As you (hopefully) know, we publish a Security Intelligence Report every 6 month and today we just released version 4. Let me give you some key findings before you go and read it J
Basically the intent of the report is, to provide a comprehensive overview of the threat landscape we are seeing in the Windows ecosystem. This should help you to understand the current threats (or even better, to give you data to prove what you already knew) and to help us to protect our customers better.
Where does the data come from?
We collect data mainly from the Malicious Software Removal Tool (MSRT) and Windows Defender. It is completely clear that this data does not allow us to draw any conclusion with regards to a single user – we are not even interested in that. We sometimes – to complete our analysis – add public sources as well. This gives us the broadest set of data in the industry.
So, what are the key findings?
- The amount of malware we removed with the Malicious Software Removal Tool continued to increase. End of December MSRT executed on about 450 million unique computers every month and had to clean on a worldwide average one out of 123 scanned computers. In general in Europe we have seen Albania being the most infected country, whereas Finland comes out best. Here you see the world-wide distribution.
What makes me think is that from a regional perspective, the Middle East looks really bad.
- In the second half of 2007 we have seen a decline in vulnerability disclosures of 15%. The following chart shows the Industry-wide vulnerability disclosures by half-year, 2003–2007
- In a product-by-product comparison, newer Microsoft products appear to be less at risk to publically available exploit code. This is especially true looking at Office. Additionally the new vulnerabilities in Microsoft products dropped in 2007 by 11.5%. The number of exploits based on Microsoft Security Bulletins dropped in 2007 by a little bit more than 10%. The decline in exploits based on vulnerabilities by other parties (as CVE) was even at 14%.
- We have talked a lot that the malware and hacking scene moved from vandalism to crime and even to organized crime. When we look at the malware figures, this trend can be seen very well there as well: In the second half of 2007 we have seen an increase of Trojan Downloader and Droppers by 300% – these are the ones we detected and removed. This increase is dramatic and this might indicate that his malware category is the current favorite of the criminals. Additionally we have seen an increase in Adware as well:
What should our customers do?
Well, this does not change too much:
- Check for and apply software updates on an ongoing basis. This includes third-party software as well. So, Microsoft Update is not everything you need…
- Enable your firewall
- Install and maintain up-to-date anti-virus and anti-spyware software
So, if you want to read the report, you can download it.