Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

May, 2012

  • Windows 8 Release Preview Available for Download

    Today on the Building Windows 8 blog , Microsoft announced the availability of the Windows 8 Release Preview . (Read the press release here .) There are a couple of things to note that are of note to us here in the land of Trustworthy Computing: New Family Safety features and enriched privacy and security controls when browsing online , including Do Not Track capabilities being turned on by default with Internet Explorer 10; IE10 is also the first browser to enable Do Not Track “on”...
  • Trust in Computing Research: 6: Consumerization of IT (Audience Breakdown)

    This blog post is part of a continuing series on the Trust in Computing Research , a survey we undertook across nine countries and thousands of individuals during a project called TwC Next . During the process, more questions than answers arose in discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This blog post specifically looks at the questions we asked about devices and the concept of consumerization...
  • Webcast: Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution

    For those of you that joined us at RSA this year in San Francisco, you may have taken in the session presented by Jeff Jones and Tim Rains on 10 Years of Tech, Researchers and Threat Evolution. The great news is that Tim and Jeff have delivered a webcast of the session, which you can find here . Jeff and Tim followed up with a series of blog posts delving in to more detail: Trustworthy Computing: Learning About Threats for Over 10 Years - Part 1 Trustworthy Computing: Learning About Threats for Over...
  • Cybersecurity Norms for a Secure Cyber-Future

    I’m pleased today to introduce a guest blog post by Jan Neutze, a senior global security strategist on my team who focuses on cybersecurity norms and Internet governance. Jan is speaking today at the Atlantic Council of the United States and shares insights on ways to build a more secure cyber future by advancing international collaboration on cybersecurity. This week Microsoft’s Global Security Strategy and Diplomacy (GSSD) team is partnering with the Atlantic Council of the United...
  • Behind the Charts – Scrubbing the Vulnerability Data

    In The Evolution of Malware and the Threat Landscape , the Special Edition Security Intelligence Report that we released at RSA and other Security Intelligence Reports (SIR), my starting primary source is the National Vulnerability Database ( http://nvd.nist.gov ) that is maintained by the National Institute of Standards (NIST) team under sponsorship from DHS. I frequently get questions though, since my charts don’t necessarily match up to a simple comparison with the raw data from the NVD...
  • Webcast of “Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution”

    [NOTE: The time was originally listed as 10:30am, but it starts at 11:00am] Tim Rains and I will be presenting in a live webcast this morning ( 5/23 @11:00am PST ) on the topic “ Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution .” The session was presented at the RSA USA 2012 Conference this year was well rated, so RSA has asked us to deliver the session again via a live public webcast.  The session is based on the Special Edition Security Intelligence Report that we released...
  • Weekly Roundup: May 18, 2012 – Smartphone Security, Cyber Threat Trends and the Importance of Secure Development

    Trending Security News Security news stories this week focused on smartphone security and GPS tracking; our Security Development Conference in DC; and a report on security technology trends with a few stories also covering malware stats and cyber-attacks. Here are the security news stories and two blog picks we read this week. In the News What a DDoS Can Cost – Dark Reading Your laptop could come under attack at NATO, experts warn – Chicago Sun-Times Smartphone security is heading...
  • Operating System Infection Rates - Slight Change in the Trend

    Since releasing the new Microsoft Security Intelligence Report (SIR volume 12) a few weeks ago, one of the top questions I have been asked is about the new malware infection rate data for Windows operating systems.

    Why is Windows XP Service Pack 3’s malware infection rate lower than that of Windows Vista SP1?

    There are likely several factors contributing to this trend, but I’ll try to provide an educated guess on some of the contributing factors.

    Malware that used Autorun feature abuse to infect systems were especially successful on Windows XP based systems.  About a year ago I wrote an article called Defending Against Autorun Attacks in which I outlined what Microsoft was doing to fight these threats and shared some of the preliminary results of these efforts.  To summarize, Microsoft released security updates for Windows XP and Windows Vista that hardened the Autorun feature on these platforms the same way it is hardened on Windows 7 by default.  Shortly after this security update was released we could see a precipitous decrease of Autorun related malware infections on Windows XP and Windows Vista systems. 

  • Scareware: Don’t Let Scammers Scare You

    Scareware, also known as fake anti-virus software, has become one of the most common methods computer hackers use to swindle your money. If you have had a security alert icon pop up on your computer, you may have been the victim of scareware. In a recent TV interview , I discuss how scareware programs usually look and feel just like legitimate security programs. The scareware will claim to have detected a large number of nonexistent threats on your computer and then urge you to pay for the “full...
  • Trust in Computing Research : 5 : Consumerization of IT

    As you may have read in the introduction Bruce and I posted to kick off this series, we undertook the Trust in Computing Research after coming up with more questions than answers during a project called TwC Next which marked the 10-year milestone of Microsoft Trustworthy Computing. The questions in the survey arose during interesting discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This is the part...