Microsoft: if you want to be healthy - update
November 3, Microsoft published the fifth edition of the Security Intelligence Report (SIR). In it, the company talked about how it sees the evolution of the “threat ecosystem” of computer security in the first half of 2008. Recent trends noted in the report - the transfer of the front of attacks to a level higher from the OS kernel to applications; the final victory of Trojans, adware and the like in the nomination "The main threat of our time"; and, of course, a big leap in security products Microsoft itself.
In order to separate the facts from marketing, on November 4, our man ( Bukasa ) at the TechEd conference in Barcelona pulled information from Vinnie Galotto (Vinny Gullotto, left), the main manager of Microsoft Malware Protection Center and the head of SIR. It must be said that he told most of it voluntarily. And it was interesting.
Microsoft receives information for the report from millions of computers around the world (10 million in one Russia), on which MSRT, Windows Defender, Live OneCare and others are installed. And the owners who allowed them to send reports to Redmond. Such a wide audience reach still includes only Windows users, but that didn’t stop Vinnie from calling SIR, though not absolutely true in its findings, but the “biggest” report in the industry.
Statistics: throughout the industry compared with the second half of 2007, the number of vulnerabilities found decreased by 4%, and compared with the first half of 2007 - by 19%. But at the same time, the number of high severity vulnerabilities (according to the CVSS classification) increased and amounted to 48% of their total number. In addition, more than half of them are vulnerabilities that are easily accessible to attackers (and together with an average degree of difficulty, they amounted to almost 100%).
')
However, Vinnie says that these changes should not be considered a trend: these are all fluctuations around the average long-term level. But a couple of trends in the report are highlighted. This is a serious drop in the number of vulnerabilities in the kernel of operating systems as a whole (they were less than 7%, whereas in the second half of 2003 it was almost 17%). And the decrease in the number of vulnerabilities in Microsoft products: for 5 years, their share fell three times to the level of 3%.
From this, Mr. Galotto concludes that now, more than ever, security concerns fall on the user's own shoulders. “Update, update everything that is possible and as often as possible” - this is his main idea. Microsoft, which used to be able to patch all the most dangerous and exploited holes at once with one update, is no longer directly responsible for them.
For example: in the old woman Windows XP, 5 out of the 10 most serious vulnerabilities belonged to Microsoft itself, in Vista - not one. But this, as Vinnie honestly said, does not mean that you should immediately install Vista, it is quite enough to upgrade to the latest Service Pack and the latest versions of the software you are using.
In order to separate the facts from marketing, on November 4, our man ( Bukasa ) at the TechEd conference in Barcelona pulled information from Vinnie Galotto (Vinny Gullotto, left), the main manager of Microsoft Malware Protection Center and the head of SIR. It must be said that he told most of it voluntarily. And it was interesting.Microsoft receives information for the report from millions of computers around the world (10 million in one Russia), on which MSRT, Windows Defender, Live OneCare and others are installed. And the owners who allowed them to send reports to Redmond. Such a wide audience reach still includes only Windows users, but that didn’t stop Vinnie from calling SIR, though not absolutely true in its findings, but the “biggest” report in the industry.
Statistics: throughout the industry compared with the second half of 2007, the number of vulnerabilities found decreased by 4%, and compared with the first half of 2007 - by 19%. But at the same time, the number of high severity vulnerabilities (according to the CVSS classification) increased and amounted to 48% of their total number. In addition, more than half of them are vulnerabilities that are easily accessible to attackers (and together with an average degree of difficulty, they amounted to almost 100%).
')
However, Vinnie says that these changes should not be considered a trend: these are all fluctuations around the average long-term level. But a couple of trends in the report are highlighted. This is a serious drop in the number of vulnerabilities in the kernel of operating systems as a whole (they were less than 7%, whereas in the second half of 2003 it was almost 17%). And the decrease in the number of vulnerabilities in Microsoft products: for 5 years, their share fell three times to the level of 3%.
From this, Mr. Galotto concludes that now, more than ever, security concerns fall on the user's own shoulders. “Update, update everything that is possible and as often as possible” - this is his main idea. Microsoft, which used to be able to patch all the most dangerous and exploited holes at once with one update, is no longer directly responsible for them.
For example: in the old woman Windows XP, 5 out of the 10 most serious vulnerabilities belonged to Microsoft itself, in Vista - not one. But this, as Vinnie honestly said, does not mean that you should immediately install Vista, it is quite enough to upgrade to the latest Service Pack and the latest versions of the software you are using.
Source: https://habr.com/ru/post/44246/
All Articles