Microsoft: State of the Security Union is Good

Twice a year, Microsoft issues its Security Intelligence Report (SIR), part of an ongoing effort at transparency and customer education. This week, Microsoft has issued its seventh SIR, and the results are actually somewhat comforting. Within the wider context of Microsoft security, the state of the union is good.

The least surprising trend confirmed by the SIR is that newer Microsoft operating systems are routinely more secure than the OSes they replace. Windows Vista, for example, is infected with malware about 62 percent less frequently than is the aging Windows XP that so many businesses still rely on. (But that's just with the very latest XP version; Vista with SP1 was infected fully 85 percent less XP RTM.) These are astonishing differences.

But it's not just a version to version trend: Microsoft has also found, within any given Windows version, those systems with the latest service packs are more secure than those on previous service packs. The message here is clear: Keeping up to date with modern Windows versions and the very latest security fixes are key ways that you can keep your users more secure.


And we can even take it a step further: Those users who have moved to 64-bit systems are seeing fewer threats than 32-bit users on client Windows versions. This is particularly pronounced in Windows Vista and Vista with SP1.

In a discussion last week with Microsoft Malware Protection Center principal group product manager Jimmy Kuo, some of my own views on PC security were confirmed: Many of the successful hacks of the past several years have relied on user ignorance, and by educating people to these dangers, Microsoft and others with security concerns can lower infection rates.

"In the period before the previous Security Intelligence Report, we removed rogue security software from 16.8 m machines," Kuo told me. "This time it was 13.4 million, so it there's a downward trend there. This is because we've been concentrating on these types of attacks recently, but also because of user education."

Speaking of trends, it's interesting to see how electronic threats have evolved over the years. 10 years ago, when Melissa worm was making its way from PC to PC, malware was typically delivered via email. Today, worms are more often passed between shared network drives and USB-based storage devices, and hackers are starting to target applications because Windows is getting a lot more secure.

In fact, Microsoft notes that some of the most successful hacks against Microsoft Office this year were from malware types that are several years old. In fact, over 71 percent of Office-based attacks in 2009 exploited a single vulnerability for which a security update had been available for three years. Again, keeping up to date is key.

Phishing is still a popular form of attack as well, and this is yet another area where user education could really pay off. Social networks (like Facebook), gaming sites and banks are now among the most frequent avenues of phishing type attacks, Microsoft says.

Geography seems to play a role as well. The US, UK, France and Italy all had significant Trojan issues in 2009, while in China, language-specific web browser threats were the worst offenders. Brazil has huge issues with online banking/phishing-type scams. And phishing attacks against gamers were the number one threat in Spain and Korea.

And if you're wondering, the server trends seem to map closely to the client. Windows Server 2008 was infected with malware 53 percent less often than was Windows Server 2003. (Overall, server-based attacks are far less frequent than those on the client, of course.)

For more information, check out the full report. Then get out there an update your systems. It's just common sense.

An edited version of this article appeared in the November 3, 2009 issue of Windows IT Pro UPDATE. --Paul