Security Watch

Keeping Track of patches and hacks in the IT security world.

MS' e-Threat Fight Goes Global

Microsoft has unveiled what's it's calling its Malware Protection Center: a new think tank comprising security and threat experts that will provide global malware research, response and protection capabilities in order to help protect customers from new or existing threats.

Microsoft General Manager Vinny Gullotto gave an overview of the center as part of his keynote at the RSA Conference Japan on Tuesday night (U.S. time). Gullotto will head up the Center. Other experts involved in the organization include Jimmy Kuo, Katrin Totcheva and Dan Wolff. Totcheva comes to Microsoft after a stint at F-Secure. Kuo is a former McAfee fellow, and Wolff is also a McAfee alumnus.

Microsoft also is unveiling a beta version of a virtual version of the Malware Protection Center: a portal where both customers and noncustomers can research viruses, spyware and other potentially unwanted software—i.e., spyware or adware. The Malware Protection Center Portal, which went live today, contains a searchable encyclopedia of data about viruses for which Microsoft's malware protection product provides protection, along with guidance on how to remove given threats. The portal also provides lists of the most active malware families, the most active variants, the most active e-mail threats, and the top adware/spyware removed by Microsoft' malware protection product.

The portal is expected to go live in July. Check out the preview of the portal here.

In addition, Microsoft announced that it has opened two new research labs in Tokyo and Ireland to provide research and response support to its customers. Mark Miller, director of communications for Security Response at Microsoft, told eWEEK in an interview that these particular sites were chosen because of a combination of regional need, finding strong anti-virus talent in those regions, and the need to make Microsoft as agile as possible when it comes to meeting the needs of global customers at a pace he said will be "in real-time."

Finally, Microsoft has published the second version of its SIR (Security Intelligence Report), a report that Microsoft says provides a comprehensive understanding of the type of threats that Windows customers face today.

The report highlights trends observed after analyzing data Microsoft collected between July 1 and Dec. 31, 2006, from sources including Microsoft's MSRT (Malicious Software Removal Tool) and Windows Defender. Those two tools have the largest user bases of customer-focused Microsoft security solutions and services. The MSRT has a user base of more than 310 million unique computers; Microsoft said that during the second half of 2006, the tool was executed 1.8 billion times. The company also claims more than 18 million active customers of Windows Defender.

One highlight from the report is that the number of responsibly disclosed vulnerabilities increased 41 percent in 2006 over the previous year. In fact, more vulnerabilities were disclosed in the latter half of 2006 than in any single year between 2000 and 2004, the report says.

The report also outlines the increasing sophistication of threats. "Compared with previous years, 2006 saw the disclosure of a much larger percentage of vulnerabilities that are considered more difficult to find due to the level of complexity required to exploit them," according to the report's fact sheet.

But while malware is getting smarter, so too are researchers. A trend picked up by SIR is that researchers are coming up with better tools, finding complex and harder-to-find issues, and expanding their focus to look at applications and to use newer techniques such as file format fuzzing.

"It's a comment to the industry that as a whole it's improving security, Microsoft in particular through its "Secure Development Lifecycle" push," Miller said.

"A key interesting thing [in the report's section on malware] is that newer operating systems, due to in-depth defense measures, are much more resilient to infection by malware," he said. "On newer operating systems we find much less malicious [software]."

Miller was referring to Windows XP SP2 and Windows 2003 as being the newer, more resilient operating systems. Vista was released after the time covered by the report.

"If we look at the percentage of machines we clean on Windows XP SP2 and all versions of Windows 2003, they represent a total of 14 percent of the machines we clean" with the company's malware protection products, Miller said. "The rest are [earlier] versions of Windows XP and others. Looking at 100 percent and finding 14 percent clean [means that 14 percent is] significantly more resilient to infection."

The SIR also found a significant uptick in malware detection in Germany and Japan. That's not necessarily due to more malware being present, Miller said—rather, it's likely due to Microsoft's malware product being released in those countries' local languages.

Of course, if the software was never used in those countries before being rolled out in the appropriate languages, actual detection would increase from 0 to the numbers Microsoft has today—a sharp growth that isn't necessarily reflective of more malware appearing in those countries, but rather more Microsoft detection product being used.

Microsoft is seeing more malware worldwide, however, Miller said—and it's growing more tricky to avoid. "Remote control software [like] botnets are continuing to be a problem," he said. "The growth in remote-control software and Trojans and backdoors clearly are indicative of that problem."

What is actually increasing though: Malware, detection capabilities or Microsoft's security product penetration in the market?

"I think it's all three," Miller said. "[We're gaining more] insights into the threat environment, detection technology is continuing to improve, and malware is growing. ... And we're seeing increasing global adoption of people looking for these types of products."