<< 3D Printing – Coming to a Desktop Near You | Searching audio with MAVIS >>

It’s official, NZ is a (relatively) safe place

The fifth volume of the Microsoft Security Intelligence Report (SIR) has just been published and it provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, the report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

There are two versions of the report available - the full report and and “key findings summary” and both are available from here. There is a huge amount of information to digest but, for what it’s worth, here’s a few snippets which I found interesting during my first read-through of the full report:

1. Vulnerability disclosures in Microsoft’s software in 1H08 continued a multi-period downward trend, both in terms of all disclosures and relative to total industry disclosures.

2. For browser-based attacks on Windows XP–based machines, Microsoft vulnerabilities accounted for 42% of the total. On Windows Vista–based machines, however, the proportion of vulnerabilities attacked in Microsoft software was much smaller, accounting for just 6% of the total.

3. The top reason reported for data loss through a security breach in 1H08 continued to be stolen equipment such as laptop computers (37.2% of all data-loss incidents reported). Those people in the 37.2% might be interested in this.

4. When it comes to malware infection rates, New Zealand is 6th from bottom at 0.6% (hence the title of this blog post). The worst country is Afghanistan at 7.64%.

Update 07Nov08: thank you to my colleague Waldo Kuipers for pointing out that the unit measurement in the table below is actually “CCM” i.e. number of machines cleaned per 1000 machines the Malicious Software Removal Tool was run against. The numbers in the paragraph above have been amended accordingly.

5. And I guess if there was just one part of the report that you should read and take notice of it’s the graph which shows categorically that the best way to dramatically increase resilience to attacks is to adopt newer OS versions as they ship and keep them up-to-date with Service Packs as they’re released.