Power of Knowledge: Security Intelligence Report v7

It is a good tradition since quite a while that we make the intelligence we have available accessible to the broad public. This will help out customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there in the Internet:

  • Malicious Software Removal Tool (MSRT): runs on 450 million computers worldwide each month.
  • BING: performs billions of Web-page scans per year.
  • Windows Live OneCare and Windows Defender: on 100 million + computers worldwide.
  • Forefront Online Protection for Exchange: scanning billions of emails yearly.
  • Windows Live Hotmail: 30 + countries – hundreds of millions of active e-mail users.

As there is nobody in the industry who is able to match this, we are convinced that it is of outmost importance that we share our intelligence with the broad industry.

Looking at the report itself, there are a few key findings this time:

  • Rogue Security Software is sill one of the biggest threats for our customers. Even though we found less rogue software on computers (13.4 million computers compared to 16.8 million in H208) it is still a significant threat to the ecosystem.
  • Worms are back: Worms rose from the fifth place to the number 2 with a 98.4% increase. This is largely due to Conficker and Tatef.

To visualize the second point, let’s look at the computers cleaned by threat category:

This is a pretty significant spike.

There are a few diagrams I usually like to look at as well. One is the geographical distribution in order to understand my region. So, let’s look at the malware infections globally:
So, you see there is quite some room for improvement. 

Now, to close this very, very short summary of the report, it is definitely worth looking at two additional graphs. One is the malware distribution per Operating System:

This supports a statement I make so often: If I would have one wish to our customers, it would be: “Always stay on the latest version of all the software you have” – not from a business perspective but from a security view. And the second wish would be, cover all your software, when you do patch management. Remember my post called Patch Management – Cover the whole 9 yards? I told you that you should take care of the whole software stack – not “just” Microsoft. And the reason for that is the following diagram:

As you can easily see, our share in the overall vulnerability landscape is very, very small. So, we need a joint effort across the whole industry to write secure software from the bottom up with processes like the Security Development Lifecycle! And guess what – your problem will not become easier to solve when you move to the cloud.

Now, if you want to read the report, here are the important links:

Have fun

Roger

Leave a Reply