The Microsoft SIR (Security Intelligence Report), which covers the last two quarters of 2007, was released this week. The report covers software vulnerabilities (in MS products and other third party products), Malware, and exploits. The report shows that while vulnerabilities fell, the number of threats continued to rise towards the end of last year.
Microsoft: Threats up - Vulns. down. (IMG: mahugh.com)
The first thing to note is that no one in the security field is unaware of these numbers. Anyone who has had to deal with Malware infections, vulnerability patches, or random “0-Day” attacks can tell you the end of 2007 was nasty. Adding to that, is the number information disclosures (personal information lost or potentially lost) because of stolen equipment (laptop or other external storage) went up in 2007.
The second half of 2007 showed that new vulnerability disclosures fell by fifteen percent, overall for 2007 the number of vulnerability disclosures fell by five percent. Out of all of the vulnerabilities released in 2007 concerning Microsoft products, over thirty percent had publicly available exploit code.
Exploits, Malware, and criminal hacking accounted for twenty-three percent of all security breach notifications recorded from 2000 through 2007, and they only accounted for thirteen percent of security breach notifications during the second half of 2007.
Almost sixty percent of the security breaches publicly disclosed involved lost or stolen equipment in the SIR reporting period.
By the end of the SIR period the Microsoft Malicious Software Removal Tool (MSRT) was executed on more than 450 million unique computers worldwide per month, the total amount of Malware removed from computers worldwide via MSRT increased over forty percent.
During the second half of 2007, there was a three hundred percent increase in the number of Trojan attacks in the form of downloader or dropper type payloads. The most prevalent Trojan detected was Win32/Winfixer, with more than five times as many detections as any other single family. Winfixer displays alerts warning of severe system threats. The program then offers to remove the erroneous detections for a fee. These warnings appear under multiple false product names in several different language versions.
As mentioned, to security people these numbers are nothing new. The problem is that the security industry for the most part and OEM companies (Apple or Microsoft) are still playing catch up. They are reacting to issues instead of moving to a proactive approach to security. Recent releases and developments show they are working on this issue; however, there is still a long way to go.
The full report is here: http://tinyurl.com/6q5tdh
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!