Windows Security Blog : IT Pro

Windows 7 Vulnerability Claims

Paul Cooke — Sat, 07 Nov 2009 00:56:00 GMT

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7. This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

New Microsoft Security Intelligence Report Released

Paul Cooke — Mon, 02 Nov 2009 19:00:00 GMT

Volume seven of the Microsoft Security Intelligence Report (SIRv7) - part of Microsoft's commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments - was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany's infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats? Japan's infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware!

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.

Now Available - Microsoft Security Intelligence Report

Paul Cooke — Wed, 08 Apr 2009 19:18:00 GMT

I got into the office this morning and noticed that volume six of the Microsoft Security Intelligence Report (SIRv6) was released earlier today. For those of you who are not familiar with the report, the SIR is published by Microsoft twice per year. Each volume of the SIR looks at the data and trends observed in the first and second halves of each calendar year with a focus on malware data, software vulnerability disclosure data, vulnerability exploit data, and related trends.

A trend that the SIR calls out right up front was around rogue security software. The second half of 2008 saw a clear rise in prevalence of rogue security software (software which poses as anti-malware or anti-spyware protection but in reality does little or nothing, and may even be malware!). While I knew the issue was out there and even had to help a good friend clean his system after being duped, the rise was eye-opening for me. The take away: be careful out there! Get your software from a trusted source and keep it up-to-date with the latest Windows Updates. Be cautious not to follow advertisements for unknown software that pretends to provide protection. Access the sites of reputable vendors directly for information or subscription to their products and services.

Another piece of data I that I wanted to pass along deals with the infection rates of Windows, as shown in the graph below:

What this graph tells me is that the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP, in all configurations. It also tells me that the higher the service pack level of an OS, the lower the infection rate. Once again, this really points out that you need to keep your software up-to-date!

I encourage you to download the full report and hope that you find the data, insights, and guidance provided in the SIR useful in helping you understand today’s threat landscape and ultimately help you protect your networks and users.

Secure Your Windows and Office 2007 Installations

Paul Cooke — Mon, 15 Dec 2008 22:20:00 GMT

I noticed over the weekend that Microsoft's Solution Accelerator team has just released a Beta of Project Codename Sundance. This Solution Accelerator builds on previous Microsoft security guidance and is aimed at helping you configure and deploy security settings for both Windows and Office 2007. With more than 700 security setting recommendations, the guidance and tools included should help fine-tune the security posture of your Windows and Office 2007 deployments.

After deploying the security settings, you can even verify the settings and monitor policy changes by using one or more of 18 new configuration packs designed for the Desired Configuration Management (DCM) feature of Microsoft System Center Configuration Manager 2007.

This solution accelerator can help you in a number of ways:

Accelerate and secure deployments
Predefined templates and automated tools enable you to greatly reduce the time required to deploy security settings and monitor security baselines.
Provide higher reliability
Eliminate a number of manual steps and get faster, more reliable security results.
Comprehensive solution
Includes information about hundreds of security and privacy setting options, as well as recommendations for each one based on best practices.
Manage risk
Manage security setting changes in Windows operating systems and Office applications that otherwise could place the integrity of your IT systems at risk.
Right Price
It's free from Microsoft Connect.

I invite you to join the Beta Program for Project Codename Sundance and take a look at how it might help you secure your Windows and Office 2007 installations.

To join the Beta Program for Project Codename Sundance, please click on the following link:
https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2682&InvitationID=SUN-698V-PYJF&SiteID=715

After you have joined the program, add the following link to your favorites
https://connect.microsoft.com/site/sitehome.aspx?SiteID=715

[Edited on 12/17/2008 to provide best user experience for beta program links.]