MS Security Architect: Windows 7 Will Slash Malware
CSO - Microsoft caused the IT security community more than a little heartburn when it included fixes for the barely-out-of-the-box Windows 7 in its October 2009 Patch Tuesday security update.
See also: In Defense of Microsoft and Windows 7 and The Patch Tuesday Survival Guide
Nevertheless, Jimmy Kuo -- principal architect for Microsoft's Malware Protection Center -- has high hopes that Windows 7 will ultimately be seen as the major turning point where malware writers finally met their match. In the following Q&A, Kuo talks about the top takeaways from the latest Microsoft security intelligence report and why he believes Windows 7 will ultimately shut the door on a lot of the malware activity outlined this year.
First, a note on the report: Microsoft's conclusions are based on data being reported back from its Malicious Software Removal Tool (MSRT), which is on 450 million computers; Bing, which performed billions of Web page scans during the past six months; Windows Live OneCare and Windows Defender, which runs on more than 100 million computers; and Forefront Online Protection for Exchange and Forefront Client Security, which scans billions of e-mail messages a year.
The report says rogue security software was the single-largest threat category for the first half of 2009. Talk about the data that lead Microsoft to that conclusion.Kuo: We detected and cleaned rogue security software off of 13.4 million computers. That's down from 16.8 million last year, but it's still a significant threat. Also known as scareware, this stuff takes advantage of customers' desire to keep their computers protected. A box will appear warning the user that their computer has been infected and they must download the given program to clean it up. The user OK's the download, and that's when they become a victim.
One of the takeaways from the report is that old-style worms are making a comeback. Why?Kuo: In the first half of 2009, worms rose from fifth place in to become the second-most prevalent threat category in the latest report -- a 98.4 percent increase. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments.
What were some of the more pervasive malware threats?Kuo: Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Taterf targets massively multiplayer online role-playing games and has increased 156 percent from 2 million last year to 4.9 million in this year. Win32/Taterf steals your online game login details. It spreads by copying itself to the root of all fixed and removable drives on the infected system, ensuring it gets executed by creating an 'autorun.inf' file. After its first day in MSRT, Taterf components had been removed from over 700,000 machines. It illustrates the need for organizations to have guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.
Originally published on www.csoonline.com. Click here to read the original story.
Microsoft
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Tape Killed the IT Guy
Watch Now
Cache Tier Memory Efficiency with Gear6 Web Cache
Download this valuable white paper!
Customer Video: Cardinal Health
Download Now
Connecting to the Cloud with F5 and VMware VMotion
F5 and VMware partner to enable live application and storage migrations between datacenters and clouds, over short or long distances.
Virtualize Microsoft Applications on VMware
Register for this live webcast now!
F5 Virtualization Guide: Seven Key Challenges You Can't Ignore
Seven Key Challenges You Can't Ignore
Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!



