MS Security Architect: Windows 7 Will Slash Malware

CSO - Microsoft caused the IT security community more than a little heartburn when it included fixes for the barely-out-of-the-box Windows 7 in its October 2009 Patch Tuesday security update.

See also: In Defense of Microsoft and Windows 7 and The Patch Tuesday Survival Guide

Nevertheless, Jimmy Kuo -- principal architect for Microsoft's Malware Protection Center -- has high hopes that Windows 7 will ultimately be seen as the major turning point where malware writers finally met their match. In the following Q&A, Kuo talks about the top takeaways from the latest Microsoft security intelligence report and why he believes Windows 7 will ultimately shut the door on a lot of the malware activity outlined this year.

First, a note on the report: Microsoft's conclusions are based on data being reported back from its Malicious Software Removal Tool (MSRT), which is on 450 million computers; Bing, which performed billions of Web page scans during the past six months; Windows Live OneCare and Windows Defender, which runs on more than 100 million computers; and Forefront Online Protection for Exchange and Forefront Client Security, which scans billions of e-mail messages a year.

The report says rogue security software was the single-largest threat category for the first half of 2009. Talk about the data that lead Microsoft to that conclusion.Kuo: We detected and cleaned rogue security software off of 13.4 million computers. That's down from 16.8 million last year, but it's still a significant threat. Also known as scareware, this stuff takes advantage of customers' desire to keep their computers protected. A box will appear warning the user that their computer has been infected and they must download the given program to clean it up. The user OK's the download, and that's when they become a victim.

One of the takeaways from the report is that old-style worms are making a comeback. Why?Kuo: In the first half of 2009, worms rose from fifth place in to become the second-most prevalent threat category in the latest report -- a 98.4 percent increase. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments.

What were some of the more pervasive malware threats?Kuo: Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Taterf targets massively multiplayer online role-playing games and has increased 156 percent from 2 million last year to 4.9 million in this year. Win32/Taterf steals your online game login details. It spreads by copying itself to the root of all fixed and removable drives on the infected system, ensuring it gets executed by creating an 'autorun.inf' file. After its first day in MSRT, Taterf components had been removed from over 700,000 machines. It illustrates the need for organizations to have guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.