Microsoft has released its Security Intelligence report covering the first half of 2008. It shows that the volume of threats is increasing and the distribution of threat types continues to evolve. An interesting aspect of the picture is that Microsofts work in improving Windows is paying off and attackers are turning to attacking applications rather than platforms, making it imperative that enterprises patch and protect their applications promptly. However, a report by the Computer Security Institute (CSI) shows that organisations with the necessary expertise can protect themselves from these threats.
Stay agile the threat is changing and moving
Malware volume is still increasing, but the vulnerability of Microsoft software is decreasing. Applications are now the focus of vulnerabilities.
The total number of software vulnerabilities reported during the period fell by 4 per cent, but the number classified as high severity increased by 13 per cent. This contradiction may be explained by changes in the incentives for finding vulnerabilities that emphasise serious failings. Operating system vulnerabilities represented just over 6 per cent of this total, compared with over 15 per cent in 2003. Thus the majority of vulnerabilities are in applications and hackers are exploiting this opportunity. It is now critically important to patch vulnerabilities in all software that interacts with the Internet.
Microsoft accounted for nearly 10 per cent of all disclosures in 2003, but only around 3 per cent in 2008. This shows the success of its efforts to improve its software development processes since it embarked on its Trustworthy Computing Initiative. The figures show a dramatic fall in infection rates with each stage in the development of the Windows platform, with the biggest single improvement coming with XP Service Pack 2.
Browser-based exploits represent a large proportion of attacks. Forty-seven percent of these came from China, pushing the US to second place with 23 per cent. This indicates the relative weakness of Internet security in China, and of its search engines in particular.
Information theft continues to be dominated by low-tech approaches nearly 40 per cent of incidents involved the theft of laptops.
One of the sources that Microsoft uses to collect data is its free Malicious Software Removal Tool. This source showed that the amount of malware removed from computers worldwide increased by 43 per cent over 2007, indicating that the problem is very much alive. Trojan downloaders accounted for 30 per cent of this total, indicating the extent of the problem of hackers hijacking legitimate machines to act as malware servers. This is a criminal activity. One of these has been found to have 86,000 variants (500 new versions per day). There has also been a big increase in social engineering attacks. The number of traditional viruses is now quite small.
Sign up for Computerworld eNewsletters.