Archive for the ‘AppLocker’ Category

Update on the Zbot spot!

October 31st, 2011 No comments

Hello Internet!

I’m back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October’s MSRT (and beyond), which means we are now in a position to provide additional information.

As I mentioned in the previous blog post, the purpose of our special Zbot September update was to glean an insight into the effectiveness of MSRT against this prolific threat. Couple that with a focus on the Zbot family and, suffice it to say, we’re pretty happy with our findings and results!

And now, onto the numbers!

Historically, and prior to the September 2011 release, MSRT consistently detected about 90% of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand, which we can attribute the increase to additional technology added to MSRT for just such an occasion.

For October so far, we’ve removed Zbot from over 88,000 computers and we expect that number to grow to around 100,000 – again, a very good result from MSRT, illustrated in the chart below that lists October 2011 MSRT data:


MSRT Family
Threat Reports
Machines Detected


These increased numbers are also likely a result of new functionality we’ve seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it’s not very surprising we’re seeing it now – but is surprising we hadn’t seen it before now. Regarding autorun, Microsoft released a security update in February of 2011 that changed its default behavior – the result was an overall decline in threats utilizing autorun as a spreading mechanism. There is a Microsoft Knowledge Base article that discusses how to disable autorun in Windows, here.

October 25th marked the tenth anniversary of the release of Windows XP.  And what a difference a decade makes! Consumers should upgrade to the newest operating system version in order to take advantage of enhanced security features of Windows 7 including AppLocker, User Account Control (UAC), Data Execution Prevention (DEP) and Structured Exception Handling Overwrite Protection (SEHOP). The recently released Microsoft Security Intelligence Report volume 11 shows that the latest Windows 7, 32-bit OS is six times less likely to become infected than the comparable Windows XP SP3.

And finally a reminder, MSRT isn’t a replacement for a full antivirus solution. You’re already infected when MSRT detects malware – using a security application with real-time protection can help prevent you from becoming infected in the first place.


Matt McCormack
MMPC Melbourne

The Get On The Bus tour is coming and we’re bringing some free SWAG!

April 27th, 2010 No comments

The Get On The Bus tour is coming and we’re bringing some free SWAG!

We are giving away 50 copies of Windows 7 Ultimate for the first 50 Get On the Bus event attendees through the door at EVERY STOP! Don’t miss your chance to win a copy of Microsoft’s newest software offering plus some chances at some other great swag so hurry and register today at

What is the “Get On The Bus Tour”? Well, it’s where Microsoft comes to you. We are coming to the East Coast May 21-June 4! Come spend some time with us as we travel the East Coast for a deep dive into Windows 7 and Office 2010, along with a specific path on how to get certified. Learn why Windows 7 has received rave reviews from IT organizations and why so many IT Pros are excited about Office 2010. We will show you best practices for deploying Windows 7 and how to keep it running efficiently after deployment. We will also take a tour through all of the Office 2010 features from an IT Professional’s point of view. Registration is free but limited at .

For the latest updates follow us on Twitter @thebustour


To receive your free copy of Windows 7 Ultimate, be one of the first 50 people who are US residents (includes D of C) or Canada 18+ to arrive at a Microsoft Get On the Bus Tour afternoon event.  50 copies of the software title are available. Limit one gift per person.  This offer is non-transferable and cannot be combined with any other offer.  This offer ends on June 4, 2010 while supplies last, and is not redeemable for cash.  Taxes, if any, are the sole responsibility of the recipient.  There is no shipment of your gift – all gifts will be distributed onsite.

AppLocker: Direct from RSA

April 22nd, 2009 No comments

The buzz at RSA around Windows 7 has been tremendous.

Yesterday, in his keynote, Scott Charney (Corporate VP Trustworthy Computing) talked about AppLocker and how it helps ensure that only known, trusted software is run within an organization’s desktop environment. Shortly after the keynote, I ran into Marcelo Birnbach – a Senior Program Manager in the Windows Security Technologies organization and works on AppLocker – on the expo floor. Since he’s an expert, we thought we would ask him for his perspective on AppLocker in Windows 7.

Marcelo Birnbach talks about Windows 7’s AppLocker Feature

And since Marcelo is originally from Argentina, we also asked him to share his thoughts in Spanish.

Marcelo Birnbach talks about Windows 7’s AppLocker Feature [Spanish Version]

Categories: AppLocker, RSA, Windows 7, Windows Security Tags: