Microsoft Security Report Underscores Weak Enterprise Security Policies

In an analysis of the top security threats during the first half of 2009, Microsoft's findings show the importance of having sound guidelines governing thumb drives and connecting to corporate networks from machines outside the enterprise. According to Microsoft, both Conficker and another notorious worm took advantage of poor policies around USB devices to spread.

In its biannual snapshot of the security landscape, Microsoft has uncovered a resurgence a worms that underscores the importance of having sound security guidelines for removable USB devices accessing corporate networks.

While Volume 7 of Microsoft's Security Intelligence Report found that Trojans were the top malware threat for U.S. enterprises during the first six months of 2009, Microsoft also noted a jump in the prevalence of worms. The identity of the most common worm-Conficker-should come as no surprise. The second most prevalent worm, however, was Taterf, which targets passwords for online games.

According to Microsoft, detections of Taterf rose 156 percent during the first half of 2009 over where they stood during the previous six months. Like Conficker, the worm enjoyed a high degree of success by spreading through unsecure file shares and removable storage devices.

"During this period, [Taterf] had an almost identical threat footprint to Conficker in terms of number of infection machines, yet we hardly ever hear about it," said Jeff Williams, principal group program manager for the Microsoft Malware Protection Center. "I think enterprises dismiss it as not applicable to them" due to their policies against online games, he said.

However, Williams explained that Taterf's spread underscores the fact that many enterprises do not have sound policies regarding removable media. Enterprises need to take the time to develop guidelines for thumb drives as well as how they allow network connections from machines not managed by their IT resources, he said.

"Most enterprises do not have a policy around scanning removable media before it is introduced to the network, and many also don't have a policy about antivirus software running on home computers where information might be carried back and forth from a home machine to a work machine or where that home machine might be used to connect to the corporate network," Williams said.

Despite the resurgence of worms, Trojans remained the top malware threat for enterprises in the United States, as well as the United Kingdom, France and Italy. In China, many of the most prevalent malware families are Chinese-language threats that don't appear in the list of top threats for any other location, such as the browser modifier Win32/BaiduSobar, the report notes.

The report also uncovered a difference in infection rates between Windows Vista and XP. Infection rates for Vista were found to be significantly lower than Windows XP in all configurations during the first half of 2009. For Windows Vista SP1, the infection rate was 61.9 percent less than Windows XP SP3, according to the report.

"It's been said that knowledge is power-and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center, in a statement. "Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."