Securing against malware
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

Securing Against Malware PowerPoint PPT Presentation


  • 60 Views
  • Uploaded on
  • Presentation posted in: General

Securing Against Malware. Nick Hall and Fred Baumhardt Security Technology Architects Microsoft EMEA. Agenda. History of Viruses Current Threats Future…? What is Microsoft Doing?. Microsoft Execution. National Interest. Personal Gain. Personal Fame. Curiosity. The Attackers.

Download Presentation

Securing Against Malware

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Securing against malware

Securing Against Malware

Nick Hall and Fred Baumhardt

Security Technology Architects

Microsoft EMEA


Agenda

Agenda

  • History of Viruses

  • Current Threats

  • Future…?

  • What is Microsoft Doing?


The attackers

Microsoft Execution

National Interest

Personal Gain

Personal Fame

Curiosity

The Attackers

Largest Segment By $$ Spent On Defense

Largest Area By $$ Lost

Spy

Fastest

Growing

Segment

Largest Area By Volume

Thief

Trespasser

Author

Vandal

Undergraduate

Script-Kiddy

Expert

Specialist


Phishing

Phishing


Securing against malware

..this is actually the legitimate site you are returned to.


Virus information

Virus Information

  • Viruses: speed is dependent on the vector

  • File viruses took months to years to spread widely

  • Macro viruses took weeks to months

  • Mass Mailers took days

  • Code Red took about 12 hours

  • Klez went around the world in 2.5 hours

  • SQL Slammer affected the world in about 10 minutes

    Source: ICSA Virus Prevalence Survey 2003

    “Just how fast is instant messaging?”


Viruses over im

Viruses Over IM

  • "We advise customers to contact their anti-virus software provider and obtain the latest signatures for the virus, which should now be available.“

  • W32/Kelvir – Slowed down a network by putting additional traffic on it, it did not create backdoors, install keyloggers, or steal money from brokerage accounts. BUT THE NEXT ONE MIGHT !!!!

  • You're 10 times more likely to click on a URL that comes from someone on your buddy list than something that comes in over email”


Spyware

Spyware

www.ISpyNow.com

www.keykatcher.com


Spies per consumer pc

Spies per Consumer PC

Oct to Dec 2005

  • UK 21.6

  • Norway 20.3

  • Sweden: 19.1

  • Lithuania 17.2

  • Slovenia 15.7

    Source: BBC website


Securing against malware

Worm Malware Theory

Authenticate Traffic – Stops foreign Infection

Enforce Protocol Rules at the Network Device – things that break are dropped

Don’t process traffic that you didn’t ask for, understand protocols and know what to expect

  • Worms are Anonymous – they don’t carry your password database….

  • Pathogens Break protocol rules – you wrote a buffer for 72 characters – attacker sent you 182

  • Worms send clients something they didn’t ask for


Future

Future…?

  • Creation of a Superbug (usually worm propagating)?

  • Vector is changing. i.e. music, video

  • The attackers themselves are changing

  • “New World” virus writers

  • New threats like “Spear Fishing"


Securing against malware

SPAM

  • Is it Malware ?

  • Nuisance or Pain ?

  • Same mindset to AV ?

  • 4 Million mails, generate 4 responses with 1 person buying (well in the US anyway !!!)

  • Going away…………..You decide?


What is microsoft doing

What is Microsoft Doing ?

Individual users

Businesses


Securing against malware

  • Windows Services Hardening

  • Windows Firewall with advanced security

  • Reduced administrative privileges

    • User Account Protection

    • Internet Explorer 7 with Protected Mode

  • Secure Start-up

  • Integrated Anti-Malware

  • Control over removable device installation

  • Restart manager to reduce reboots

  • Security Center enhancements

  • ActiveX Opt-in puts users in control

  • Phising Filter


Securing against malware

“Windows OneCare is the comprehensive PC health service for consumers that continuously and automatically manages vital computer tasks to help protect and maintain your PC”

Product Features

Design Principles

Simple and Easy

Comprehensive

Automated

Evolving

Protection Plus

Performance Plus

Backup & Restore

Help and Support


Securing against malware

Provides businesses the control they need to protect against current and emerging malware threats

Guards against current and emerging malware threats

Prioritizes data to help focus resources on the right issues

Maximizes the value of existing investments


Securing against malware

Antigen

IM and Documents

Live Communications Server

Viruses

Worms

Antigen

SharePoint Server

E-mail

ISA Server

Antigen

Antigen

Antigen

Exchange Servers

Windows SMTP Server


Securing against malware

caching

caching

Content filtering

application publishing

content filtering

application publishing

advanced application layer firewall

advanced application layer firewall / vpn


Securing against malware

  • Transport and CAS/UM are rewritten in managed code

  • Encryption of all links among E12 servers by default if encryption can be supported

  • Emails between two E12 organizations can be encrypted over the Internet without end-user S/MIME

  • SMTP Gateway Throttling

  • Much enhanced Anti-spam protection in addition to Ex2003 IMF


Microsoft exchange hosted services

Microsoft Exchange Hosted Services

Real-time threat prevention features

Multi-layer anti-spam and anti-virus

Customized content and policy enforcement

E-mail retention for help with compliance and e-discovery

Customized report generation for help demonstrating compliance

Fully indexed, searchable archive

Uninterrupted e-mail accessibility

Rapid recovery from unplanned disasters and network outages

Thirty-day rolling historical e-mail store

Full e-mail encryption

No public and private key management

Gateway, policy-based e-mail encryption


Securing against malware

Windows Defender

Windows

Live Safety Center

Windows OneCare

Live

Microsoft

Client

Protection

MSRT

Remove most prevalent viruses

Remove all known viruses

Real-time antivirus

Remove all known spyware

Real-time antispyware

Central reporting and alerting

Customization

IT Infrastructure Integration

FOR INDIVIDUAL USERS

FOR BUSINESSES


Important dates

Important Dates

  • Q2 06

    • Exchange Hosted Services

    • Antigen V 9.0 for Exchange, SMTP & AEM

    • Microsoft Client Protection – Beta

    • Antigen for E12 – Beta

    • Windows OneCare

  • Q3 06

    • Antigen V 9.0 for IM, SharePoint

    • ISA 2006 - RTM

  • Q4 06

    • Microsoft Client Protection

    • Antigen for E12

    • ISA 2006 - RTMQ1 07

  • Q1 07

    • Windows Vista

    • Antigen for ISA


Securing against malware

© 2005-06 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


  • Login