In the recent release of the Microsoft Security Intelligence Report (or SIR), Microsoft found that Windows Vista and Windows 7 have a significantly lower infection rate than that of Windows XP. In fact, Windows 7 has a 5x lower infection rate than Windows XP SP2, and 4x lower infection rate than Windows XP SP3.

Those figures are for the 32-bit version of Windows, so the infection rate for the 64-bit version of Windows 7 is nearly 8x and 6x less than that of Windows XP SP2 and SP3, respectively.

While some may point out that Windows XP still has a bigger market share than Windows 7, I would like to point out that this data is “normalized,” or as Microsoft says on page 35 of the report: “the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP2 computers to 1,000 Windows 7 RTM computers).”

As you can see, 64-bit infection rates are lower than their 32-bit brethren, which is likely due to a feature only available in the 64-bit version of Windows called Kernel Patch Protection (KPP). This feature prevents any modification to the Windows kernel, and if such a thing were to occur, the computer would shut down before any damage occurred. Another possible reason for having lower infections rates, according to the report, is “that 64-bit versions of Windows still appeal to a more technically savvy audience than their 32-bit counterparts.”

Now on to Internet Explorer 9, and information about the latest security feature of Internet Explorer 9: Application Reputation.

Internet Explorer blocks anywhere from 2 to 5 million malware attacks per day for IE8 and IE9 users, according to a blog post by the Internet Explorer Team. Since IE8 was released, SmartScreen has blocked over 1.5 billion attempted malware attacks.

IE7 was the first version of the browser to ship with SmartScreen, which was merely a URL-based reputation service to prevent phishing attacks. When IE8 came out, another protection mechanism was added, this time protecting against malware downloads. Just like the phishing filter introduced in IE7, IE8′s malware detection feature was also URL-based — so if the URL of the malware changed, it would no longer be identified as such.

Finally in IE9, a new feature called SmartScreen Application Reputation was introduced, which decided whether a file was malware or not by the hash of the file, along with the digital signature of the file as well. This allows IE9 to better inform users as to whether or not the file they are downloading is dangerous, because “When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision.”

Microsoft has found that out of every 14 programs downloaded, at least one is later identified as malware. IE9 can prevent new malware attacks before security products have the chance to receive a new definition which would see such files as malware, meaning IE9 can help protect users in the case that security solutions cannot. This is thanks to the unknown file warning bar that appears in Internet Explorer.

Some may find such a warning annoying, but 90% of downloads no longer show such warnings due to the data they currently have collected. Not only that, but Microsoft’s data also shows a user will only see such a warning two times per year.

What happens if someone decides to run an unknown program anyways? There is data for that: “clicking through the ‘unknown warning’ carries a risk between 25% and 70% of malware infection.”

The Take Away

The takeaway is simple: keep your computer operating system up to date. Windows XP is lacking in major security features, causing it to have much higher infection rates than any other Windows operating system on the market. While it can be expensive to upgrade your operating system, such as if you need to buy a new computer entirely, it may be worth it if you have a family who have a poor sense of security.

Also, if you know someone still running Internet Explorer 8, prod them to update to Internet Explorer 9, it is free, after all.

Not long ago someone discovered that the iPhone was tracking a users by storing landmark locations (Wi-Fi hotspots, cell towers) on the phone. This caused many to believe Apple was actually tracking the user, when in reality Apple was tracking the landmark. Apple used this information to provide the location of the user faster.

Due to the iPhone “issue,” a group of members from the House of Representative sent a letter to numerous companies, requesting more information from those who provide mobile services.

Microsoft decided to make their response public, which can be found here. Microsoft also decided to make a blog post laying out their response to the House of Representatives in their “commitment to consumer privacy in Windows Phone 7.”

At Microsoft, we believe that consumers should have control over the location information they share, and that the information collected should be narrowly tailored to support specific experiences on Windows Phone 7 devices. We believe that our careful and deliberate approach to user privacy in the development of the Windows Phone 7 operating system reflects Microsoft’s commitment to give users informed choices about the collection and use of location information and reflects our intent to facilitate the delivery of device location information solely at the user’s request and solely for the user’s benefit.

We believe that, when designed, deployed and managed responsibly, the location-based features of a mobile operating system should function as a tool for the user and the applications he or she elects to use, and not as a means to generate a database of sensitive information that can enable a party to surreptitiously “track” a user.

– Andy Lees, President, Mobile Communications Business, Microsoft

Andy Lees laid out the following principles they had in mind when they designed Windows Phone 7′s location-based services:

User Choice and Control – Microsoft collects no information of where the user is at unless the user has explicitly allowed Windows Phone to do so by allowing the application to retrieve such information. If the user chooses to allow the application to access their location, they can always disable that access at the application level, or “they can disable location collection altogether for all applications by disabling the location service feature on their phone.”

Observing Location Only When the User Needs It – Microsoft will only collect data to approximate the users location if: (1) the user has allowed the application to access their location, and (2) the application requests for the users location.

Collecting Information About Landmarks, Not About Users – “Microsoft’s collection of location data is focused squarely on finding landmarks that help determine a phone’s location more quickly and effectively.” These landmarks are Wi-Fi hotspots and cell towers. The information collected is to locate the landmarks not the user is located. Recently Microsoft stopped storing devices unique identifiers, meaning Microsoft could not find a specific device (and likely the user) even if they wanted to.

Transparency About Microsoft’s Practices – When a user decides to allow an application to gain access to their location, Microsoft provides a link to the Windows Phone Privacy Statement, which details how data is used to determine their location and other collected information. Microsoft also created a page containing commonly asked questions about location services and consumer privacy.

“Throughout the process from development to the store shelves, we seek to provide
a clear understanding of our practices and simple effective tools to help
consumers protect their data. It’s a commitment that we stand by with Windows
Phone 7,” says Lees.

Microsoft plans to release a new antimalware engine for their security products on May 18, which include: Microsoft Security Essentials, Forefront Security Client, and Forefront Endpoint Protection. Currently the latest antimalware engine version for Microsoft Security Essentials 1.1.6802.0, with the new version engine to be in the range of 1.1.690X.0.

There is no word as to what changes will be made for the new antimalware engine, but Microsoft releases a new antimalware engine for their security products almost every month. As an end user, nothing needs to be done to install this new antimalware engine, as the Security Essentials definition updates have the capability of updating the antimalware engine itself. So as long as Security Essentials is running (which there should be no reason why it isn’t) it will be updated to the latest antimalware engine automatically.

A week ago AV-Test released their certification test results for security solutions, Microsoft Security Essentials 2.0 being one of them. While MSE did pass certification, it did so by just 0.5 points. MSE used to get rather high certification results, but they have slowly degraded over each test. I asked Microsoft for a response to these tests, and a Microsoft spokesperson had this to say:

Microsoft is committed to providing a trustworthy computing experience to all of our customers and continues to invest heavily in continuously improving our security and protection technologies. In the most recent AV-test.org testing, Microsoft Security Essentials performed well in the spotting of malware from the Wildlist selection, and against a group of malware samples selected by AV-Test, earning excellent scores in each category. Microsoft Security Essentials does provide customers with protection from email malware if they attempt to download and install malicious content contained within an email.

Microsoft continues to invest in advanced protection technologies such as Behaviors Monitoring, Rootkit Detection, Network Inspection System, and other heuristic technologies. Unlike many antimalware solutions which are bundled with reputation service to block malicious URL, Microsoft provides reputation service via SmartScreen for Internet Explorer 8 and Internet Explorer 9. We recommend our users to use Internet Explorer 9 as the browser for internet activities.

It’s worth pointing out that industry testing and reviews continue to demonstrate Microsoft is a leader in providing quality core antimalware protection to consumers and small businesses. For example, Microsoft Security Essentials was awarded the VB100 Award 18 out of the last 19  tests conducted by Virus Bulletin. Microsoft achieved an “Advanced+” rating in the most recent Proactive test, an “Advanced” rating in the On-Demand test. In addition, Microsoft consistently passes the monthly certification test of both ICSA Labs and West Coast Labs with a 100 percent success rate.

– Microsoft spokesperson

As Microsoft does on a regular basis, they have issued an advanced security bulletin notification for May 2011, which contains two bulletins affecting Windows Server and Microsoft Office.

The first bulletin affecting Windows Server is rated as critical due to remote code execution, the following versions of Windows Server are affected: Windows Server 2003 SP2 (x86, x64, and Itanium-based systems), Windows Server 2008 (x86 and x64), Windows Server 2008 SP2 (x86 and x64), and Windows Server 2008 R2 RTM and SP1 (x64).

The second bulletin covers Microsoft Office, which is important with a “vulnerability impact” of remote code execution, and affects the following versions of Office: Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2.

These security bulletins will be addressed next Tuesday, which is May 10, 2011.

Exploitability Index Update

Microsoft uses the Exploitability Index to let users know how likely it is that the vulnerability could be consistently exploited. However, currently the Exploitability Index provides an aggregated rating, meaning that all versions are grouped together. The problem is a lot of times newer versions of Microsoft software provide mitigation features making the vulnerabilities very hard to exploit, or they may be nonexistent.

With the updated Exploitability Index Microsoft will detail the possibilities of a consistent exploit of the vulnerability on the newest version of the software, then aggregate all the older versions together in a separate rating.

For more information, see: Exploitability Index Improvements Now Offer Additional Guidance.

Every quarter AV-Test, an independent IT security Institute, puts multiple security solutions to the test by throwing everything they can at the solutions to see what they can and cannot handle. AV-Test ranks security products in three categories each worth 6 points, for a total of 18 points. The categories are: protection, static/dynamic malware detection and real world 0-day attack testing; repair, for how well the product can remove the detected infections; and usability, which includes system-slowdown caused by the product and false positives.

In their 2010 Q2 test, Microsoft Security Essentials 1.0 passed with a total of 14 out of 18 points, then in Q3 with 11.5 points, followed by 12 points in Q4. It is interesting how the score seems to be declining, and the decline was not stopped by the newest version of MSE, either.

With the new certification test results now available from AV-Test we can see that MSE 2.0, Microsoft’s latest version of their free antivirus/antimalware program, barely passed the test with a total score of 11.5 (11 points are needed to be considered certified). MSE 2.0 was able to detect 74% of 0-day attacks (industry average: 84%), 45% of malware when it begins to execute or afterwards (industry average: 62%), 94% of a “representative set of malware discovered in the last 2-3 months” (industry average: 97%), but was able to detect 100% of widespread malware.

So while Microsoft Security Essentials is superb at detecting widespread malware, it doesn’t do so well with brand new malware and 0-day attacks. Though MSE did pretty well in the repair category with a 3.5 out of 6, and did excellent in the usability category with a 5.5 out of 6.

Who was the best at detecting 0-day attacks, along with stopping malware that begins to execute or is already executing? That would be BitDefender: Internet Security Suite that was able to block 100% and 99% of samples, respectively.

A Microsoft spokesperson had this to say about the recent AV-Test certification results:

Microsoft is committed to providing a trustworthy computing experience to all of our customers and continues to invest heavily in continuously improving our security and protection technologies. In the most recent AV-test.org testing, Microsoft Security Essentials performed well in the spotting of malware from the Wildlist selection, and against a group of malware samples selected by AV-Test, earning excellent scores in each category. Microsoft Security Essentials does provide customers with protection from email malware if they attempt to download and install malicious content contained within an email.

Microsoft continues to invest in advanced protection technologies such as Behaviors Monitoring, Rootkit Detection, Network Inspection System, and other heuristic technologies. Unlike many antimalware solutions which are bundled with reputation service to block malicious URL, Microsoft provides reputation service via SmartScreen for Internet Explorer 8 and Internet Explorer 9. We recommend our users to use Internet Explorer 9 as the browser for internet activities.

It’s worth pointing out that industry testing and reviews continue to demonstrate Microsoft is a leader in providing quality core antimalware protection to consumers and small businesses. For example, Microsoft Security Essentials was awarded the VB100 Award 18 out of the last 19  tests conducted by Virus Bulletin. Microsoft achieved an “Advanced+” rating in the most recent Proactive test, an “Advanced” rating in the On-Demand test. In addition, Microsoft consistently passes the monthly certification test of both ICSA Labs and West Coast Labs with a 100 percent success rate.

– Microsoft spokesperson

Microsoft Security Essentials has received many awards for the protection it provides, but in some areas it appears as though it is recommended you use other products which have other protection services integrated. An example of that would be SmartScreen which comes with Internet Explorer 9.

Update: 5:17PM PDT, Added the response from a Microsoft spokesperson.