The report released today analyzes software vulnerabilities and exploits, malicious code threats, and potentially unwanted software from January to June 2011. The report is 168 pages long though that includes several appendices, a glossary, and other tabled information. It is full of easy to read information, pie charts, and line graphs that reveal trends in the first half of 2011.
With a collection of data from Internet services and over 600 million computers worldwide, the Security Intelligence Report (SIR) exposes the threat landscape of exploits, vulnerabilities, and malware. Awareness of threats is a preventive step to help you protect your organization, software, and people.
Worldwide Threat Assessment is an analysis of the global impact while Regional Threat Assessment provides detailed telemetry by location. Protection methods appear in Managing Risk. SIR volume 11 provides data from January to June 2011 and features the ZeroDay article.
The report shows the most common threat families, infection rates amongst different versions of Windows, infection rates by country, and a whole lot of other information that Microsoft can use to help make their security products more comprehensive and more protecting. The report’s analysis can also be useful to IT professionals to prioritize their security implementations whether they be through technical means or user training.
SIRv11 further revealed that user interaction, typically employing social-engineering techniques, is attributed to nearly half (45 percent) of all malware propagation in the first half of 2011. In addition, more than a third of all malware is spread through cybercriminal abuse of Win32/Autorun, a feature that automatically starts programs when external media, such as a CD or USB, are inserted into a computer. Ninety percent of infections that were attributed to vulnerability exploitation had a security update available from the software vendor for more than a year.
You can download the Security Intelligence Report volume 11 from the Microsoft Security Intelligence Report site.