1 / 28

Security Trends and Update—The Microsoft Security Intelligence Report v7

Security Trends and Update—The Microsoft Security Intelligence Report v7. Joanie Rhine Senior Security Technology Specialist Microsoft Corporation Joanie.rhine@microsoft.com. Security Intelligence Report (SIR).

elon
Download Presentation

Security Trends and Update—The Microsoft Security Intelligence Report v7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Trends and Update—The Microsoft Security Intelligence Report v7 Joanie Rhine Senior Security Technology Specialist Microsoft Corporation Joanie.rhine@microsoft.com

  2. Security Intelligence Report (SIR) • This Security Intelligence Report addresses data and trends observed over the past several years, but focuses on the first half of 2009 (1H09) • Major sections cover • The Threat Ecosystem • Software Vulnerability Disclosures • Software Vulnerability Exploits • Browser-Based and Document Format Exploits • Security and Privacy Breaches • Malicious Software and Potentially Unwanted Software • Email, Spam, Phishing and Drive-By Download Threats • Special Focus on Rogue Security Software • Country/region Specific Data for 12 Locations Worldwide • Report builds on six previous editions of the SIR • Number of data sources = 450 million devices

  3. Vinny and Ken talk SIRv7

  4. Software Vulnerability Disclosure Trends

  5. Software Vulnerability DisclosuresMicrosoft vulnerability disclosures • Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-Microsoft products, 1H04-1H09 Non-Microsoft Microsoft

  6. Software Vulnerability DisclosuresOperating system, Browser and Application Disclosures – Industry Wide • Application vulnerabilities down sharply in 1H09 • OS and browser vulnerabilities relatively stable Operating system, browser & application vulnerabilities as a percentage of all disclosures, 1H04-1H09

  7. Microsoft Vulnerability Exploit DetailsResponsible Disclosure Rates • Responsible disclosure rates rose to a high of 79.5% Responsible disclosures as a percentage of all disclosures involving Microsoft software, 1H05-1H09

  8. Malicious and Potentially Unwanted Software Trends

  9. Malicious And Potentially Unwanted SoftwareOperating system trends • Infection rates of • Windows Vista SP1 were 61.9% less than Windows XP SP3 • Windows Vista with no service pack were 85.3% less than Windows XP with no service pack installed Number of computers cleaned for every 1,000 MSRT executions, by operating system, 1H09

  10. Malicious And Potentially Unwanted SoftwareOperating system trends over time • Relative OS infection rates remain consistent over time Computers cleaned by threat category, in percentages, 2H06-1H09

  11. Malicious And Potentially Unwanted Software Top malware and potentially unwanted families Top 15 malware and potentially unwanted software families detected by Microsoft anti-malware desktop products worldwide, by number of unique infected computers, in 1H09

  12. Update Service Usage Over TimeMicrosoft Update and Windows Update • Adoption of Microsoft Update has risen significantly • Microsoft Update provides a more comprehensive solution than Windows Update alone Usage of Windows Update and Microsoft Update, 2H06-1H09, indexed to 2H06 total usage

  13. Update Service Usage ImpactThe role of automatic updating • A Windows Defender signature issued via Microsoft Update had a significant and dramatic impact on Win32/Renostrojan infections Daily Windows error reports caused by Win32/Renos on Windows Vista computers in February and March 2007

  14. E-Mail ThreatsSpam trends and statistics • More than 97% of unwanted e-mail messages were blocked at the edge Percentage of incoming messages blocked by FOPE using edge-blocking and content filtering, 1H06-1H09

  15. E-Mail ThreatsSpam trends and statistics • Spam was dominated by product advertisements in 1H09 Inbound messages blocked by FOPE content filters, by category, in 1H09

  16. E-Mail ThreatsGeographic origins of spam messages • Most spam is sent through botnets or other automated tools • The geographic origin of spam does not necessarily indicate the physical location of the spammer Geographic origins of spam, by percentage of total spam sent, in 1H09

  17. E-Mail ThreatsReputation Hijacking • Educational institutions are the source of most spam sent, despite accounting for a low portion of the FOPE customer base • Computer management strategies may be less strict Outbound spam sent through FOPE, by type of organization, in 1H09

  18. Malicious Web SitesAnalysis of phishing sites • Phishing impressions suddenly increased in May and June 2009 Phishing impressions tracked each month in 2H08 and 1H09, indexed to January 2009

  19. Malicious Web SitesTarget institutions • The significant increase in phishing impressions seems to have been driven by one or more campaigns targeting social networks Impressions for each type of phishing site each month in 1H09

  20. Malicious Web SitesDistribution of phishing sites, worldwide - 1H09

  21. Software Vulnerability Exploit Details

  22. Software Vulnerability Exploit DetailsBrowser-based exploits by operating system and software vendor • On Windows XP-based machines, Microsoft vulnerabilities account for 56.4% of the exploits • On Windows Vista-based machines, Microsoft vulnerabilities account for only 15.5% of the exploits Browser-based exploits targeting Microsoft and third-party software on computers running Windows XP in1H09 Browser-based exploits targeting Microsoft and third-party software on computers running Windows Vista in 1H09

  23. Software Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows XP-based machines • On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities • The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006 The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, by percentage of all exploits in 1H09

  24. Software Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows Vista-based machines • On Windows Vista-based machines Microsoft software accounted for only one of the top 10 vulnerabilities The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, by percentage of all exploits in1H09

  25. Security Breach Trends

  26. Security Breach TrendsStudy details • Hacking and viruses less than 25 percent of all notifications in 1H09 • Most breaches resulted from stolen, lost or improperly disposed of equipment Security breach incidents, by incident type, 2H07 – 1H09

  27. Microsoft Security Essentials High quality consumer AV protection for Genuine Windows PCs available at no cost Easy to get, Easy to use High Quality Quiet • Real-time protection • Industry certified • Same AV/AM engine trusted by enterprises • Broad network of PCs providing telemetry • Backed by Microsoft Security Response Center • Trusted download • No registration • No trial conversions or expirations • Automatic updates • Simple user interface • Runs in the background • Smart scheduling and resource utilization • Lightweight design • Limited impact on PC performance

  28. Resources • www.microsoft.com/sir • www.microsoft.com/mmpc • www.microsoft.com/security_essentials • www.microsoft.com/forefront

More Related