The sixth edition of the Security Intelligence Report (SIR), Microsoft’s semi-annual report on the state of computer security was published on April 8, 2009. Using data derived from hundreds of millions of computers worldwide and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in:
- Software vulnerabilities (both in Microsoft software and in third-party software)
- Software exploits
- Security and privacy breaches
- Malicious and potentially unwanted software
- E-mail, spam, and phishing
When I say 'in-depth', I mean it. At 184 pages in length, the report is extremely comprehensive and data driven. If you are a data junkie like me, the whole report is fascinating. I love reading about the industry vulnerability trends, seeing the history of where we have come from and the progress we have made, as well as where things are going and thinking about how we stay ahead in security. But if you are an IT Admin, the SIR can be far more than just fascinating. The SIR can help you understand the threat landscape and assess risk in your environment. For example:
Malicious software infection rates differ significantly for different versions of the Microsoft Windows operating system. Windows Vista was less infected at any service pack level than Windows XP. Comparing the latest service packs for each version, the infection rate of Windows Vista SP1 is 60.6 percent less than that of Windows XP SP3.
This is hard data that helps you make a decision about the most secure Microsoft operating system to deploy in your environment. And the SIR doesn’t just include a wealth of datapoints, it also includes clear guidance on mitigations and countermeasures for most threat and exploit trends investigated.
There are a number of key findings in the SIR relevant to Trustworthy Browsing as well. Rogue security software, phishing, and malicious website threats are rapidly increasing. These threats make it even more important for browsers to help users avoid the dangers of social engineering attacks and make safe browsing choices. Internet Explorer 8 does this with our SmartScreen Filter, which identifies and blocks sites on the web that are distributing malicious software.
I could easily take the SIR data and use it to support the great security features in IE8… But you can already learn more about IE8 security here in IEblog, and in my recent TechNet interview. Instead I’m asking our IT Admin readers to take the time to download and read the SIR, if you haven’t already. It can help you assess today’s security risks and understand the latest threats to your environment so you can take timely defensive steps to ensure your users and company assets are safe.