You know that we release our Security Intelligence Report twice an year: Today Version 6 is due.

Let me try to give you an overview of the “highlights” of the report from my point of view:

As I wrote in the title and as I blogged about this summer („Scareware“ on the Raise) one if the biggest growing threats we see is what I call “Scareware” or what we call in the report “Rogue Security Software”. I guess you know the feeling of visiting a website which then tells you that you are infected by malware and you should download a piece of software to protect you (or to clean your PC). Here you see a screenshot of how this can look like:

So, we have seen this growing over the last three periods and therefore we decided to feature a focus section on this growing threat.

A standard topic in the report is about vulnerability disclosures. Here you find the chart you are used to if you read our Security Intelligence Report, my blog or heard me talking recently:

So, looking at the chart there is good and bad news:

• The good news is that vulnerability disclosures (industry-wide) is decreasing.
• However, there are still more than 2500 vulnerabilities per 6 months (to be clear again: this is the whole industry, not us)
• And, roughly 52% of all the vulnerabilities where high severity ones!

Looking at Microsoft’s vulnerabilities, this is the picture:

One thing I always mention, when I talk about this: If you are planning your Patch Management processes and you look at the figures above, make sure you cover your whole IT and not “just” Microsoft. In H2 2008 we had roughly 100 vulnerabilities out of 2500! So, think about patching the others as well (see 98% unpatched – and I am one of them :()

There are a few other charts in the report like the percentage of vulnerabilities responsibly disclosed or attacks on applications which I do not want to put in there (there has to be a reason you read the report J). But one thing I want to take up here as it was so important in H2, which is the PDF attacks as this underlines the statement I made above about Patch Management. Look at the exploits by months targeting Adobe Acrobat Reader:

To be crystal clear with the graph above: This is not finger-pointing at Adobe. We were working closely together to address this and for both vulnerabilities there are updates available today. What I wanted to show you is that you have to extend your risk management to applications outside Microsoft.

Another standing set of graphs are world heatmaps. There are three of them in this Security Intelligence Report:

The “classic” malware infection rate based on the Malicious Software Removal Tool:

Even though we changed the way to determine where a computer is based (and therefore last report’s map cannot be compared with this one), EMEA does not look that bad. We have some challenges in the Middle East, Russias and – surprisingly to me – in Spain but the rest looks not great but ok.

But there is more. This time we look at the source of the malware based on infected websites and where they are hosted:

Here we have quite some green spots – which is good. It is interesting to see that Russia and Spain are red again here…

And last but not least the heatmap on where phishing sites are hosted:

If you take a different angle and look at it from a Windows perspective with regards to malware infection, it once more shows the progress we made with the different OSs:

This re-enforces the message I am delivering as often as possible: If I could give you one single advice from security person to security person (I am not measured on quota), this would be “stay on the latest version of your software – everywhere”. This includes Patch Management as well as Lifecycle management. Jus think about every piece of software you have (including embedded systems), think about when it was designed and then think about the threat landscape back then… Do you really have to think twice then?

If you want to hear Vinny Gullotto (General Manager, Microsoft Malware Protection Center) talk about the Security Intelligence Report, you can look at and interview he did with Tim Rains: Vinny and Tim show - SIR Volume 6 .

So, this and much more you can find in our Security Intelligence Report. Download it and have fun!

Roger

I stumbled upon this study today commissioned by Intel and executed by Ponemon. They key findings were:

• The average value of a lost laptop is $49,246. This value is based on seven cost components: replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses.
• What makes a lost laptop costly to a company is the potential for a data breach to occur. In the cases we studied, the occurrence of a data breach represents 80% of the cost.
• The second highest cost component is attributed to intellectual property loss. When the cost of a data breach is removed, intellectual property loss represents 59% of the total cost.
• The faster the company learns that a laptop is lost, the lower the average cost. If a company discovers the loss in the same day, the average cost is $8,950. If it takes more than one week, the average cost rises significantly to approximately $115,849.
• Lost productivity is not a significant cost to companies. When employees have down time due to losing their laptops, it represents only 1% of the total cost.
• While lost laptop costs appear to be correlated to position in an organization, the most senior level respondents do not experience the highest average cost. The average cost of a lost laptop for a senior executive is $28,449 and the highest average costs are for manager and director, $60,781 and $61,040 respectively.

So, protecting the information on your Laptop is fundamental and could significantly reduce the cost of a stolen Laptop – say: Switch on Bitlocker…

The whole study can be found here: Cost of a Lost Laptop: A Study Conducted by the Ponemon Institute

Roger

McAfee just published an interesting report as they are taking a different approach on Spam. They were looking at the environmental impact of Spam. So, how much energy do we have to invest in order to fight spam?

These are the key findings from their report:

• An estimated worldwide total of 62 trillion spam emails were sent in 2008
• Globally, annual spam energy use totals 33 billion kilowatt-hours (KWh), or 33 terawatt hours (TWh). That’s equivalent to the electricity used in 2.4 million homes in the United States, with the same GHG emissions as 3.1 million passenger cars using two billion United States gallons of gasoline.
• Spam filtering saves 135 TWh of electricity per year. That’s like taking 13 million cars off the road
• If every inbox were protected by a state-of-the-art spam filter, organizations and individuals could reduce today’s spam energy by approximately 75 percent or 25 TWh per year. That’s equivalent to taking 2.3 million cars off the road
• The average GHG emission associated with a single spam message is 0.3 grams of CO2. That’s like driving three feet (one meter) in equivalent emissions, but when multiplied by the annual volume of spam, it’s like driving around the Earth 1.6 million times
• A year’s email at a typical medium-size business uses 50,000 KWh; more than one fifth of that annual use can be associated with spam
• Filtering spam is beneficial, but fighting spam at the source is even better. When McColo, a major source of online spam, was taken offline in late 2008, the energy saved in the ensuing lull —  before spammers rebuilt their sending capacity —  equated to taking 2.2 million cars off the road
• Much of the energy consumption associated with spam (80 percent) comes from end-users deleting spam and searching for legitimate email (false positives). Spam filtering accounts for just 16 percent of spam-related energy use

And that’s just by using Spam-Filters! The whole report can be found here: The Carbon Footprint of Email Spam.

Needless to say that – if you are using Exchange you already have a good Spam-protection out of the box. You even get better with Forefront for Exchange and even better with Stirling:

• For Exchange Server 2003 it is the Intelligent Message Filter
• In Exchange Server 2007, there are different technologies applied. You find the corresponding information here.
• And Forefront: Protecting Your Microsoft Exchange Organization with Microsoft Forefront Security for Exchange Server

I deployed Stirling, the next version of Forefront, on my Exchange Server. I have five active mailboxes (really a huge load ) and a few operational ones. The figures of Sitlring are very interesting:

During the last month, I got 58’636 incoming messages. My Spam-Filter found 57’439 as being Spam, which means that I had a Spam-Rate of 97.96% (and I do not know of any mail I lost in the transit).

If you look at the overview statistics, it looks like this:

The details of the connection filter:

And last but definitely not least, the performance of the filter after the mails passed all the connection-level filters:

What I like with the last statistics is, that the SPAM Confidence Level is either very high or very low but nothing in between. So, the filter gives me a clear message on whether it is SPAM or not. There is close to nothing which is “maybe SPAM” – it is less than 1%!

Roger

This is not about piracy and not about leaks and not about…

I am waiting for the new RC build as you are. I am running an intermediate build between Beta and RC and would love to upgrade all my machines (including my MediaCenter) to RC. However, I refrain from downloading it from any of the untrusted sources. The reason for this is pretty simple: You never know (and it is illegal).

Years back (and I have told this story over and over again) we ran an event where we fixed PCs of consumers for free for a whole week. Pretty often, when we found an infected machine, we found P2P software on it. When we talked to the person owning the PC he/she usually told us the “my son/daughter installed that and uses it”. We know that P2P is one of the most dangerous source of malware.

Read now, what happens with Windows 7: Leaked Windows 7 RC torrents infected with trojan

So, rather wait until you get access to the RC of Windows 7 – and so do I

Roger

I am blogging, I am on Twitter, I have a Facebook-Account and many others. I am not always completely clear what the real business model and value of all the tools are but basically there is a lot of fun in it. Additionally information flows much faster and everybody has the possibility to express himself/herself the way he/she wants. However, there is a huge problem connected as well, which is misinformation and panic on the web.

It can easily be that a theme becomes an “own-runner” (at least that’s the way we call it in German if something kind of gets a life on its own) and a lot of misinformation is spread via uncontrolled channels and this can lead to irresponsible behavior.

I just read some articles about this when it comes to the Swine Flu. It does seem to be very serious (even though I am not a doctor) but we have to be very careful what we spread and how. It seems that the US Centers for Disease Control and Prevention has its own Twitter account and they distribute information through this channel. Let’s just for a second put the question aside whether it is really the CDC… they have authoritative information about the flu.

If you search in Twitter for “swine flu” you find a lot of entries – can you trust them? I think that we need some normal vigilance if we deal with such information and be careful what we trust. These media have a huge potential to cause a panic because everybody trusts and copies from everybody.

There is actually good articles on the web on this: Swine flu: Twitter's power to misinform and One swine flu over the cuckoo's nest

Roger