Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

January, 2013

  • Microsoft’s Free Security Tools – Microsoft Security Compliance Manager Tool (SCM)

    This article in our free security tools series focuses on the benefits of the Microsoft Security Compliance Manager tool (SCM).  One of the most important tools for managing and securing Windows environments is Group Policy.  Group Policy is often used in enterprise environments to help control what users can and cannot do on a computer system.  IT Professionals typically leverage Group Policy for a number of reasons but one of its primary benefits is to help manage security for groups of systems and reduce support costs.  While the value of Group Policy is clear, maximizing its potential can sometimes be a daunting task.  To help ease the management process for Group Policy, Microsoft released a free tool called the Microsoft Security Compliance Manager (SCM). 

  • Microsoft’s Free Security Tools – URLScan Security Tool

    This article in our free security tools series focuses on the benefits of the URLScan Security Tool.  Attackers often use websites to conduct phishing attacks or distribute malware.  According to the Microsoft Security Intelligence Report Volume 13, there were 4.4 phishing sites per 1,000 Internet hosts worldwide in the second quarter of 2012 (2Q12) alone.  Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have in them.

  • Real vs. Rogue Security Software – Can You Tell The Difference?

    For many years attackers have used rogue security software, also known as fake antivirus software or “scareware”, to fool computer users into installing malware and/or divulge confidential information.  These programs typically mimic the general look and feel of legitimate security software programs and claim to detect a large number of nonexistent threats while urging users to pay for the “full version” of the software to remove the threats.  Attackers typically install rogue security software programs through exploits or other malware, or use social engineering to trick users into believing the programs are legitimate and useful. Some versions emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves (some examples of this below).

  • Korea’s Malware Infection Rate Increases Six-fold in Six Months

    I have written about the threat landscape in Korea a few times in the past as it has been one of the most active threat landscapes in the world for some time:

    Data from the Microsoft Security Intelligence Report volume 13 indicates that Korea’s malware infection rate (Computers Cleaned per Mille or CCM) increased 6.3 times during the first half of 2012. During this period the number of systems cleaned per 1,000 systems scanned by the Microsoft Malicious Software Removal Tool (MSRT) in Korea increased from 11.1 in the fourth quarter of 2011 (4Q11) to 70.4 in the second quarter (2Q12) of 2012.  At the end of the first half of 2012 Korea had the highest malware infection rate ever published in the Microsoft Security Intelligence Report, ten times the worldwide average infection rate.

  • Microsoft's Free Security Tools - Microsoft Assessment and Planning (MAP) Toolkit

    This article in our free security tools series focuses on the benefits of the Microsoft Assessment and Planning Toolkit.  If you are an IT Professional then you know platform migrations can be a daunting task.  Depending on your organization’s size, complexity and maturity, simply understanding your organization’s IT state and migration potential can take hours, days and sometimes even months.  To help ease the migration process, Microsoft has created the Microsoft Assessment and Planning (MAP) Toolkit.  The MAP Toolkit is a powerful inventory, assessment and reporting tool that can securely assess IT environments for various platform migrations.   The toolkit is designed to run in any organization regardless of size and is effective at helping to accelerate PC, server, database and cloud migration planning across heterogeneous environments.  It also provides tailored assessment proposals and recommendations, and helps gain efficiencies through multiple technology migration assessments with a single tool. 

  • Operating System Infection Rates: The Most Common Malware Families on Each Platform

    In my last article on operating system infection rates I discussed the malware infection rate trends for operating systems and service packs.  Many customers ask me about this data because it helps them understand how specific platforms are performing with regard to mitigating attacks over time.  The long term trend indicates that newer operating systems and service packs have lower malware infection rates than older software. 

    The security professionals I talk to are also interested in learning about the specific families of threats that are detected most often on the platform(s) they operate in their environment.  This data helps customers defend against the most common attacks on the specific platform(s) they use in their environment.  This is especially true given that exploit activity has been so high over the past year.

  • Compliance Series: Software and Service Security and PCI DSS/PA-DSS

    This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the financial sector’s Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS).

    PCI DSS is an industry-accepted information security standard authored and approved by the PCI Security Standards Council (PCI SSC). It applies to organizations operating within the United States that handle cardholder information for the major debit, credit, pre-paid, e-purse, Automated Telling Machine (ATM) and Point of Sale (POS) cards. The standard was created to increase controls around cardholder data to help reduce credit card fraud.

  • The Threat Landscape in Pakistan: One of the Most Active in the World

    One location I haven’t written about in the past is Pakistan.  This is one region where the malware infection rate increased substantially when we changed the method we use to locate systems reporting malware infections (as seen in Figure 1). Prior to 2011, the Microsoft Malware Protection Center used the administrator-specified setting under the Location tab or menu in Region and Language in the Windows Control Panel to determine the location of a system reporting an infection.  Starting in volume 11 of the Microsoft Security Intelligence Report, location was primarily determined by geolocation of the IP address used by the computer submitting the telemetry data. If you are interested in the details, you can read all about this change in an article we published previously: Determining the Geolocation of Systems Infected with Malware.

  • Compliance Series: Microsoft SDL Helps Orgs Meet HIPAA Standards

    This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

    HIPAA is legislation which affects organizations operating in the United States who provide health insurance coverage for workers and their families. The Act also defines policies, procedures and guidelines for protecting the privacy and security of individually identifiable health information through a series of rules. One of these rules is the Security Rule which deals specifically with standards for the handling and storage of Electronic Protected Health Information (EPHI).

  • Deploying Highly Available and Secure Cloud Solutions

    As I’ve written previously, three key objectives of information security are to maintain the confidentiality, integrity and availability of an organization’s information. With many organizations adopting cloud services, more and more of the security professionals I have been talking to lately have been interested in topics related to reliability and availability.

    Reliability is ultimately about customer satisfaction, which means that managing reliability is a more nuanced challenge than simply measuring uptime. For example, customer satisfaction will be low for a service that never goes down, but that is really slow or difficult to use.
    At a high level, each cloud session consists of a cloud consumer using a computing device to connect to a cloud-based service that is hosted by an internal or external cloud provider. When planning for a highly available cloud service, it’s important to consider the expectations and responsibilities of each of these parties. In planning, organizations need to acknowledge the real-world limitations of technology, and recognize that failures can and will occur. They can then use good design to isolate and repair service failures quickly to avoid or minimize impact of the service’s availability to users.