November 21, 2008 at 4:43 am ·
Filed under PR, Releases, Security
Last week they released a Microsoft Security Intelligence Report and they’ve asked for help in driving awareness of this report to the IT Community. So here’s my contribution to that:
The following items have been published on the dedicated SIR section of the dot com:
Microsoft Security Intelligence Report volume 5, XPS and PDF format, approx. 145 pages including data and analysis on:
- NEW - The threat ecosystem, narrative section
- Security vulnerability disclosures, industry-wide and Microsoft specific
- Vulnerability exploits, Microsoft specific
- NEW - Browser-based exploits, Microsoft and third-party
- Security and privacy breach reports
- Malicious and potentially unwanted software trends
- Focus on malware and signed code
- NEW – specific malware and potentially unwanted software data for 15 locations worldwide (United States, Canada, United Kingdom, Australia, Brazil, France, Germany, China, Hungary, Italy, Japan, Norway, Russia, South Africa, and the Gulf Cooperation Council)
- SIR Key Findings Summary, XPS and PDF format, approx. 15 pages, published in English, Chinese (Simplified and Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazilian), Russian and Spanish
- Executive Summary, XPS and PDF format, approx. 5 pages, English only
- “Bret and Vinny Show” video introduction to the report
Download the 5th Security Intelligence Report (January - June 2008) right here.
If you want to stay up to date with the Search and Response of malware and the likes, bookmark the security portal for regular updates on issues and solutions.
More information at the Microsoft Malware Protection Center blog
November 20, 2008 at 12:27 pm ·
Filed under PR, Releases, Security
To address the growing need for a PC security solution tailored to the demands of emerging markets, smaller PC form factors and rapid increases in the incidence of malware, Microsoft plans to offer a new consumer security offering focused on core anti-malware protection.
Code-named “Morro,” this streamlined solution will be available in the second half of 2009 and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs. As part of Microsoft’s move to focus on this simplified offering, it was also announced on that day that the Windows Live OneCare subscription service retail sales will be discontinued effective June 30, 2009.
“Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware.”
“Because uptake of standard anti-malware is low around the world, particularly in developing nations, the availability of basic protection for anyone who wants it is all the more important,” said Roger Kay, founder and president of Endpoint Technologies Associates. “By offering such basic protection at no charge to the consumer, Microsoft is promoting a safer environment for PCs, service providers and e-commerce itself, since it is through unprotected PCs that the worst threats are introduced to the system as a whole.”
“Morro” will be available as a stand-alone download and offer malware protection for the Windows XP, Windows Vista and Windows 7 operating systems. When used in conjunction with the ongoing security and privacy enhancements of Windows and Internet Explorer, this new solution will offer consumers a robust, no-cost security solution to help protect against the majority of online threats.
Windows Live OneCare will continue to be sold for Windows XP and Windows Vista at retail through June 30, 2009. Direct sales of OneCare will be gradually phased out when “Morro” becomes available. Regardless of their method of purchase, Microsoft will ensure that all current customers remain protected through the life of their subscriptions.
More info on the OneCare team blog
October 30, 2008 at 3:21 pm ·
Filed under Releases, Security
Jeff Jones, Strategy Director at Microsoft’s Security Technology Unit published a report with findings about vulnerabilities and Days-Of-Risk. In this report he compares the Open Source OSs, Mac, XP and Vista based on the public data available (ref Appendix C in the report). This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. The report further drills down to examine just those issues affecting the commonly installed desktop operating system components.
The key findings for 1H08:
- The four vendors fixed a total 585 vulnerabilities in 1H08. 26.8% affected multiple vendors and of those, only 8 were fixed on the same day – the rest had an average 35 day delay between the first available fix and the last available fix.
- Microsoft had the lowest average Days of Risk for all vulnerabilities fixed at 24.22 days, with the next closest vendor at 72 days.
- For desktop OS vulnerabilities, Windows Vista had the fewest vulnerabilities in 1H08 at 21. The next lowest number was Windows XP SP2 at 26.
- Windows Vista customers experienced full or partial mitigation for 46% of the 26 vulnerabilities affecting Windows XP SP2 in 1H08, but also experienced one additional vulnerability in new code.
From the report come these two lovely graphs:
In the first one (Graph 6) the chart includes vulnerabilities from all components supported by the vendor as part of the
product. In this view, Windows Vista had the fewest vulnerabilities and rheld5c had the most.
The second one (Graph 7), gives one the ability to compare vulnerabilities by severity for each product, but applying the same arguments as for the first one (Graph 6), Jeff also wanted to see a view with weight applied for severity.
You can check Jeff’s blogpost, or download the report to read it through.
