Microsoft Subnet An independent Microsoft community View more

Microsoft cybersecurity report warns users about the evils of clinging to XP

After analyzing security threats to more than 1 billion systems for six months, Microsoft's Security Intelligence Report offers insights that include the dangers of still running Windows XP.

After analyzing online security threats encountered across the globe from January to June 2013, on more than 1 billion systems, Microsoft's Security Intelligence Report volume 15 is broken down into "in-depth perspectives" on vulnerabilities, exploits, malware, email threats, malicious websites, cloud security and best tips for mitigating risk.

New for this report, Microsoft talks about “encounter rates;” the total number of computers that encountered malware, compared to the total number of computers infected with malware and cleaned with Microsoft's Malicious Software Removal Tool. Worldwide, 17 out of every 1,000 computers encountered malware, but only six out of every 1,000 were infected and cleaned. In the U.S., during the first half of the 2013, 11.51% of PCs encountered malware, but only 8 of every 1,000 were infected and cleaned.

The evils of still running Windows XP play nicely into this malware infection encounter rates theme. If you are still running XP, then Microsoft answers this conundrum with the need to update to Windows 8. Although some people love Windows 8, it seems like a train wreck when used on a PC or non-touchscreen-friendly laptop.

Infection vs encounter rates, Microsoft's Security Intelligence Report volume 15

But, according to Tim Rains, director of Microsoft Trustworthy Computing, the data from this newest Security Intelligence report illustrates "the positive impact that security innovations in newer operating systems are having. Modern operating systems such as Windows 8 include advanced security technologies that are specifically designed to make it harder, more complex, more expensive and, therefore, less appealing for cybercriminals to exploit vulnerabilities." In fact, a large portion of Rains' post is devoted to the dangers of clinging to XP.

Separately, in a post about HP's Zero Day Initiative and verifying kernel level vulnerabilities, Dave Weinstein wrote about how a framework to prove exploitation became more complicated and required more steps when targeting Windows 8 and Windows 8.1. So, like it or not, you will probably get hammered if you stay on XP beyond April 8, 2014, when all XP support and security updates end.

Microsoft's SIR is always interesting as it drills down to extreme details. You should probably check it out, but here are few "overall" detail graphs for some categories.

Vulnerabilities

Industry-wide vulnerabilities from Jan - June 2013

Exploits

Microsoft report on exploit attempts from Jan - June 2013

Email threats

Below is one example from email threats, specifically spam blocked by Exchange Online Protection filters.

Spam email threats blocked by Exchange Online Protection filters

Malicious websites

Like each of the security topics covered in SIR, the malicious website section is extremely detailed, such as phishing, drive-by-downloads, malware hosting sites, concluding with guidance for protection. The graph below covers categories of malware found at sites blocked by SmartScreen Filter in 1H13.

Categories of malware found at sites blocked by SmartScreen Filter in 1H13

Cloud security -- trillions of logs and events to review

Before diving into cloud security, such as Domain Name System (DNS) attacks and DDoS attacks, Microsoft gave a migraine-inducing example of the challenges cloud incident response teams face.

The infrastructure required to serve hundreds of millions of customer accounts on every continent generates an astronomical amount of data in the form of logs, alerts, and other telemetry. Over the course of one recent month, the domain controller logs for servers that manage primary Microsoft production environment domains generated 57.1 billion Windows security events. Add in network data (including NetFlow telemetry), firewall events, and intrusion prevention system (IPS) events, and event counts easily reach the trillions. And that's primarily from non-virtual systems!

Microsoft most assuredly sees more threats than most, placing it in a unique position to share security threat details and guidance to mitigate risk. Grab your copy of SIRv15.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.