Archive

Archive for the ‘SIR’ Category

New research shows rise in “deceptive downloads”

May 7th, 2014 No comments

According to the latest cybersecurity report from Microsoft, “deceptive downloads” were the top threat for 95 percent of the 110 countries surveyed.

What are deceptive downloads?

Deceptive downloads are legitimate downloadable programs (usually free) such as software, games, or music that cybercriminals bundle with malicious items.

For example, you might receive a file in email or through social networking, but when you try to open it you see a message that says you don’t have the right software to open it. You do a search online and come across a free software download that claims it can help you open the file. You download that software, but you unknowingly might also be downloading malicious software (also known as “malware”) with it. This malware might have the ability to access personal information on your computer or use your computer for cybercrime.

It could be months or even years before you notice your system has malware.

How can I avoid deceptive downloads?

What should I do if I think I’ve been a victim of a deceptive download?

Do a scan with your antivirus software. If your computer is running Windows 8 or Windows 8.1, you can use the built-in Windows Defender to check for and to help you get rid of a virus or other malware.

If your computer is running Windows 7 or Windows Vista, do the following:

What is the Security Intelligence Report?

The Microsoft Security Intelligence Report (SIR) covers research on computer security, including software vulnerabilities, exploits, and malicious and potentially unwanted software. Volume 16 of the report was released today. If you want to learn more about deceptive downloads and other key findings, please visit Microsoft.com/SIR.

Newer software can increase your computer security

October 31st, 2013 No comments

This week we released volume 15 of the Security Intelligence Report (SIR), which covers our research on computer security, including software vulnerabilities, exploits, and malicious and potentially unwanted software.

One of the key findings to surface from the latest report is the increased risk of using old, unsupported software and emphasizes the positive impact of security innovations and technologies in newer software. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities.

For more information, see New cybersecurity report details risk of running unsupported software.

For more information, see our Microsoft on the Issues blog post titled “New cybersecurity report details risk of running unsupported software.”

Support for Windows XP ends in April 2014

Windows XP was released almost 12 years ago, which is an eternity in technology terms. While we are proud of the success of Windows XP in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern-day threats and increasingly sophisticated cybercriminals. 

If you’re still using Windows XP, you’re missing out on all kinds of enhancements to computer security, productivity, and performance that are available in Windows 7 and Windows 8.

Find out what end of support for Windows XP means to you.

Microsoft Security Intelligence Report v14: Why antivirus software matters

April 17th, 2013 No comments

The latest volume of the Security Intelligence Report (SIR) highlights the importance of using antivirus software.

Antivirus software helps protect your computer from malicious software (malware) and can be downloaded or installed inexpensively or at no charge. Still, according to the SIR v14 findings, 24 percent of computers worldwide were not running up-to-date antivirus software, leaving them 5.5 times more likely to be infected with viruses.

Possible reasons why your computer may not be protected:

This new edition of the SIR compares infections on protected and unprotected computers, offering evidence as to how many people are not using up-to-date antivirus software and are thus facing increased risk.

If you don’t have antivirus software, Microsoft recommends that you download it now from Microsoft or from another trusted vendor. If you already have Windows 8, antivirus software is included with the operating system. You are not required to do anything to set it up. If you are using older versions of Windows, Microsoft provides a free antivirus software called Microsoft Security Essentials, which can be downloaded from our website. Many of our partners also offer antivirus software.

Data used in the SIR analysis includes (but is not limited to):

  • Threat intelligence from more than 1 billion systems in more than 100 countries and regions.
  • Microsoft Security Essentials—operating globally in more than 30 languages.
  • Malicious Software Removal Tool—downloaded and executed more than 1 billion times in the second half of 2012.
  • Billions of pages scanned by Bing each day.

Learn more about the SIR findings related to antivirus protection.

Take action to help protect your computer and reduce the risk of becoming a victim to cybercrime:

Beware of deceptive downloads

October 18th, 2012 No comments

The Microsoft Security Intelligence Report (SIR) analyzes online threats using data from Internet services and over 600 million computers worldwide. Volume 13 of the SIR is now available and focuses on vulnerability disclosures from the first and second quarters of 2012.

A featured article, Deceptive Downloads: Software, Music, and Movies, highlights a growing trend of malware infection associated with unsecure supply chains, including legitimate sites that make shareware and music available for public downloads.

Download the latest report

Protect your PC from the Conficker worm

May 10th, 2012 No comments

The most recent Microsoft Security Intelligence Reports (SIR) describes the ongoing threat of the Conficker worm and urges businesses and individuals to apply security updates.

Microsoft first recognized the Conficker threat in November 2008 and since then the Microsoft Malware Protection Center has been regularly releasing security updates to help protect against Conficker. The worm continues to spread when businesses and individuals don’t install these patches and update their systems and the use of weak passwords in the business sector environment. The worm was also able to infect large numbers of computers when system administrators used the Autorun feature in Windows XP and Windows Vista and through the use of weak passwords.

Think you’re computer or network is infected with Conficker? Get clean up tips.

Newly updated MMPC whitepapers now available

July 8th, 2011 No comments

Would you like to know more about the MMPC, and how we protect computer users worldwide? We have released new versions of two whitepapers which describe how the MMPC operates, and provide an introduction to the antimalware technologies that the MMPC supports. The two new papers are:

You can also read the results of the extensive insight and intelligence that the MMPC has developed in our recently released Qakbot MMPC Threat Report and the brand new Security Intelligence Report Special Edition about the Rustock takedown.

— MMPC

Categories: MMPC, SIR, whitepapers, Win32/Qakbot Tags:

Windows BitLocker Claims

December 7th, 2009 Comments off

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker.

I’ve seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that “breaks” BitLocker. One claim is from a product that “allows bypassing BitLocker encryption for seized computers.” This claim is for a forensics product and has legitimate uses; however, to say it “breaks” BitLocker is a bit of a misnomer. The tool “recovers encryption keys for hard drives” which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker’s best practices guidance. The product, like others used legitimately for data recovery and digital forensics analysis, requires “a physical memory image file of the target computer” to extract the encryption keys for a BitLocker disk.  Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer’s memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA).

Another report discusses targeted attack vectors where the attacker must gain physical access to the computer, multiple times I might add. This research is similar to other published attacks where the owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with this computer. This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker’s multi-authentication configurations, an attacker could spoof the pre-OS collection of the user’s PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user’s PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user’s PIN and complete the attack scheme. These sorts of targeted threats are not new and are something we’ve addressed in the past; in 2006 we discussed similar attacks, where we’ve been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks.

Our customers are confronted with a wide spectrum of data security threats that are specific to their environment and we work hard to provide capabilities and information to help the customer achieve the right balance of security, manageability, and ease-of-use for their specific circumstances. BitLocker is an effective solution to help safeguard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs.  Like most full volume encryption products on the market, BitLocker uses a key-in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use.  Also like other encryption products, a determined adversary has significant advantages when they have physical access to a computer.

We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer.

Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops.  Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution.  IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles.

Windows BitLocker Claims

December 7th, 2009 No comments

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker.

I’ve seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that “breaks” BitLocker. One claim is from a product that “allows bypassing BitLocker encryption for seized computers.” This claim is for a forensics product and has legitimate uses; however, to say it “breaks” BitLocker is a bit of a misnomer. The tool “recovers encryption keys for hard drives” which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker’s best practices guidance. The product, like others used legitimately for data recovery and digital forensics analysis, requires “a physical memory image file of the target computer” to extract the encryption keys for a BitLocker disk.  Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer’s memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA).

Another report discusses targeted attack vectors where the attacker must gain physical access to the computer, multiple times I might add. This research is similar to other published attacks where the owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with this computer. This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker’s multi-authentication configurations, an attacker could spoof the pre-OS collection of the user’s PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user’s PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user’s PIN and complete the attack scheme. These sorts of targeted threats are not new and are something we’ve addressed in the past; in 2006 we discussed similar attacks, where we’ve been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks.

Our customers are confronted with a wide spectrum of data security threats that are specific to their environment and we work hard to provide capabilities and information to help the customer achieve the right balance of security, manageability, and ease-of-use for their specific circumstances. BitLocker is an effective solution to help safeguard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs.  Like most full volume encryption products on the market, BitLocker uses a key-in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use.  Also like other encryption products, a determined adversary has significant advantages when they have physical access to a computer.

We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer.

Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops.  Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution.  IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles.

Windows BitLocker Claims

December 7th, 2009 No comments

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker.

I’ve seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that “breaks” BitLocker. One claim is from a product that “allows bypassing BitLocker encryption for seized computers.” This claim is for a forensics product and has legitimate uses; however, to say it “breaks” BitLocker is a bit of a misnomer. The tool “recovers encryption keys for hard drives” which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker’s best practices guidance. The product, like others used legitimately for data recovery and digital forensics analysis, requires “a physical memory image file of the target computer” to extract the encryption keys for a BitLocker disk.  Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer’s memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA).

Another report discusses targeted attack vectors where the attacker must gain physical access to the computer, multiple times I might add. This research is similar to other published attacks where the owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with this computer. This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker’s multi-authentication configurations, an attacker could spoof the pre-OS collection of the user’s PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user’s PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user’s PIN and complete the attack scheme. These sorts of targeted threats are not new and are something we’ve addressed in the past; in 2006 we discussed similar attacks, where we’ve been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks.

Our customers are confronted with a wide spectrum of data security threats that are specific to their environment and we work hard to provide capabilities and information to help the customer achieve the right balance of security, manageability, and ease-of-use for their specific circumstances. BitLocker is an effective solution to help safeguard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs.  Like most full volume encryption products on the market, BitLocker uses a key-in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use.  Also like other encryption products, a determined adversary has significant advantages when they have physical access to a computer.

We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer.

Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops.  Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution.  IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles.

New Microsoft Security Intelligence Report Released

November 2nd, 2009 Comments off

Volume seven of the Microsoft Security Intelligence Report (SIRv7) – part of Microsoft’s  commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments – was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany’s infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats?  Japan’s infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware! 

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.

New Microsoft Security Intelligence Report Released

November 2nd, 2009 No comments

Volume seven of the Microsoft Security Intelligence Report (SIRv7) – part of Microsoft’s  commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments – was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany’s infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats?  Japan’s infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware! 

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.