Since releasing the new Microsoft Security Intelligence Report Volume 12 (SIRv12) a few weeks ago, one of the top questions I have been asked is about the new malware infection rate data for Windows operating systems. Figure 1: Infection rate (CCM) by operating system and service pack in the fourth...

Scareware, also known as fake anti-virus software, has become one of the most common methods computer hackers use to swindle your money. If you have had a security alert icon pop up on your computer, you may have been the victim of scareware. In a recent TV interview , I discuss how scareware programs...

Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes: Latest industry vulnerability disclosure trends and analysis Latest data and analysis of global vulnerability...

In this series of articles, we have been looking at some of the ways that the threat landscape has evolved over the past decade. In this final article in the series I discuss software servicing, or the art and science of effectively and efficiently keeping software up to date. What File Versions are...

Trending Security News This week at the RSA U.S. 2012 Conference in San Francisco, IT security executives, government leaders and security researchers and hackers gathered together for keynotes and sessions covering a range of topics impacting the industry today. Security experts shared the latest trends...

The threat landscape in India has turned out to be more active than initially suspected. India has had a relatively low malware infection rate for some time, which seemed subdued for a region that has such a large high tech industry. But with the new data we recently released in the latest Microsoft...

In a recent post, called The Curious Case of Qatar , I discuss how Qatar has the highest regional infection rate that we have ever reported. Prior to this the Republic of Korea had the highest malware infection rate in the world; back in July of this year I wrote about how the threat landscape in Korea...

In part one of this two-part series, I focused on how drive-by download attacks work. These attacks can be complicated because they can use multiple levels of redirection enabling components of an attack to be hosted on compromised systems in different parts of the world. Despite the relative sophistication...

My last blog post focused on Java exploits and the need to keep all software up to date. Since writing that article I have received some questions from customers asking for more details on how attackers are using such vulnerabilities to compromise systems. Subsequently, this two-part blog post is dedicated...

Recently I was prompted to update Java components that are installed on one of the personal computers I have at home. As the installation wizard walked me through the steps to install the update, I was reminded how ubiquitous Java is. Figure: The Java update installer that ran on my personal computer...

Today, the Microsoft Security Response Center released three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment: MS11-015 . This bulletin resolves one Critical-level and one...

I do my work as standard user on Windows 7, just as I did with Windows Vista.  It is not a burden.  When I need to do an admin task, I put on my “admin” hat by switching to my admin account specifically and doing my admin thing and then logging off.  I don’t browse, I don’t download stuff...

Summaries from previous months: Jan09 Security Bulletin SDL Benefit Summary When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats on that.  This year, I decided to try and...

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just...

I converted my office fileserver to Windows Server 2008 (WS2008) a while back and I've never been happier - WS2008 is my favorite product ever. Nicely modular, pretty much everything turned off by default and some great tools for enabling just the components your need for a particular role. There is...

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present...

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Red Hat Enterprise Linux Desktop (v. 5 client) Red...

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Windows Vista and Microsoft Windows XP SP2...

I was excited when Dr. Crispin Cowan joined the company a while back - what security person wouldn't be! As one of the key drivers behind StackGuard , Linux Security Modules and co-founder of Immunix, which produced AppArmor - few people are as qualified as Dr. Cowan to talk about security features and...

Today is Launch Day for 3 big products from Microsoft - Windows Server 2008, Visual Studio 2008 and SQL Server 2008. Click on the image to learn more general information and participate in the virtual launch. I want to briefly salute some of the security improvement represented by these products. This...

The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir - this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results, and so on. As one of the primary authors for...

Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging. I gave up for now, but will try to add them...

I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things. Six months is a much more interesting time frame than the previous Windows Vista - 90 Day Vulnerability Report , and gives...

As a follow-up to my previous Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows , where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris, I've also completed a look at the latest client products that were available for the full year of 2006 (this means Novell NLD9 instead...

Among the other metrics that I track, I also periodically look at days-of-risk, or the average amount of time that customers are exposed to public vulnerabilities before a vendor provides a patch. You can take a look at the full findings on Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows...