In the recent release of the Microsoft Security Intelligence Report (or SIR), Microsoft found that Windows Vista and Windows 7 have a significantly lower infection rate than that of Windows XP. In fact, Windows 7 has a 5x lower infection rate than Windows XP SP2, and 4x lower infection rate than Windows XP SP3.

Those figures are for the 32-bit version of Windows, so the infection rate for the 64-bit version of Windows 7 is nearly 8x and 6x less than that of Windows XP SP2 and SP3, respectively.

While some may point out that Windows XP still has a bigger market share than Windows 7, I would like to point out that this data is “normalized,” or as Microsoft says on page 35 of the report: “the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP2 computers to 1,000 Windows 7 RTM computers).”

As you can see, 64-bit infection rates are lower than their 32-bit brethren, which is likely due to a feature only available in the 64-bit version of Windows called Kernel Patch Protection (KPP). This feature prevents any modification to the Windows kernel, and if such a thing were to occur, the computer would shut down before any damage occurred. Another possible reason for having lower infections rates, according to the report, is “that 64-bit versions of Windows still appeal to a more technically savvy audience than their 32-bit counterparts.”

Now on to Internet Explorer 9, and information about the latest security feature of Internet Explorer 9: Application Reputation.

Internet Explorer blocks anywhere from 2 to 5 million malware attacks per day for IE8 and IE9 users, according to a blog post by the Internet Explorer Team. Since IE8 was released, SmartScreen has blocked over 1.5 billion attempted malware attacks.

IE7 was the first version of the browser to ship with SmartScreen, which was merely a URL-based reputation service to prevent phishing attacks. When IE8 came out, another protection mechanism was added, this time protecting against malware downloads. Just like the phishing filter introduced in IE7, IE8′s malware detection feature was also URL-based — so if the URL of the malware changed, it would no longer be identified as such.

Finally in IE9, a new feature called SmartScreen Application Reputation was introduced, which decided whether a file was malware or not by the hash of the file, along with the digital signature of the file as well. This allows IE9 to better inform users as to whether or not the file they are downloading is dangerous, because “When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision.”

Microsoft has found that out of every 14 programs downloaded, at least one is later identified as malware. IE9 can prevent new malware attacks before security products have the chance to receive a new definition which would see such files as malware, meaning IE9 can help protect users in the case that security solutions cannot. This is thanks to the unknown file warning bar that appears in Internet Explorer.

Some may find such a warning annoying, but 90% of downloads no longer show such warnings due to the data they currently have collected. Not only that, but Microsoft’s data also shows a user will only see such a warning two times per year.

What happens if someone decides to run an unknown program anyways? There is data for that: “clicking through the ‘unknown warning’ carries a risk between 25% and 70% of malware infection.”

The Take Away

The takeaway is simple: keep your computer operating system up to date. Windows XP is lacking in major security features, causing it to have much higher infection rates than any other Windows operating system on the market. While it can be expensive to upgrade your operating system, such as if you need to buy a new computer entirely, it may be worth it if you have a family who have a poor sense of security.

Also, if you know someone still running Internet Explorer 8, prod them to update to Internet Explorer 9, it is free, after all.

Today Microsoft has begun rolling out Internet Explorer 9 through Windows Update, just a month after IE9 was finalized.

Only Windows 7 and Vista users will receive Internet Explorer 9, Windows XP users cannot get Internet Explorer 9 due to the lack of hardware acceleration features currently available in newer versions of Windows.

Not everyone will receive the ability to upgrade to Internet Explorer 9 at once, as it will be rolled out gradually, which Microsoft expects to be completed by the end of June. Even then the user must choose to install IE9 by selecting the update themselves.

If you wish to install Internet Explorer 9 right now, go to http://www.beautyoftheweb.com/ where you can manually download the new version. After all, who wouldn’t want hardware accelerating goodness?

Internet Explorer 9 adds full hardware acceleration, along with HTML5 and CSS3 capabilities, though IE9 is still missing big chunks of what is laid out for these HTML and CSS standards. Microsoft has already begun releasing Platform Preview’s for their next version of IE, Internet Explorer 10, which is available for preview now.

Microsoft on Friday released Security Advisory 2501696, in this advisory they warn of an MHTML vulnerability which could allow unintended information disclosure. This vulnerability affects all versions of Windows and Windows Server.

The vulnerability lies in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, which is used by applications to render certain kinds of documents. The impact of an attack on the vulnerability would be similar to that of server-side cross-site-scripting (XSS) vulnerabilities.  For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session.  Such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience.

Source: Microsoft Security Response Center

Microsoft says they have seen no current active exploitations of this flaw, but it is highly unlikely it will remain that way for much longer.

Microsoft has also released a “Microsoft Fix It” program which will lockdown MHTML, this would mitigate the possibility of an attack. You can find this on KB2501696. Another way to prevent this from happening to you is to, as usual, not click any suspicious links in email and/or on the web. Interesting how that is always a mitigating factor, isn’t it?

I will keep you updated on this issues as information becomes available.

On January 4, Microsoft issued Security Advisory 2490606 which warns of a vulnerability in the Windows Graphics Rendering Engine. The advisory says “an attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.” Which means that the exploit could then install programs; view, edit and delete data; create new accounts with full rights and so forth.

If your account runs with lower privileges, you would be less susceptible to such attacks (new accounts couldn’t be created that is, programs couldn’t be installed depending upon your set rights and such).

Currently Microsoft is not aware of any attacks using this vulnerability, but they said they will be monitoring this closely, and if need be, issue an out-of-band patch. Though that currently is not likely.

In order for this vulnerability to be exploited, all a user has to do is view a directory listing in Windows Explorer with a specially crafted thumbnail for a document (such as a Word or PowerPoint). A user can fall victim to this vulnerability through email as well, however, they must open the document first.

The following operating systems are affected by this issue:

• Windows XP SP3
• Windows XP Professional SP2 (x64)
• Windows Server 2003 SP2 (x86, x64 and Itanium-based systems)
• Windows Vista SP1 and SP2 (x86 and x64)
• Windows Server 2008 with and without SP2 (x86, x64 and Itanium-based systems)

However, if you are running Windows 7 or Windows Server 2008 R2 you are not affected by this vulnerability.

If you are worried you will fall victim to such an attack, see Microsoft KB Article 2490606 which contains a Microsoft Fix It which will restrict access to shimgvw.dll which is a source of this vulnerability. If you do apply this Microsoft Fix It “solution” be sure to bookmark the page so you can undo the actions once this vulnerability has been fixed in the future.

Over a month ago a beta of Microsoft Security Essentials 2.0 was released on the Microsoft Connect page for Security Essentials which include many new features.

Yesterday Microsoft quietly released the final version, build 2.0.657, of Security Essentials 2.0, which can be downloaded from the Microsoft Download Center.

As usual, no change log of any kind is supplied, we can only assume bugs and other little issues have been fixed. The only thing included is an overview.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

What’s new

Here is a list of features and improvements listed when the beta was released.

• Windows Firewall integration - Upon setup, the installer will ask if you would like to turn Windows Firewall on or off.
• New protection engine - The antimalware engine has been updated, which offers enhanced detection and cleanup capabilities with improved performance.
• Network protection - Microsoft Security Essentials will now protect you against network based exploits.

In the beta version of 2.0, Microsoft Security Essentials included a feature which integrated into Internet Explorer to provide protection against web based threats, however, that feature was eventually removed because it caused instabilities and was not as efficient as it could be. Hopefully that feature will reappear in future versions of Microsoft Security Essentials, but for now, everyone will have to live without it.

It is certainly a bummer that feature was removed, but Microsoft Security Essentials does scan every incoming file (and connections) so in reality, every browser is protected, but it may not be as good as protection meant for a browser.

Microsoft Security Essentials is available for Windows 7, Windows Vista and Windows XP, however Windows XP does not get the network protection feature. This is because network protection uses what is called WFP (Windows Filtering Platform) that was introduced in Windows Vista.