microsoft security essentials security intelligence report l.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Security Essentials Security Intelligence Report PowerPoint Presentation
Download Presentation
Microsoft Security Essentials Security Intelligence Report

Loading in 2 Seconds...

play fullscreen
1 / 38

Microsoft Security Essentials Security Intelligence Report - PowerPoint PPT Presentation

  • Uploaded on

Microsoft Security Essentials Security Intelligence Report. Cliff Evans Security and Privacy Lead Microsoft Ltd. Microsoft Security Essentials.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Microsoft Security Essentials Security Intelligence Report' - mavis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
microsoft security essentials security intelligence report

Microsoft Security EssentialsSecurity Intelligence Report

Cliff Evans

Security and Privacy Lead

Microsoft Ltd

microsoft security essentials
Microsoft Security Essentials

For consumers needing protection from malicious software including Spyware, Viruses, Trojans and rootkits, Microsoft Security Essentials is the no-cost, high-quality anti-malware service that efficiently addresses the ongoing security needs of a genuine Windows-based PC

security you can trust
Security You Can Trust
  • Built on the same core security technology that is the foundation for Forefront™, Microsoft’s trusted security solution for the enterprise
  • Tested and certified by independent experts including West Coast Labs and ICSA labs
  • The vast world-wide network of PCs providing intelligence on the most current threats ensures early detection and quick response to new threats
  • In the event of a suspicious file, the dynamic signature service enables immediate signature download – without waiting until the next download event
  • New and improved technologies including live kernel behavior monitoring, anti-stealth functionality, and live rootkit removal to provide additional defense against rootkits and other aggressive threats
east to get easy to use
East To Get, Easy To Use
  • Available at no additional charge as a benefit of genuine Windows
  • Downloads and installs quickly and easily direct from with no complicated registration process and no personal information collected.
  • Automatic, behind the scenes updates in Microsoft Security Essentials ensures that users always have the latest threat protection and prevention technology on their PC at all times - no need to upgrade or renew
  • Intuitive interface - with a single click, users can quickly and easily take the actions needed to keep their PC better protected.
quiet protection
Quiet Protection
  • Intelligent caching and smart memory swapping are designed in to limit the amount of memory used
  • CPU utilization is limited and low priority disc operations are leveraged to ensure the system remains responsive to those tasks the user is likely to be performing such as opening files or browser windows, cut/copy/past, file save, and so on
  • Real-time access to the latest signatures through Dynamic Signature Service means PC can stay up to date on the latest identified threats with less frequent signatures downloads
  • Works quietly in the background without distracting pop-ups – only notifying users if action is required to stay protected
evolving threat landscape
Evolving Threat Landscape
  • Local Area Networks
  • First PC virus
  • Boot sector viruses
  • Create notorietyor cause havoc
  • Slow propagation
  • 16-bit DOS
  • Internet Era
  • Macro viruses
  • Script viruses
  • Key loggers
  • Create notorietyor cause havoc
  • Faster propagation
  • 32-bit Windows
  • Hyper jacking
  • Peer to Peer
  • Social engineering
  • Application attacks
  • Financial motivation
  • Targeted attacks
  • Network device attacks
  • 64-bit Windows
  • Broadbandprevalent
  • Spyware, Spam
  • Phishing
  • Botnets & Rootkits
  • War Driving
  • Financial motivation
  • Internet wide impact
  • 32-bit Windows





microsoft security response
Microsoft Security Response

Trustworthy Computing

Protecting customers throughout the entire life cycle

(in development, deployment and operations)

Microsoft Security Response Center



Microsoft Security Engineering Center (MSEC)


Product Life Cycle


Security Development Lifecycle (SDL)

MSRC Engineering

Security Assurance

Microsoft Malware Protection Center (MMPC)

Security Science


comparing incidents
Comparing Incidents

MS08-067October 2008


BlasterAugust 2003

SasserApril 2004

ZotobAugust 2005

Before publicly known (MAPP)

Alert and prescriptive guidance


1 day


2 hours

2 days


Online guidance/ Webcast


10 days


2 days

3 times, 2x Same day

Same day

Free worm removal tool


38 days


3 days


3 days

Didn’t need one*

Update available after 1st exploit

+11 days

+4 days

+2 days

-11 days

Products not affected by attacks


Server 2008




*at the time of the security update release and the immediate aftermath

client operating systems
Client Operating Systems


MicrosoftSecurity Intelligence Report Briefing Presentation

Volume 6 (July through December 2008)

security intelligence report volume 6 july december 2008
Security Intelligence Report volume 6(July-December 2008)
  • Report addresses data and trends observed over the past several years, but focuses on the second half of 2008 (2H08)
  • Major sections cover
    • The Threat Ecosystem
    • Software Vulnerability Disclosures
    • Software Vulnerability Exploits
    • Browser-Based and Document Format Exploits
    • Security and Privacy Breaches
    • Malicious Software and Potentially Unwanted Software
    • Email, Spam, Phishing and Drive-By Download Threats
    • Special Focus on Rogue Security Software
  • Report builds on five previous editions of the SIR
security intelligence report volume 6 july december 2008 data sources
Security Intelligence Report volume 6(July-December 2008) Data Sources
  • Software Vulnerability Disclosures
    • Common Vulnerabilities and Exposures Website
    • National Vulnerability Database (NVD) Web site
    • Security Web sites
    • Vendor Web sites and support sites
  • Security Breach Notifications
security intelligence report volume 6 july december 2008 data sources13
Security Intelligence Report volume 6(July-December 2008) Data Sources
  • Malicious Software and Potentially Unwanted Software
    • Data from several hundred million computers worldwide
    • Some of the busiest services on the Internet (e.g. Hotmail)
    • During 2H08 MSRT executed 2.2 billion times
    • Since January 2005 total MSRT executions surpass 15 billion
  • Also data from Windows Live Search and the Microsoft Windows Safety Platform
industry wide software vulnerability disclosures by half year industry wide
Industry Wide Software Vulnerability DisclosuresBy half year, industry wide
  • Disclosures in 2H08 down 3% from 1H08
  • Disclosure for all of 2008 down 12% from 2007

Industry-wide vulnerability disclosures by half-year, 2H03-2H08

Security Vulnerability DisclosuresOperating system, Browser and Application Disclosures – Industry Wide
  • Operating system vulnerabilities – 8.8% of the total
  • Browser vulnerabilities – 4.5% of the total
  • Other vulnerabilities – 86.7% of the total

Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08

security vulnerability disclosures microsoft vulnerability disclosures
Security Vulnerability DisclosuresMicrosoft vulnerability disclosures
  • Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale

Vulnerability disclosures for Microsoft and non-Microsoft products, 2H03-2H08



microsoft vulnerability exploit details top 10 browser based exploits on windows xp based machines
Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows XP-based machines
  • On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities
  • The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006

The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08





Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows Vista-based machines
  • On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities

The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08



adobe pdf document exploits exploits against common document formats
Adobe PDF Document ExploitsExploits against common document formats
  • Attacks spiked significantly in 2H08
  • Both vulnerabilities exploited had updates available from Adobe and did not exist in the most recent version of Adobe products

Adobe Reader exploits by month in 2008, indexed to the monthly average for 2H08

security breach trends study details
Security Breach TrendsStudy details
  • Study of publicly reported security breaches worldwide
  • Hacking and viruses less than 20% of all notifications in 2H08
  • 50% of breaches in 2H08 resulted from stolen equipment

Security breach incidents by type, expressed as percentages of the total, 2H07-2H08

malicious and potentially unwanted software operating system trends
Malicious And Potentially Unwanted SoftwareOperating system trends
  • The infection rate of
    • Windows Vista SP1 was 60.6% less than Windows XP SP3
    • Windows Vista with no service pack was 89.1% less than Windows XP with no service pack installed
rogue security software profiting from fear and trust
Rogue Security SoftwareProfiting from Fear and Trust
  • Some rogue security software families mimic genuine Windows security warnings
  • Clicking “Recommendations” initiates a registration and purchase process
rogue security software profiting from fear and trust30
Rogue Security SoftwareProfiting from Fear and Trust
  • Some variants of Win32/FakeXPA display fake “blue screen” error messages
social engineering as a weapon legal action against rogues
Social Engineering as a WeaponLegal Action Against Rogues
  • Microsoft Internet Safety Enforcement Team (ISET) partners with governments, law enforcement, and industry partners worldwide
  • Several legal cases initiated against the creators and distributors of rogue security software
  • For full details of these legal actions please refer to the full Security Intelligence Report volume 6 document
e mail threats spam trends and statistics
E-Mail ThreatsSpam Trends and Statistics
  • Microsoft Forefront Online Security for Exchange filtered 97.3 percent of all e-mail messages received in 2H08



microsoft security update guide
Microsoft Security Update Guide







© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.