antivirus reviews & maintenance tips for home office and small business

Microsoft releases latest Security Intelligence Report: key findings

On October 15, 2010 Microsoft released their latest assessment of Internet security threats and trends.

The Report is very comprehensive and we try to summarize the most important issues in easy to digest bites.

The Microsoft Security Intelligence Report (SIR) is a comprehensive evaluation of the evolving threat landscape and trends. The information can help you make sound risk-management decisions and identify potential adjustments to your security posture. Data is received from more than 600 million systems worldwide and internet services.

For those who don't have time to go through the entire document, which you can get from Microsoft, here are the main takeaways:

  • Infection rates for Windows 7 are lower than its desktop predecessors.
    Microsoft is telling us that their new Windows 7 is more secure than Windows XP and Windows Vista. That's a relief and in general we recommend the switch to Windows 7, when it makes sense.
    However Microsoft suggesting to buy Windows 7 doesn't come as a surprise, does it?
  • Most attackers use social engineering techniques to trick you into installing malware.
    As we have been reporting several times in the past in our Web Security Alerts section, most attackers today rely heavily on social engineering techniques to mislead victims into unwittingly or even knowingly giving them information and access that would be much harder to take by force.
    For an example read our article about how cyber-criminals are attacking popular Web 2.0 sites like YouTube, Twitter and Facebook to distribute malware.
    Regardless of the method selected, the purpose of a social engineering attack remains the same—to get the targeted user to perform an action of the attacker’s choice.
    Don't trust any click while online!
  • Stolen equipment remains the most frequent type of security breach incident.
    Malicious incidents (those involving "hacking" incidents, malware, and fraud) routinely account for less than half as many incidents as negligence (involving lost, stolen, or missing equipment; accidental disclosure; or improper disposal).
    Improper disposal of business records is the second largest source of breach incidents related to negligence, and the third largest source of incidents overall.
    To sum it up: it's absolutely fine to develop a healthy "paranoia" about online credit card frauds and "behave" carefully while on the Internet from our office or home computer. Keep in mind though, that you are still more likely to give away your most sensitive financial information through your trash bin!

Source: Microsoft - Security Intelligence Report (SIR) vol.9