Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Securing Against Malware Nick Hall and Fred Baumhardt Security Technology Architects Microsoft EMEA
Agenda • History of Viruses • Current Threats • Future…? • What is Microsoft Doing?
Microsoft Execution National Interest Personal Gain Personal Fame Curiosity The Attackers Largest Segment By $$ Spent On Defense Largest Area By $$ Lost Spy Fastest Growing Segment Largest Area By Volume Thief Trespasser Author Vandal Undergraduate Script-Kiddy Expert Specialist
Virus Information • Viruses: speed is dependent on the vector • File viruses took months to years to spread widely • Macro viruses took weeks to months • Mass Mailers took days • Code Red took about 12 hours • Klez went around the world in 2.5 hours • SQL Slammer affected the world in about 10 minutes Source: ICSA Virus Prevalence Survey 2003 “Just how fast is instant messaging?”
Viruses Over IM • "We advise customers to contact their anti-virus software provider and obtain the latest signatures for the virus, which should now be available.“ • W32/Kelvir – Slowed down a network by putting additional traffic on it, it did not create backdoors, install keyloggers, or steal money from brokerage accounts. BUT THE NEXT ONE MIGHT !!!! • You're 10 times more likely to click on a URL that comes from someone on your buddy list than something that comes in over email”
Spyware www.ISpyNow.com www.keykatcher.com
Spies per Consumer PC Oct to Dec 2005 • UK 21.6 • Norway 20.3 • Sweden: 19.1 • Lithuania 17.2 • Slovenia 15.7 Source: BBC website
Worm Malware Theory Authenticate Traffic – Stops foreign Infection Enforce Protocol Rules at the Network Device – things that break are dropped Don’t process traffic that you didn’t ask for, understand protocols and know what to expect • Worms are Anonymous – they don’t carry your password database…. • Pathogens Break protocol rules – you wrote a buffer for 72 characters – attacker sent you 182 • Worms send clients something they didn’t ask for
Future…? • Creation of a Superbug (usually worm propagating)? • Vector is changing. i.e. music, video • The attackers themselves are changing • “New World” virus writers • New threats like “Spear Fishing"
SPAM • Is it Malware ? • Nuisance or Pain ? • Same mindset to AV ? • 4 Million mails, generate 4 responses with 1 person buying (well in the US anyway !!!) • Going away…………..You decide?
What is Microsoft Doing ? Individual users Businesses
Windows Services Hardening • Windows Firewall with advanced security • Reduced administrative privileges • User Account Protection • Internet Explorer 7 with Protected Mode • Secure Start-up • Integrated Anti-Malware • Control over removable device installation • Restart manager to reduce reboots • Security Center enhancements • ActiveX Opt-in puts users in control • Phising Filter
“Windows OneCare is the comprehensive PC health service for consumers that continuously and automatically manages vital computer tasks to help protect and maintain your PC” Product Features Design Principles Simple and Easy Comprehensive Automated Evolving Protection Plus Performance Plus Backup & Restore Help and Support
Provides businesses the control they need to protect against current and emerging malware threats Guards against current and emerging malware threats Prioritizes data to help focus resources on the right issues Maximizes the value of existing investments
Antigen IM and Documents Live Communications Server Viruses Worms Antigen SharePoint Server E-mail ISA Server Antigen Antigen Antigen Exchange Servers Windows SMTP Server
caching caching Content filtering application publishing content filtering application publishing advanced application layer firewall advanced application layer firewall / vpn
Transport and CAS/UM are rewritten in managed code • Encryption of all links among E12 servers by default if encryption can be supported • Emails between two E12 organizations can be encrypted over the Internet without end-user S/MIME • SMTP Gateway Throttling • Much enhanced Anti-spam protection in addition to Ex2003 IMF
Microsoft Exchange Hosted Services Real-time threat prevention features Multi-layer anti-spam and anti-virus Customized content and policy enforcement E-mail retention for help with compliance and e-discovery Customized report generation for help demonstrating compliance Fully indexed, searchable archive Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages Thirty-day rolling historical e-mail store Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption
Windows Defender Windows Live Safety Center Windows OneCare Live Microsoft Client Protection MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration FOR INDIVIDUAL USERS FOR BUSINESSES
Important Dates • Q2 06 • Exchange Hosted Services • Antigen V 9.0 for Exchange, SMTP & AEM • Microsoft Client Protection – Beta • Antigen for E12 – Beta • Windows OneCare • Q3 06 • Antigen V 9.0 for IM, SharePoint • ISA 2006 - RTM • Q4 06 • Microsoft Client Protection • Antigen for E12 • ISA 2006 - RTMQ1 07 • Q1 07 • Windows Vista • Antigen for ISA
© 2005-06 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.