This blog post is part of a continuing series on the Trust in Computing Research , a survey we undertook across nine countries and thousands of individuals during a project called TwC Next . During the process, more questions than answers arose in discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This blog post specifically looks at the questions we asked about devices and the concept of consumerization...

For those of you that joined us at RSA this year in San Francisco, you may have taken in the session presented by Jeff Jones and Tim Rains on 10 Years of Tech, Researchers and Threat Evolution. The great news is that Tim and Jeff have delivered a webcast of the session, which you can find here . Jeff and Tim followed up with a series of blog posts delving in to more detail: Trustworthy Computing: Learning About Threats for Over 10 Years - Part 1 Trustworthy Computing: Learning About Threats for Over...

I’m pleased today to introduce a guest blog post by Jan Neutze, a senior global security strategist on my team who focuses on cybersecurity norms and Internet governance. Jan is speaking today at the Atlantic Council of the United States and shares insights on ways to build a more secure cyber future by advancing international collaboration on cybersecurity. This week Microsoft’s Global Security Strategy and Diplomacy (GSSD) team is partnering with the Atlantic Council of the United...

In The Evolution of Malware and the Threat Landscape , the Special Edition Security Intelligence Report that we released at RSA and other Security Intelligence Reports (SIR), my starting primary source is the National Vulnerability Database ( http://nvd.nist.gov ) that is maintained by the National Institute of Standards (NIST) team under sponsorship from DHS. I frequently get questions though, since my charts don’t necessarily match up to a simple comparison with the raw data from the NVD...

[NOTE: The time was originally listed as 10:30am, but it starts at 11:00am] Tim Rains and I will be presenting in a live webcast this morning ( 5/23 @11:00am PST ) on the topic “ Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution .” The session was presented at the RSA USA 2012 Conference this year was well rated, so RSA has asked us to deliver the session again via a live public webcast.  The session is based on the Special Edition Security Intelligence Report that we released...

Trending Security News Security news stories this week focused on smartphone security and GPS tracking; our Security Development Conference in DC; and a report on security technology trends with a few stories also covering malware stats and cyber-attacks. Here are the security news stories and two blog picks we read this week. In the News What a DDoS Can Cost – Dark Reading Your laptop could come under attack at NATO, experts warn – Chicago Sun-Times Smartphone security is heading...

Since releasing the new Microsoft Security Intelligence Report (SIR volume 12) a few weeks ago, one of the top questions I have been asked is about the new malware infection rate data for Windows operating systems.

Why is Windows XP Service Pack 3’s malware infection rate lower than that of Windows Vista SP1?

There are likely several factors contributing to this trend, but I’ll try to provide an educated guess on some of the contributing factors.

Malware that used Autorun feature abuse to infect systems were especially successful on Windows XP based systems.  About a year ago I wrote an article called Defending Against Autorun Attacks in which I outlined what Microsoft was doing to fight these threats and shared some of the preliminary results of these efforts.  To summarize, Microsoft released security updates for Windows XP and Windows Vista that hardened the Autorun feature on these platforms the same way it is hardened on Windows 7 by default.  Shortly after this security update was released we could see a precipitous decrease of Autorun related malware infections on Windows XP and Windows Vista systems. 

...

Scareware, also known as fake anti-virus software, has become one of the most common methods computer hackers use to swindle your money. If you have had a security alert icon pop up on your computer, you may have been the victim of scareware. In a recent TV interview , I discuss how scareware programs usually look and feel just like legitimate security programs. The scareware will claim to have detected a large number of nonexistent threats on your computer and then urge you to pay for the “full...

As you may have read in the introduction Bruce and I posted to kick off this series, we undertook the Trust in Computing Research after coming up with more questions than answers during a project called TwC Next which marked the 10-year milestone of Microsoft Trustworthy Computing. The questions in the survey arose during interesting discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This is the part...

Trending Security News Security news stories this week continue to validate the importance of cybersecurity skills in the marketplace and FEMA released a new National Preparedness Report providing insights on the state of national critical infrastructure protection. Here are some of the security news stories and a blog pick this week. In the News Hottest IT Skill? Cybersecurity – PCWorld Cyber security is hottest IT skill – InfoWorld Microsoft Security Essentials 4.0 – PC Magazine...