Topic: Microsoft Security Intelligence Report Fact Sheet

[Amker]

The Microsoft Security Intelligence Report provides customers and partners with a comprehensive understanding of the types of threats Windows customers face today so they can take appropriate action to help ensure they are better protected.Related Links
Microsoft Resources:•   
Security Central
•   
Security at Home
•   
Windows XP Security Software Providers

Virtual Pressrooms:•   
Security and Privacy Newsroom

April 2007

The Microsoft® Security Intelligence Report provides customers and partners with a comprehensive understanding of the types of threats Windows® customers face today so they can take appropriate action to help ensure they are better protected. The report highlights trends observed over the past several years, leveraging data collected by Microsoft between July 1 and Dec. 31, 2006, from numerous sources including Microsoft’s Malicious Software Removal Tool (MSRT) and Windows Defender. These two technologies currently have the largest user bases of customer-focused Microsoft security solutions and services. The MSRT has a user base of more than 310 million unique computers; during the second half of 2006 the tool was executed 1.8 billion times. Windows Defender has more than 18 million active customers. Together, these two technologies provide Microsoft with the highest volume of data on the prevalence of malicious and potentially unwanted software.

A summary of highlights based on the findings follows. The full report is available at http://go.microsoft.com/fwlink/?LinkID=88436&clcid=0x409.

Further information about Microsoft’s anti-malware efforts is available, at http://www.microsoft.com/security/default.mspx.

Software Vulnerabilities •   
It is more important than ever that customers make sure their systems have the latest security updates. The number of responsibly disclosed vulnerabilities increased 41 percent in 2006 over the previous year. More vulnerabilities were disclosed in the second half of 2006 than in any single year between 2000 and 2004.
•   
Threats continue to evolve. Compared with previous years, 2006 saw the disclosure of a much larger percentage of vulnerabilities that are considered more difficult to find due to the level of complexity required to exploit them.
•   
Researchers are developing better tools, finding complex and harder-to-find issues, and expanding their focus by targeting applications and using tools and techniques such as file format “fuzzing” that were not the focus of research two years ago.

Malicious Software •   
The MSRT has been an effective tool for removing prevalent malicious software from Windows-based computers around the world. In 2006, for 75 percent of the 12 types of malware detected and removed by MSRT, the number of cleaned computers dropped by a range of 33 percent to 70 percent. This decrease can be attributed to the fact that computers running the MSRT also run Windows Update and therefore are less likely to be reinfected with malware that leverages vulnerabilities to enter the system.
•   
The number of malicious software variants remained steady through the second half of 2006 compared with the first half of that year. Backdoor trojans remained the most active type of malicious software, and bots were still the most active within that group.
•   
The second half of 2006 saw an increase in trojan downloaders and droppers, which use social engineering tactics, that is, techniques that manipulate users into taking action or divulging confidential information that allows their system to be infected and compromised. Protecting one’s PC requires understanding risks, having clear guidance for more safe online behavior, and using technology where it can help. In an effort to help customers learn more about social engineering and how to help protect themselves, Microsoft offers online resources at http://www.microsoft.com/athome/security/email/socialengineering.mspx.

Potentially Unwanted Software •   
Windows Defender identifies potentially unwanted software based on specific behaviors, and it classifies the software by category, such as adware or browser modifier. The largest increase in detections by Windows Defender occurred in the categories that pose the greatest impact on individuals’ privacy and security. This indicates that malicious attackers are increasingly relying on ways to gain control of customers’ systems in an effort to access personal and financial information.
•   
The top 25 potentially unwanted programs, ranked by the frequency in which the software is removed using Windows Defender, accounted for more than 56 percent of all removals from July through December 2006. This indicates that a small number of parties are responsible for the majority of potentially unwanted software programs that Windows Defender removes.
•   
Windows Defender detected more than 38 million pieces of potentially unwanted software between July 1 and Dec. 31, 2006. Since its release in Japan on Oct. 23, 2006, Windows Defender has been downloaded more than 1 million times.

Call to Action

Threats to businesses and consumers continue to evolve, as evidenced by Microsoft’s analysis of the threat landscape. To help protect customers against the changing threats, Microsoft highly recommends that they all perform the following preventative steps:•   
Check for and apply software updates on an ongoing basis, including updates provided for third-party applications. Windows Vista™, Windows XP and Windows 2000 Service Pack 2 customers can enable Automatic Updates to help ensure that computers stay up to date with critical operating system and application updates from Microsoft.
•   
Enable a firewall, such as the Windows Firewall in Windows Vista or Windows XP Service Pack 2.
•   
Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software. Microsoft offers the currently available Windows Live™ OneCare™ for individuals and the upcoming Microsoft Forefront™ Client Security for businesses. Other anti-virus and anti-spyware products are available at http://www.microsoft.com/athome/security/viruses/wsc/en-us/flist.mspx.

Microsoft, Windows, Windows Vista, Windows Live, OneCare and Forefront are trademarks of the Microsoft group of companies.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.