Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Microsoft Security Intelligence Report: January through June 2008

November 1st 2008 in Uncategorized


The Microsoft Security Intelligence Report for the period covering January through June 2008 has been released.

Executive Summary
Full report
Key findings summary

The full report is a hefty 150 pages long.  I have only had time to take the briefest of glances at it, and even then I have focused only on my particular field of interest – browser based exploits and malware/potentially unwanted software. 

A showstopper statistic is to left of screen.  As you can see, the percentage of browser based exploits from the perspective of Microsoft software versus third party software swas 42.3% (MS) : 57.5% (TP) for Windows XP and an amazing 5.7% (MS) : 94.3% (TP) for Windows Vista.  The results highlight just how important it is to ensure that *all* software on your computer is kept up to date and, to quote the authors of the MSIR report “uninstall software you don’t actively use. Malicious code can exploit vulnerabilities in software whether you use it or not“.

The report also reveals that:

  • In 1H08, the total amount of malware and potentially unwanted software removed from computers worldwide increased by more than 43 percent compared to 2H07.
  • Despite this overall increase, there has been a 36% DECREASE in the number of computers infected with Win32/Winfixer family malware.
  • Although patterns of malware detected and removed by Microsoft security products varied across countries and regions, trojan downloaders and droppers constituted more than 30 percent of all malware removed by Microsoft security products worldwide.  This trend builds on the significant increases in the volume of trojan downloaders and droppers detected over the past several years.
  • As a general rule, infection rates tend to be higher in developing countries/regions than in developed countries/regions, as reported by the Malicious Software Removal Tool (MSRT).
  • The most common system locale for victims of browser-based exploits was Chinese, accounting for 47 percent of all incidents, followed by US English with 23 percent of incidents.
  • The infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP, at any service pack level.
  • The infection rates for the 64-bit editions of Windows Vista were both lower than those of their 32-bit counterparts.
  • For each version of the operating system, higher service pack levels meant lower rates of infection. This trend can be observed consistently across client and server operating systems half-year period over half-year period.


Now, with regards to the 43% increase in detected malware and potentially unwanted software, the authors note that:

  • The ability of the tools themselves to detect malware continues to improve as researchers analyze samples and refine their detection algorithms.
  • Several prevalent malware families were added to the MSRT in 1H08, causing them to be detected for the first time on many previously unprotected computers.
  • More computers worldwide are running Windows Vista, which includes Windows Defender (available as a separate download for earlier versions of Windows) and allows the user to download the monthly Microsoft Windows Malicious Software Removal Tool (MSRT) by default.
  • Increased usage of Microsoft security products, like Windows Live OneCare and Microsoft Forefront Client Security, has contributed to the increase.
  • Any genuine increase in the prevalence of malware and potentially unwanted software would naturally tend to be reflected in the statistics, as well.

User actions and reactions

The following two statistical tables are very interesting – they show us the most removed, and least removed, detections.  I struggle to understand, for example, why anybody would choose to ignore the detection of “severe” threats.  The least removed statistics are unsurprising.



One comment to...
“Microsoft Security Intelligence Report: January through June 2008”

Conrad Longmore

I don’t want to get drawn into the XP vs Vista security debate (although it is worth pointing out the Vista has its own unique vulnerabilities where XP doesn’t). The chart does show the important of patching non-Microsoft apps. Say what you like about Microsoft’s products, they are VERY good at patch management. Others are less so.

Something like the Secunia Software Inspector (http://secunia.com/vulnerability_scanning/online/) can be a very useful tool when it comes to checking those third party apps for vulnerabilties.

Mea culpa: Marian is apparently male, not female.
Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware.  She He states:

“What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors”

Yep, we know this … that is why Flash is “the Typhoid Mary of the Internet”.
I’m […]

Previous Entry

This happened in Perth a year or so ago…. the gentleman in question was showing off for the crowds in the hotel located at the intersection in question – the driver, who was certainly old enough to know better, faced insurance questions after it was alleged that he had been drinking alcohol before the accident:

Next Entry