Windows Security Blog : Windows

Windows 7 Vulnerability Claims

Paul Cooke — Sat, 07 Nov 2009 00:56:00 GMT

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7. This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Now Available - Microsoft Security Intelligence Report

Paul Cooke — Wed, 08 Apr 2009 19:18:00 GMT

I got into the office this morning and noticed that volume six of the Microsoft Security Intelligence Report (SIRv6) was released earlier today. For those of you who are not familiar with the report, the SIR is published by Microsoft twice per year. Each volume of the SIR looks at the data and trends observed in the first and second halves of each calendar year with a focus on malware data, software vulnerability disclosure data, vulnerability exploit data, and related trends.

A trend that the SIR calls out right up front was around rogue security software. The second half of 2008 saw a clear rise in prevalence of rogue security software (software which poses as anti-malware or anti-spyware protection but in reality does little or nothing, and may even be malware!). While I knew the issue was out there and even had to help a good friend clean his system after being duped, the rise was eye-opening for me. The take away: be careful out there! Get your software from a trusted source and keep it up-to-date with the latest Windows Updates. Be cautious not to follow advertisements for unknown software that pretends to provide protection. Access the sites of reputable vendors directly for information or subscription to their products and services.

Another piece of data I that I wanted to pass along deals with the infection rates of Windows, as shown in the graph below:

What this graph tells me is that the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP, in all configurations. It also tells me that the higher the service pack level of an OS, the lower the infection rate. Once again, this really points out that you need to keep your software up-to-date!

I encourage you to download the full report and hope that you find the data, insights, and guidance provided in the SIR useful in helping you understand today’s threat landscape and ultimately help you protect your networks and users.

BitLocker on TechNet Radio

Paul Cooke — Fri, 23 Jan 2009 19:00:00 GMT

Not sure how many of you are familiar wtih TechNet Radio, but I did a piece for them the other day that I encourage you to go check out. It's a quick interview on BitLocker Drive Encryption. In it, I get asked about BitLocker not only in Windows Vista, but also around some of the changes we have made in Windows 7. Take a listen to the interview below and trust me, we will have more on the new Windows 7 security features coming shortly...

TechNet Radio - BitLocker Drive Encryption

Secure Your Windows and Office 2007 Installations

Paul Cooke — Mon, 15 Dec 2008 22:20:00 GMT

I noticed over the weekend that Microsoft's Solution Accelerator team has just released a Beta of Project Codename Sundance. This Solution Accelerator builds on previous Microsoft security guidance and is aimed at helping you configure and deploy security settings for both Windows and Office 2007. With more than 700 security setting recommendations, the guidance and tools included should help fine-tune the security posture of your Windows and Office 2007 deployments.

After deploying the security settings, you can even verify the settings and monitor policy changes by using one or more of 18 new configuration packs designed for the Desired Configuration Management (DCM) feature of Microsoft System Center Configuration Manager 2007.

This solution accelerator can help you in a number of ways:

Accelerate and secure deployments
Predefined templates and automated tools enable you to greatly reduce the time required to deploy security settings and monitor security baselines.
Provide higher reliability
Eliminate a number of manual steps and get faster, more reliable security results.
Comprehensive solution
Includes information about hundreds of security and privacy setting options, as well as recommendations for each one based on best practices.
Manage risk
Manage security setting changes in Windows operating systems and Office applications that otherwise could place the integrity of your IT systems at risk.
Right Price
It's free from Microsoft Connect.

I invite you to join the Beta Program for Project Codename Sundance and take a look at how it might help you secure your Windows and Office 2007 installations.

To join the Beta Program for Project Codename Sundance, please click on the following link:
https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2682&InvitationID=SUN-698V-PYJF&SiteID=715

After you have joined the program, add the following link to your favorites
https://connect.microsoft.com/site/sitehome.aspx?SiteID=715

[Edited on 12/17/2008 to provide best user experience for beta program links.]