data and use it to support the great security features in IE8… But you can already learn more about IE8 security here in IEblog, and in my recent TechNet interview. Instead I’m asking our IT Admin readers to take the time to download and read the SIR, if you haven’t already. It can help you assess today’s security risks and understand the latest threats to your environment so you can take timely defensive steps to ensure your users and company assets are safe.
Safe browsing,
-Kymberlee Price
Comments
Anonymous
May 01, 2009
PingBack from http://microsoft-sharepoint.simplynetdev.com/security-intelligence-report-volume-6/Anonymous
May 01, 2009
Can you guys create an IE fix to stop this swine flu from continuing? This animation of info from the CDC kind of freaked me out! http://www.swine-flu-map-animation.com/Anonymous
May 01, 2009
The Aporkalypse is upon us! JUST LOOK AT THAT MAP!Anonymous
May 01, 2009
I don't know if your team is responsible for this, but the Internet Explorer Application Compatibility VPC Images all expired yesterday. I depend on these for testing web apps in older versions of IE, and I'm in the middle of testing a release with a tight deadline. Will the updated release be posted today, or should I start finding alternative ways to test? Help!Anonymous
May 01, 2009
Looks like Windows 2000 SP4 was a lot more secure than XP! Interesting.Anonymous
May 01, 2009
@Merman: You need to read the report to understand the methodology. Keep in mind that it's likely that most Win2k machines are being used in isolated environments and not being used to browse the web at large.Anonymous
May 01, 2009
@Ed: Sorry for the delay on the VPC images. The publishing team is trying to get the new images out but has hit some snags. The newest versions can always be found at this link: http://go.microsoft.com/fwlink?LinkID=70868Anonymous
May 01, 2009
Thanks for the response. Also, apologies for the OT post. I didn't know where to ask about this. BTW - Congrats on the final IE8 release!Anonymous
May 01, 2009
@Sarah @HotBeans for all your swine flu tracking needs... get the latest CDC news in an IE8 Web Slice. http://www.ieaddons.com/en/details/news/Swine_Flu_UpdatesAnonymous
May 01, 2009
@Merman that chart comes from page 75 of the SIRv6 and reflects the number of computers cleaned for every 1000 MSRT executions, by operating system, in 2H08. There are fewer infected W2K machines, but as @EricLaw points out, that may be a matter of fewer W2K machines being used to browse the web.Anonymous
May 03, 2009
@Kymberlee: probably - it could also mean that those W2k machines, managed by some competent sysadmins, disable services such as MS File Sharing, don't include Terminal Server clients, and (being limited by MS to IE 6 SP1) use a different browser... Because, in case you haven't noticed, the chart states that 1 in 3 Windows XP RTM machines have been infected: more to the point, each bar doesn't represent an OS versus the other, but an OS versus itself. 3.8 % of all running Windows 2000 sp4 machines got infected.Anonymous
May 03, 2009
Mitch, you're not reading the charts correctly. First off, the chart shows infections per thousand scanned, not hundred. Secondly, your interpretation entirely ignores context; a better way of reading the chart is that XP users who haven't installed any of the service packs released in the last 8 years has a 3.36% chance of being infected by malware detected by the MSRT. Obviously, anyone who doesn't install patches is going to be at greater risk than anyone who's on the latest service pack.Anonymous
May 03, 2009
The comment has been removedAnonymous
May 03, 2009
I don't think any conclusions can be drawn from that. Vista is less of a target because no body uses it. That is also why the infection rate for 64 bit windows vista is less that 32 bit but when they are essentially the same product in terms of security. Also people using Vista are going to be more concerned about security than those using XP which means they will keep there systems up to date.Anonymous
May 04, 2009
Wayne: Nice try, but no. 64bit Vista is fully compatible with 32bit Vista, so your explanation that it's somehow less of a target makes no sense; bad guys will infect either. The difference between .3% and .37% is statistically irrelevent. Your point that Vista users are more likely to be up-to-date may be true, but I fail to see how that no "conclusions can be drawn" from that.Anonymous
May 04, 2009
The comment has been removedAnonymous
May 04, 2009
The comment has been removedAnonymous
May 04, 2009
The comment has been removedAnonymous
May 04, 2009
The comment has been removedAnonymous
May 05, 2009
@Wayne There are close to 300 million Vista users worldwide and it is the second most used OS ever after Windows XP. Your claim that nobody uses it sounds kind of ridiculous.Anonymous
May 05, 2009
@Mitch Would using numbers from the MSRT tool give any good indication for infections on business users ? Is it even used on any scale there ?Anonymous
May 05, 2009
Mitch, while I agree that you shouldn't have to look outside a chart to get its scale, the fact remains that you were RESPONDING TO A COMMENT that contained the information. So complaining here is only making you look foolish. Your claims about Win2k limited user accounts are entirely incorrect. Perhaps you're confusing this with the Enhanced Security Configuration applied by default to ALL types of user accounts on Win2k3. Or perhaps you were in an organization that used GPO. But IE itself has/had no such limits. Since you are clearly interested in this topic, why not actually READ the report instead of complaining about this necessarily concise summary?Anonymous
May 05, 2009
Talking about security : a few days ago, I ordered a Windows Genuine Advantage Kit from Microsoft for a Windows XP Pro machine. Why Microsoft sends XP SP2 CDs ? Why not SP3 ?