Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.
What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. Read more.
In July, we kicked off a blog series focused on "Microsoft's Free Security Tools." The series highlights free security tools that Microsoft provides to help make IT professionals' and developers' lives easier. A good tool can save a lot of work and time for those people responsible for developing and managing software. In the series we discuss many of the benefits each tool can provide and include step by step guidance on how to use each. Below is a summary of the tools covered in the series and a brief overview of each.
This article in our series focused on Microsoft’s free security tools is on a tool called Windows Defender Offline. Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC. Once on a PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.
Today we released the fourth annual Microsoft Security Response Center (MSRC) Progress Report. This report highlights advancements in various Microsoft information sharing initiatives that foster deeper industry collaboration, increase community-based defenses, and better protect customers.
This article in our series focused on Microsoft’s free security tools is on a tool called the Microsoft Safety Scanner. The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy-to-use and packaged with the latest signatures, updated multiple times daily. The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly. If the antimalware program you are running regularly becomes disabled without your knowledge you may have malware or rogue security software on your system. Running the Microsoft Safety Scanner can help detect and remove malware or potentially unwanted software that may be disabling your real time antimalware software.
Yesterday we released the latest volume of the Microsoft Security Intelligence Report. Among the ~800 pages of new threat intelligence is a new study that attempts to quantify the benefit of running up-to-date anti-virus (AV) software. The study leveraged data from over a billion systems worldwide and it turns out that systems that do not have up-to-date AV are 5.5 times more likely to be infected with malware than systems that are protected. It’s also noteworthy that almost 270 million systems worldwide did not have up-to-date AV installed in the second half of 2012; many people that could be benefiting from the protection that AV offers, are not.
Didn’t we already know this?While it might seem like common sense that AV software is a good thing to have, I think much of the evidence I have seen to support this notion has mostly been anecdotal. I have attended and spoken at numerous security industry conferences over the past couple of years where I have heard more and more industry security experts question the efficacy of AV. The typical argument against AV is the erroneous assumption that since it can’t block or detect 100% of threats, including some of the high-profile targeted attacks that have been reported over the last few years, then it’s entirely worthless and not worth running.
To me, this point of view seems less than pragmatic as part of the challenge the industry has is to protect the billions of devices that are now continuously connected to the Internet from the flood of new threats that continually emerge. Since both the number of connected devices and the number of threats will only increase in the future, how to scale protections will always be important. More and more attackers are using automation and sophisticated techniques like server-side polymorphism to generate massive numbers of threats; Figure 1 below illustrates the estimated growth of malware since 1991 and Figure 2 shows 29,451,883 computers had detections/removals of malware in the ten most active countries in the 90 days of the fourth quarter of 2012 alone. In this type of environment AV is becoming more important, not less important. Read more.
For many years attackers have used rogue security software, also known as fake antivirus software or “scareware”, to fool computer users into installing malware and/or divulge confidential information. These programs typically mimic the general look and feel of legitimate security software programs and claim to detect a large number of nonexistent threats while urging users to pay for the “full version” of the software to remove the threats. Attackers typically install rogue security software programs through exploits or other malware, or use social engineering to trick users into believing the programs are legitimate and useful. Some versions emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves (some examples of this below).
Author: Matt Thomlinson, General Manager, Trustworthy Computing
Targeted attacks by determined adversaries (also known as Advanced Persistent Threats or APTs) have been a hot topic recently. Although targeted attacks continue to make up a small fraction of the attacks we see today, reports of attacks targeting organizations and governments have attracted a lot of attention. We know that one of the first things determined adversaries do if they are able to successfully compromise their target organization’s network is to try to compromise the organization’s directory services. The reason is clear: a directory service contains the credentials that users, administrators and systems use to authenticate to the network and get access to the organization’s resources. If the attackers can get access to all these credentials, they can get access to more resources on the network.