Earlier yesterday Microsoft published edition 14 of the Security Intelligence Report (SIR). The report distills data from their security systems included in Windows, such as the Malicious Software Removal Tool (MSRT), Security Essentials, Defender, SmartScreen, from Bing, Hotmail and their enterprise endpoint protection suites.
All of the data is interesting, but two charts in particular are of importance because they give useful insight into the modern threat and security landscape. The first chart shows the most prevalent attack vectors and gives organizations a roadmap indicating where to focus their defensive efforts:
Fig 1: Threat Prevalence from Microsoft SIRv14
The overwhelming number of attacks come in through the browser, then through PDF documents, and and lastly through Java and the operating system. Organizations can become immune to the majority of these attacks relatively easily by:
- Being on the latest patch level for the browser, Adobe Reader, Oracle Java and Windows
- Disconnecting Java from the browser
The second chart shows the overall resilience of an operating system to the current attacks. As a general guideline, modern operating systems suffer fewer infections from malware than older versions. There are many reasons for this, including:
- Advancements in security architecture, such as inclusion of Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) as a standard item in the operating system and improved memory allocation algorithms
- Inclusion of anti-malware in the operating system
- Secure boot, assuring kernel integrity
Fig 2: Ratio of machines infected per operating system from Microsoft SIRv14
Again the lesson to extract is simple: Updating software to the latest level by itself is not enough. It is also important to upgrade to the latest available version of the software as it incorporates many security enhancements that have been developed over the last 10 years.