Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
For many years attackers have used rogue security software, also known as fake antivirus software or “scareware”, to fool computer users into installing malware and/or divulge confidential information. These programs typically mimic the general look and feel of legitimate security software programs and claim to detect a large number of nonexistent threats while urging users to pay for the “full version” of the software to remove the threats. Attackers typically install rogue security software programs through exploits or other malware, or use social engineering to trick users into believing the programs are legitimate and useful. Some versions emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves (some examples of this below).
In my last article on operating system infection rates I discussed the malware infection rate trends for operating systems and service packs. Many customers ask me about this data because it helps them understand how specific platforms are performing with regard to mitigating attacks over time. The long term trend indicates that newer operating systems and service packs have lower malware infection rates than older software.
The security professionals I talk to are also interested in learning about the specific families of threats that are detected most often on the platform(s) they operate in their environment. This data helps customers defend against the most common attacks on the specific platform(s) they use in their environment. This is especially true given that exploit activity has been so high over the past year.
This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
HIPAA is legislation which affects organizations operating in the United States who provide health insurance coverage for workers and their families. The Act also defines policies, procedures and guidelines for protecting the privacy and security of individually identifiable health information through a series of rules. One of these rules is the Security Rule which deals specifically with standards for the handling and storage of Electronic Protected Health Information (EPHI).
This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the financial sector’s Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS).
PCI DSS is an industry-accepted information security standard authored and approved by the PCI Security Standards Council (PCI SSC). It applies to organizations operating within the United States that handle cardholder information for the major debit, credit, pre-paid, e-purse, Automated Telling Machine (ATM) and Point of Sale (POS) cards. The standard was created to increase controls around cardholder data to help reduce credit card fraud.
This article in our free security tools series focuses on the benefits of the Microsoft Security Compliance Manager tool (SCM). One of the most important tools for managing and securing Windows environments is Group Policy. Group Policy is often used in enterprise environments to help control what users can and cannot do on a computer system. IT Professionals typically leverage Group Policy for a number of reasons but one of its primary benefits is to help manage security for groups of systems and reduce support costs. While the value of Group Policy is clear, maximizing its potential can sometimes be a daunting task. To help ease the management process for Group Policy, Microsoft released a free tool called the Microsoft Security Compliance Manager (SCM).
I have written about the threat landscape in Korea a few times in the past as it has been one of the most active threat landscapes in the world for some time:
Data from the Microsoft Security Intelligence Report volume 13 indicates that Korea’s malware infection rate (Computers Cleaned per Mille or CCM) increased 6.3 times during the first half of 2012. During this period the number of systems cleaned per 1,000 systems scanned by the Microsoft Malicious Software Removal Tool (MSRT) in Korea increased from 11.1 in the fourth quarter of 2011 (4Q11) to 70.4 in the second quarter (2Q12) of 2012. At the end of the first half of 2012 Korea had the highest malware infection rate ever published in the Microsoft Security Intelligence Report, ten times the worldwide average infection rate.
This article in our free security tools series focuses on the benefits of the URLScan Security Tool. Attackers often use websites to conduct phishing attacks or distribute malware. According to the Microsoft Security Intelligence Report Volume 13, there were 4.4 phishing sites per 1,000 Internet hosts worldwide in the second quarter of 2012 (2Q12) alone. Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have in them.
One location I haven’t written about in the past is Pakistan. This is one region where the malware infection rate increased substantially when we changed the method we use to locate systems reporting malware infections (as seen in Figure 1). Prior to 2011, the Microsoft Malware Protection Center used the administrator-specified setting under the Location tab or menu in Region and Language in the Windows Control Panel to determine the location of a system reporting an infection. Starting in volume 11 of the Microsoft Security Intelligence Report, location was primarily determined by geolocation of the IP address used by the computer submitting the telemetry data. If you are interested in the details, you can read all about this change in an article we published previously: Determining the Geolocation of Systems Infected with Malware.
We are bringing together the best and brightest security professionals at the second annual Security Development Conference, May 14-15, 2013 at the InterContinental San Francisco Hotel. Join us as we spend two days immersed in content covering the latest in security development techniques and processes that can reduce risk and help protect organizations in this rapidly evolving technology landscape.