Network News

X My Profile
View More Activity

Microsoft Security Report: A Mixed Bag

Microsoft's successes in producing more secure software are being offset in part by organized cyber criminals, who continue to make inroads into customer PCs largely through faulty third-party software and old-fashioned trickery, the software giant said in a report released today.

The analysis comes in Microsoft's latest "Security Intelligence Report," which examined the prevalence of malicious software threats removed from Windows machines by the company's various free and subscription security offerings in the first half of this year.

Malware that promotes rogue security and anti-virus programs continues to be the largest single security problem plaguing Microsoft Windows users, the company said. Redmond found that Trojan horse programs - specifically, those that attempt so-called drive-by downloads -- were responsible for the biggest share of malicious software Microsoft removed from systems this year (about 30 percent). The overwhelming majority of that malware highlights non-existent threats on the victim's PC in an effort to scare the victim into buying bogus security software.

Microsoft said "Win32/Zlob" and "Win32/Renos," both long associated with these "scareware" products, were responsible for 96 percent of computers scrubbed of Trojans and downloaders. The third most prevalent Trojan on Windows machines this year - "Win32/Virtumonde" - is another nasty Trojan connected to scareware marketing.

Microsoft said its security products cleaned PCs of roughly 16 million of these scareware-related Trojans in the first half of this year.

Not surprisingly, the prevalence of these programs is being fueled by huge profits that hackers can make by foisting them on unsuspecting users. Joe Stewart, director of malware research at SecureWorks in Atlanta, found that hackers who sign up with cyber criminal syndicates to install and spread fake security programs like AntivirusXP2008/2009 can earn commissions of anywhere from $58,000 to $158,000 in a single week.

In September, Microsoft joined Washington State in filing a number of lawsuits to learn the identities of those profiting from scareware products.

SIRgraphic.jpg

Much of the data in this report reads a bit like an ad for Microsoft Vista, Redmond's latest version of Windows. The software giant includes a number of graphics explaining why consumers are safer using Vista than any other Microsoft OS. But it fails to mention that the feature that probably protects users the most -- called "user account control" -- pops up an annoying "are you sure you want to do this" message so many times that people are apt to eventually turn it off.

Microsoft says that on Windows XP systems, half of the top 10 browser-based attacks target security holes in its Internet Explorer Web browser, while the rest try to exploit flaws in third-party IE plug-ins, such as Apple's QuickTime player, RealPlayer, or Yahoo add-ons. In contrast, none of the top 10 most prevalent browser attacks against Windows Vista systems target IE flaws, the company found.

While this is apparently good news for Windows Vista users, it merely places more of the security responsibility squarely on the users' shoulders to keep third-party software up-to-date, since none of the top threats are exploiting flaws that Microsoft can fix in its monthly patch updates.

Overall, Microsoft reports that the total amount of malware removed from computers around the world by Microsoft security products in the first half of 2008 was substantially higher than in the latter half of 2007 (a 43 percent increase). It acknowledges that this increase has as much to do with a spike in the number of online attacks as it does its own visibility into the problem: That is, a greater number of consumers adopting its free tools (Windows Live OneCare scanner, Windows Defender and the malicious software removal tool) and fee-based security offerings (Windows Live OneCare, Exchange Hosted Services).

Without a doubt, these services have allowed Microsoft to help customers stay safer online, while offering Microsoft an unprecedented view into the cyber crime economy: The company's massive Security Intelligence Report spans 150 pages and includes fascinating charts that detail the most prevalent attacks broken down by more than 100 locations around the world.

But make no mistake: This level of insight would not be possible if Microsoft wasn't one of the largest security software makers on the planet. While Microsoft first stepped into the security space with its Windows Live service in 2005, it did so gingerly amid concerns that it could be perceived as capitalizing off of a market it helped to create. These days, Microsoft is fast emerging as a major player in the security space.

John Pescatore, an analyst with Gartner Inc., said Microsoft is probably still ranked number 4 in the consumer desktop space, behind Symantec, McAfee and Trend Micro.

"If you go by revenues for desktop security overall, Trend is still probably larger than Microsoft, but we won't have the detailed market share numbers for a while," Pescatore said. "If you just look at small business and consumer sales, Microsoft is probably up to [number] 3."

Other notable findings from the report:

-90 percent of all e-mail in the first half of 2008 was spam. Half of that junk e-mail touted knockoff pharmaceuticals.

-Software security flaws rated "high" in severity increased 13 percent in the first six months of 2008, with nearly half of all new vulnerabilities earning high severity ratings. Meanwhile, the percentage of disclosed flaws rated low in complexity (easiest to exploit) also increased, to 56 percent.

-90 percent of security flaws disclosed in the first half of this year affected applications (as opposed to the underlying operating system).

By Brian Krebs  |  November 3, 2008; 1:39 PM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Virtual Heist Nets 500,000+ Bank, Credit Accounts
Next: Taming Vista's User Account Control Pop-Ups

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company