Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Microsoft Issues Security Report for Jan-Jun 2008

Microsoft's Malware Protection Centre has released Volume 5 of their Security Intelligence Report (SIR), covering January to June 2008. While it may not have the independence of reporting from OWASP, ISC, US-CERT, or a number of other bodies, coming from the largest operating system and software vendor it is a very interesting point of view on the state of computer security, as observed by Microsoft.

While the report doesn't cover threats and malware targeting non-Windows operating systems, it provides a very detailed look at the ecosystem of malware and threats that infects Microsoft systems across the globe, including detailed breakdown of per-country infection rates and types. This per-country reporting throws up some interesting statistics about the prevalence of different malware types in different countries. For countries like Brazil and South Korea, the relative distribution of malware types speaks volumes about how these countries have seen their local IT infrastructure and composition evolve.

Some of the positive highlights from the report are the improvement (decrease) in the number of vulnerabilities reported, while at the same time seeing an increase in the overall number of serious vulnerabilities being reported. Perhaps Volume 6 of the report will show some different results, with October's large number of security patches, Kaminsky's DNS flaw, the unreleased TCP/IP vulnerability, and the Critical out of cycle patch for the RPC Service potentially skewing the next set of results.

One statistic to keep an eye on in future reports is the relative global distribution and percentage of systems requiring cleaning every time the Microsoft security tools are run. As identified in Volume 5, there appears to be a clustering of systems requiring disinfection following tool use in countries that are otherwise considered to be "developing". Given the borderless nature of the Internet, it suggests alternative infection mechanisms for systems in those countries (such as sneakernet).

It is also an interesting observation that countries traditionally seen as copyright infringement hotspots are not reporting as such a high risk as others. Perhaps systems using infringing copies of Microsoft software in those countries have been configured not to report back to Microsoft or just aren't running Microsoft's security tools in the first place.

Given the depth of excellent data provided in the SIR, it is important to at least be aware of a possible self-selection bias in the reporting of problems detected and removed. It appears that most of the raw data used to compile the report came from Microsoft security tools that had been installed and operated on end user systems, as well as from selected online service providers. This means that systems and sites that use alternate security suites that detected and removed problems before the Microsoft tools will not have their data appearing in the report. Likewise, systems where the "Call Home" feature is disabled or blocked will not see their results appear, either.

It does look like Microsoft made an attempt to source data from outside of their own networks and tools, using the (and site to build statistics about the relative percentages of security breach incidents - data that Microsoft's own tools would not have been able to gather. It should be cautioned that, although it is probably the best online archive of data loss incidents, the information presented through / only identifies openly reported data loss cases. It isn't able to capture incidents that don't receive media coverage, or which aren't reported directly to the site.

Despite lacking information on non-Microsoft operating systems and the Internet as a whole, the SIR justifiably takes its place alongside those from OWASP and ISC as being one of the key security reports that should be read and appreciated by the modern Information Security employee.

7 November 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.