380 likes | 717 Views
Microsoft Security Essentials Security Intelligence Report. Cliff Evans Security and Privacy Lead Microsoft Ltd. Microsoft Security Essentials.
E N D
Microsoft Security EssentialsSecurity Intelligence Report Cliff Evans Security and Privacy Lead Microsoft Ltd
Microsoft Security Essentials For consumers needing protection from malicious software including Spyware, Viruses, Trojans and rootkits, Microsoft Security Essentials is the no-cost, high-quality anti-malware service that efficiently addresses the ongoing security needs of a genuine Windows-based PC www.microsoft.com/security_essentials
Security You Can Trust • Built on the same core security technology that is the foundation for Forefront™, Microsoft’s trusted security solution for the enterprise • Tested and certified by independent experts including West Coast Labs and ICSA labs • The vast world-wide network of PCs providing intelligence on the most current threats ensures early detection and quick response to new threats • In the event of a suspicious file, the dynamic signature service enables immediate signature download – without waiting until the next download event • New and improved technologies including live kernel behavior monitoring, anti-stealth functionality, and live rootkit removal to provide additional defense against rootkits and other aggressive threats
East To Get, Easy To Use • Available at no additional charge as a benefit of genuine Windows • Downloads and installs quickly and easily direct from Microsoft.com with no complicated registration process and no personal information collected. • Automatic, behind the scenes updates in Microsoft Security Essentials ensures that users always have the latest threat protection and prevention technology on their PC at all times - no need to upgrade or renew • Intuitive interface - with a single click, users can quickly and easily take the actions needed to keep their PC better protected.
Quiet Protection • Intelligent caching and smart memory swapping are designed in to limit the amount of memory used • CPU utilization is limited and low priority disc operations are leveraged to ensure the system remains responsive to those tasks the user is likely to be performing such as opening files or browser windows, cut/copy/past, file save, and so on • Real-time access to the latest signatures through Dynamic Signature Service means PC can stay up to date on the latest identified threats with less frequent signatures downloads • Works quietly in the background without distracting pop-ups – only notifying users if action is required to stay protected
Evolving Threat Landscape • Local Area Networks • First PC virus • Boot sector viruses • Create notorietyor cause havoc • Slow propagation • 16-bit DOS • Internet Era • Macro viruses • Script viruses • Key loggers • Create notorietyor cause havoc • Faster propagation • 32-bit Windows • Hyper jacking • Peer to Peer • Social engineering • Application attacks • Financial motivation • Targeted attacks • Network device attacks • 64-bit Windows • Broadbandprevalent • Spyware, Spam • Phishing • Botnets & Rootkits • War Driving • Financial motivation • Internet wide impact • 32-bit Windows 1986–1995 1995–2000 2000–2007 2007+
Microsoft Security Response Trustworthy Computing Protecting customers throughout the entire life cycle (in development, deployment and operations) Microsoft Security Response Center (MSRC) Conception Microsoft Security Engineering Center (MSEC) EcoStrat Product Life Cycle MSRC Ops Security Development Lifecycle (SDL) MSRC Engineering Security Assurance Microsoft Malware Protection Center (MMPC) Security Science Release
Comparing Incidents MS08-067October 2008 (Conficker) BlasterAugust 2003 SasserApril 2004 ZotobAugust 2005 Before publicly known (MAPP) Alert and prescriptive guidance Within 1 day Within 2 hours 2 days prior Online guidance/ Webcast Within 10 days Within 2 days 3 times, 2x Same day Same day Free worm removal tool Within 38 days Within 3 days Within 3 days Didn’t need one* Update available after 1st exploit +11 days +4 days +2 days -11 days Products not affected by attacks Vista, Server 2008 none none XPSP2 *at the time of the security update release and the immediate aftermath
Client Operating Systems http://blogs.technet.com/security
MicrosoftSecurity Intelligence Report Briefing Presentation Volume 6 (July through December 2008) www.microsoft.com/sir
Security Intelligence Report volume 6(July-December 2008) • Report addresses data and trends observed over the past several years, but focuses on the second half of 2008 (2H08) • Major sections cover • The Threat Ecosystem • Software Vulnerability Disclosures • Software Vulnerability Exploits • Browser-Based and Document Format Exploits • Security and Privacy Breaches • Malicious Software and Potentially Unwanted Software • Email, Spam, Phishing and Drive-By Download Threats • Special Focus on Rogue Security Software • Report builds on five previous editions of the SIR
Security Intelligence Report volume 6(July-December 2008) Data Sources • Software Vulnerability Disclosures • Common Vulnerabilities and Exposures Website • http://cve.mitre.org • http://www.first.org/cvss • National Vulnerability Database (NVD) Web site • http://nvd.nist.gov/ • Security Web sites • Vendor Web sites and support sites • Security Breach Notifications • http://datalossdb.org
Security Intelligence Report volume 6(July-December 2008) Data Sources • Malicious Software and Potentially Unwanted Software • Data from several hundred million computers worldwide • Some of the busiest services on the Internet (e.g. Hotmail) • During 2H08 MSRT executed 2.2 billion times • Since January 2005 total MSRT executions surpass 15 billion • Also data from Windows Live Search and the Microsoft Windows Safety Platform
Industry Wide Software Vulnerability DisclosuresBy half year, industry wide • Disclosures in 2H08 down 3% from 1H08 • Disclosure for all of 2008 down 12% from 2007 Industry-wide vulnerability disclosures by half-year, 2H03-2H08
Security Vulnerability DisclosuresOperating system, Browser and Application Disclosures – Industry Wide • Operating system vulnerabilities – 8.8% of the total • Browser vulnerabilities – 4.5% of the total • Other vulnerabilities – 86.7% of the total Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08
Security Vulnerability DisclosuresMicrosoft vulnerability disclosures • Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-Microsoft products, 2H03-2H08 Non-Microsoft Microsoft
Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows XP-based machines • On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities • The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006 The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08 Microsoft Vulnerabilities Third-Party Vulnerabilities
Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows Vista-based machines • On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08 Third-Party Vulnerabilities
Adobe PDF Document ExploitsExploits against common document formats • Attacks spiked significantly in 2H08 • Both vulnerabilities exploited had updates available from Adobe and did not exist in the most recent version of Adobe products Adobe Reader exploits by month in 2008, indexed to the monthly average for 2H08
Security Breach TrendsStudy details • Study of publicly reported security breaches worldwide • Hacking and viruses less than 20% of all notifications in 2H08 • 50% of breaches in 2H08 resulted from stolen equipment Security breach incidents by type, expressed as percentages of the total, 2H07-2H08
Malicious And Potentially Unwanted SoftwareInfection rates by country/region in 2H08
Data from All Microsoft Security ProductsTop 25 Families in United Kingdom
Malicious And Potentially Unwanted SoftwareOperating system trends • The infection rate of • Windows Vista SP1 was 60.6% less than Windows XP SP3 • Windows Vista with no service pack was 89.1% less than Windows XP with no service pack installed
Rogue Security SoftwareProfiting from Fear and Trust • Some rogue security software families mimic genuine Windows security warnings • Clicking “Recommendations” initiates a registration and purchase process
Rogue Security SoftwareProfiting from Fear and Trust • Some variants of Win32/FakeXPA display fake “blue screen” error messages
Social Engineering as a WeaponLegal Action Against Rogues • Microsoft Internet Safety Enforcement Team (ISET) partners with governments, law enforcement, and industry partners worldwide • Several legal cases initiated against the creators and distributors of rogue security software • For full details of these legal actions please refer to the full Security Intelligence Report volume 6 document
E-Mail ThreatsSpam Trends and Statistics • Microsoft Forefront Online Security for Exchange filtered 97.3 percent of all e-mail messages received in 2H08
MicrosoftSecurity Intelligence Report www.microsoft.com/sir
Microsoft Security www.microsoft.com/security
Microsoft Security Update Guide http://www.microsoft.com/downloads/details.aspx?FamilyID=c3d986d0-ecc3-4ce0-9c25-048ec5b52a4f&displaylang=en
www.microsoft.com/mscorp/twc/blogs Microsoft Security Blog Aggregator
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.