Tag Archives: worms

Cybersecurity Agenda – How are we doing in South Africa?

Posted on May 18, 2012 | 1 Comment

Cybersecurity incidents can be costly to the security & economy of any country and the wellbeing of its citizens. Criminal activities tends to move at a lightning speed in line with the improvements brought about by innovation and technology. Unfortunately criminals are members of the same society we live in and not foreign species. At the same time we need to take advantage of the advancement in this technologies to help develop our industries, sustain basic requirements in education-health-public safety-transparency to enhance the competiveness of our country. Security and privacy are one of the efficiency enhancers to achieve this goals.

How does Our Threat Landscape looks like?

In the last two days I had a conversation at the ITWeb Security Summit 2012 (1st Day) – driven by the theme “Reinventing Information Security – where trusted technologies have failed you” and at Joshua West’s 4th Annual Security Conference (2nd Day) – with the theme “Developing Superior Strategies for Evolving Business Security Threats”. This events where held in Sandton and Randburg respectively. My task was very simple…… to share about the Microsoft Security Intelligence Report Vol. 12 with a focus on South Africa ( downloadable #itwebsec deck in pdf) at the Summit and to give insight into  the “Holistic approach in security across all sectors” at the latter event. The events were covered in this articles “SA threat trend on downward slope “ and “Top 10 threats in SA” and the figure below shows the Computer Cleaned per 1000 scanned (CCM) trend for South Africa over the last six quarters, compared to the world as a whole. The MSRT detected malware (Malicious & Potentially Unwanted Software) on 8.1 of every 1,000 computers scanned in South Africa in 4Q11 (a CCM score of 8.1, compared to the 4Q11 (fourth quarter of 2011) worldwide average CCM of 7.1).image

How is our IT Environment?

This events are not happening in isolation to the Cyberspace developments worldwide. The recently announced BRICS Cable – which  is a 34 000 km (Note: SANRAL manages roads of a total 16 700km), 2 optical fibre pair, 12.8 Tbit/s capacity, fibre optic cable system – will be linking Brazil, Russia, India, China and South Africa (the BRICS economies) and the United States. It will interconnect, amongst others, with the WACS cable on the West coast of Africa, and the EASSY and SEACOM cables on the East coast of the continent. This will give the BRICS countries immediate access to 21 African countries and give those African countries access to the BRICS economies. The projected ready for service date is mid to second half of 2014.

cable_map33

See the figure above and read more in “ BRICS Cable Unveiled for Direct and Cohesive Communications Services between Brazil, Russia, India, China and South Africa”. South Africa’s President, Jacob Zuma, encouraged the attendees at a BRICS business breakfast hosted by South Africa to support the project and play their role in fast tracking its execution.

The latest World Wide Worx study on Internet Access in South Africa reported that 8.5-million were using the Internet in SA at the end of 2011 with a total of 7,9 million South Africans accessing the Internet through their cell phones. Undersea cable capacity to SA at end of 2011 was 2,69Tbit/s and will be 11,9Tbit/s & 24,6Tbit/s by the end of 2012 and 2013 respectively. This is good news for access to the internet through availability of devices and hopefully it will enhance ecommerce in South Africa including the rural poor. We are positioned at no. 5 in the Africa’s Top Internet Countries in terms of Internet users (see the figure below).

image

At this point, I’m tempted to look into the occasionally disputed data by the World Economic Forum (WEF) although the reference looks very credible to me. The latest economic report namely “  The Global Competitiveness Report 2011-2012” (GCR) shows that South Africa moved up by four places to attain 50th position this year, remaining the highest-ranked country in sub-Saharan Africa and the second-placed among the BRICS economies, while the ICT related report “ The Global Information Technology Report 2012” (GITR)  noted that South Africa has dropped to 72nd  from 61st position on the Network Readiness Index (NRI).

NRI

image

The figure above shows a comparison of the Network Readiness Index for the BRICS countries including Mauritius and Tunisia. The data is sourced from GITR 2011–2012. SA, counting on one of the most solid political and regulatory environments (23rd) and better framework conditions for entrepreneurship and innovation (50th), is the highest-ranked at 34th within BRICS and in the sub-Saharan Africa region. The NRI position of the 72nd place implies that we are not yet leveraging the potential benefits associated with ICT.

image

The figure above shows the important shortcomings in terms of basic skills availability (101st) in large segments of the population and the high costs (94th) of accessing the ICT infrastructure resulting in poor rates of ICT usage (76th). SA is just two points below India which ranks the lowest in the BRICS community. While  consumers/citizens (117th) usage is a big factor contributing to the ranking in India, both citizens (96th) and the government (89th) are contributing factors in South Africa.

image

The business community (as seen in the figure above) is putting much effort in using ICT and integrating it in a broader, firm-based innovation system (34th). As a result, the economic impacts accruing from ICT are patchy (59th) and the social impacts disappointing (98th). SA ranks the highest followed by the Russian Federation at 89th position within the BRICS community (see the figure below). A report by GSMA “Assessment of economic impact of wireless broadband in South Africa” assessing the direct and indirect impact of mobile broadband show that a 10% increase in mobile broadband penetration is likely to yield an impact of between 1 and 1.8% in GDP.

image

Piracy

Pirated software poses a huge risk for corporations, according to a report from the Business Software Alliance (BSA). Getting corporate users to download malicious programs is one of the most surefire ways for hackers to gain access to your network. Some of these threats come in the form of malware, while others pretend to be innocuous programs. BSA receives tips from IT personnel and other knowledgeable sources through its online reporting form. The article “Media Piracy in South Africa”  which is a part of APC’s work on studying media piracy gives  a good background on the Piracy work in South Africa.image

“If 57 percent of consumers admitted they shoplift — even rarely —authorities would react by increasing police patrols and penalties. Software piracy demands a similar response: concerted public education and vigorous law enforcement,” said Drummond Simpson, Chairperson of the BSA South African Committee. South Africa ranks the lowest at 35% in comparison to the BRICS countries piracy rate (see figure above). The BRIC countries total piracy rate is 70% compare to the European Union which is at 33%. Dealers are encouraged to join the “Clean Network” – a network of dealers who pledges to sell only genuine Microsoft products. A list of these Clean Dealers is available online. “We also encourage consumers and small businesses to arm themselves with information on how to spot counterfeit software by visiting www.howtotell.com,” said Melanie Botha, marketing and operations lead at Microsoft South Africa.

How is our market?

GCR

In 2004 – the GCR report ranked SA at 34 while Tunisia was just 3 points ahead at 31. More interesting is the rise of a country like Mauritius, which is positioned at 53rd (was at 47 in 2004), ahead of the usual African front runner in SA. The BRICS countries rankings are as follows :- Brazil: 65th , Russia: 56th, India: 69th, and China: 51st respectively. The world’s most populous country, China continues to lead the BRICS economies by a significant margin, with South Africa—second among the BRICS.

GCI Efficiency

South Africa benefits from the large size of its economy, particularly by regional standards (it is ranked 25th in the market size pillar). We do well on measures of the quality of institutions and factor allocation, such as intellectual property protection (30th), property rights (30th), the accountability of our private institutions (3rd), and our goods market efficiency (32nd). Our country’s financial market development is ranking at an impressive (4th), indicating high confidence in South Africa’s financial markets at a time when trust is returning only slowly in many other parts of the world. We also does reasonably well in more complex areas such as business sophistication (38th) and innovation (41st), benefiting from good scientific research institutions (30th) and strong collaboration between universities and the business sector in innovation (26th).

Although the infrastructure is good by regional standards, it requires upgrading (62nd). Surely the infrastructure index might improve when the impact of undersea cables filter deep into the country which will also influence technological readiness. At present our Internet users/100 pop is at a very low position of 105th, broadband Internet subscription/100 pop is at 96th and Internet bandwidth, kb/s/capita is at 112th position. Efforts must also be made to increase the university enrollment rate of only 15 percent, which places the country 97th overall, in order to better develop our most needed innovation potential. What disturbs and confuses me at the same time is that: South Africa’s ranks at the very low of 138th in quality of math and science education out of 142 countries and quality of management schools is 13th while availability of research and training services ranks at 47th. Health of the workforce, which is ranked 129th out of 142 economies is another concern the Minister of Health is busy tackling—the result of high rates of communicable diseases and poor health indicators need to be improved.

The  Cybersecurity Agenda, through Training/Human Capacity Development and enhancement of the technological readiness pillar – will have a huge impact on the Financial markets, Business and the Services industry.

OUR Government Agenda?

I should say that these events are happening when South Africa seems to be moving in a positive direction with regards to ICT and InfoSec. We earlier had a positive announcement from the Justice, Crime Prevention and Security Cluster (JCPS) about the Cybersecurity Policy and this was followed by the ICT Colloquium hosted by the Department of Communication (DoC). The essence of the discussion is captured here – The beginning of a beginning –Integrated ICT Policy for South Africa.  DoC then followed up with a workshop on “CYBER SECURITY AWARENESS CAMPAIGN” from the 3rd – 4th of May 2012 and the discussions covered topics from “National Cybersecurity Policy Framework”, “Cyber Crime Challenges faced by ISP’s” to “Law Enforcement challenges and procedures”  amongst others. We are looking forward to the outcomes of the breakup groups on key deliverables like Cybersecurity Hub (National CERT) and National Awareness day/week for SA. On the 8th May 2012, the Hon. Minister Ms Dina Deliwe Pule delivered the Budget Vote of the Department of Communications and put a further emphasis on this issues.

The DoC speech was followed by the Budget Vote speech of the Department of State Security, by the Hon. Minister Dr. Siyabonga Cwele, on the 10th May 2012. He iterated that the Department will continue to ply its trade guided by the theme: “Working Together to Build a Safer Nation in a Secure World.” He reported that the National Cyber Security Policy Framework was approved by Cabinet in February 2012 and this policy should result in improved coordination of government’s response to the 21st century challenges of information security (InfoSec). The State Security Agency (SSA) is coordinating this work across government in order to finalize the policy by 2013. Here is a list of some government driven policies, bills, regulations and acts that are enacted or work in progress and can strengthen the Cybersecurity Agenda.

In Conclusion

As a response to the changing threat landscape today, most governments are looking to establish some form of Cybersecurity strategy.image The model below aims to rationalize the discussion and provide a framework within which to operate. Cybersecurity in this context is viewed fairly broadly and includes not only the classical area of information security but embraces the necessary enforcement and outreach activities as well Download and read this article: “CYBERSECURITY AGENDA: MORE THAN A GOOD HEADLINE

Government Cybersecurity Agenda

  • In line with the supply chain security, when delivering his State of the Nation (SONA), the President called for the screening of all supply chain personnel in government.
  • Upgrading the overall skills (Government Training) at all layers of society and increasing efforts to build affordable infrastructure for all would allow the country to increase its ICT readiness and uptake and, in turn, spread its impacts across society – particularly the rural poor.
  • There is progress in legislation enhancement – are we ready for the cloud?
  • There is progress in the development of Computer Security and Incident Response Team (CSIRT) or Community Emergency Response Teams or Computer Emergency Readiness Team (CERTs) to help address incident response, community awareness, and international collaboration (FIRST) amongst others.

Can we learn and borrow from the long time effective method of immunization (see “The Primary Health Care Package for South Africa – a set of norms and standards”) through clinics? Immunization cards are a condition for acceptance into the first schooling grade for our children in SA. We have also seen how the world has collaborated and won when it came to handing of Influenza’ A (H1N1) virus. In order to improve the security of the Internet, governments and industry should engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem, These activities include detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, as well as taking additional actions to ensure that infected computers do not put other systems at risk. While the security benefits may be clear, it is important to achieve those benefits in a way that does not erode privacy or otherwise raise concern.

This model will only work if it’s accepted by society and people are assured their privacy is protected. With that in mind, the model must empower people by developing socially acceptable cyber health policies, laws, and international agreements.

imageTo learn more about Microsoft’s proposal, download and read Collective Defense: Applying Public Health Models to the Internet (PDF), in which Microsoft proposes government and industry take action to help mitigate cyber threats today and ensure the long-term health of the Internet as it continues to grow and evolve.

In the mean time – let’s get back to basics and do simple things right. We are doing well with regard to malicious and potentially unwanted software although we are still above world average. We need to bring down the percentage of computers detected with worms. Internet Service Providers (ISPs) can play a big role here (see the paper “The Role of Internet Service Providers in Botnet Mitigation”) and Yes! together we can.

image

Use this tools and update when required:

By the way… this malwares cost us our bandwidth which doesn’t come cheap yet in South Africa.

→ 1 Comment

Posted in Cloud, Cybercrime and Fraud, Education, Identity and Privacy, Information Security, Politics, Technology

Tagged , , , , , , , , , , , , , , , , ,

Microsoft Security Intelligence Report v12–South Africa’s Perspective

Posted on April 26, 2012 | 1 Comment

Microsoft produces the Microsoft Security Intelligence Report twice a year to keep the industry informed on the changing threat landscape and provide actionable guidance for customers in an effort to create safer more trusted computing experiences for everyone. The latest report, Volume 12 provides insight into online threat data with new information for July 2011 through December 2011 and analysis of data from more than 100 countries/regions around the world. This include Africa and our focus being South Africa (pdf).  More information about Microsoft Security Intelligence Report Volume 12 (SIRv12) is available at http://www.microsoft.com/sir.

SIRv12 found that the Conficker worm is still one of the biggest on-going threats to enterprises. The Conficker worm, first detected in November 2008,  is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction. Conficker worm was detected almost 220 million times worldwide in the past two and a half years. The study also revealed that the worm continues to spread as a result of weak or stolen passwords and vulnerabilities for which a security update exists.

Conficker Spread

According to the SIRv12, quarterly detections of the Conficker worm have increased by over 225% since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92% of Conficker infections were a result of weak or stolen passwords, and 8% of infections exploited vulnerabilities for which a security update exists.

Computers detected with Worms in South Africa are still sitting at 42.8% compared to worldwide figure of 11.3%. Worms are found to be the most common threat category  in 4Q11,  down from 43.7% in 3Q11. Miscellaneous Potentially Unwanted Software is the second most common category which affected 30.1% of all infected computers, down from 31.2% in 3Q11. The figure below clearly shows an improvement in terms of computers cleaned per 1000 scanned (CCM) both in SA and worldwide. The third most common category in 4Q11 is Miscellaneous Trojans, which affected 20.7% of all infected computers, down from 20.8% in 3Q11.

Malicious Software

South Africa generally performed below the worldwide average with the exception of Trojan Downloaders & Droppers, Exploits, Password Stealers & Monitoring Tools. The top two identified malware families driving worms were Win32/Autorun (18.4% of detected computers) which spreads by copying itself to the mapped drives (including network or removable media like USB drives and instant messaging) of an infected computer and Win32/Vobfus (12.1%) which spreads via network drives and removable drives and download/executes arbitrary files. Downloaded files may include additional malware. Win32/Conficker  affected 4.4% of detected computers and sit well in the top 10 bracket of threats in SA . It infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.

Threat Category

Cybercriminals are also trying to do business in South Africa using the following:

  • Number of websites found that were phishing websites per 1000 hosts has decreased from 0.11 in 2010 to 0.04 in 2011 – worldwide 0.02
  • Malware hosting sites (per 1000 hosts) has decreased from 0.10 in 2010 to 0.08 in 2011 – worldwide 0.06
  • Percentage of sites hosting  drive-by downloads has decreased from 0.042% in 2010 to 0.031%. This is an improvement when compared to a pick of 1.071% in 1Q11 and it’s way below the worldwide rate of 3.644%.

image

What You Need to Do:

To ensure protections aligned with today’s threats and to mitigate risks, it is critically important that organizations focus on the security fundamentals to help protect against the most common threats.

For businesses, as Scott Charney, corporate vice president of Microsoft Trustworthy Computing, outlined in his keynote at RSA 2012, Microsoft recommends a more holistic approach to risk management to help protect against both broad-based and targeted attacks that includes:

  • Prevention: Employ security fundamentals and pay close attention to configuration management and timely security update deployment.
  • Detection: Carefully monitor and perform advanced analysis to identify threats. Keep abreast of security events and leverage credible sources of security intelligence.
  • Containment: If the targeted organization has configured its environment with targeted attacks by determined adversaries in mind, it is possible to contain the attacker’s activities and thereby buy time to detect, respond to, and mitigate the attack. To contain an attack, consideration should be given to architecting domain administration models that limit the availability of administrator credentials and apply available technologies such as IPsec-based network encryption to restrict unnecessary interconnectivity on the network.
  • Recovery: It is important to have a well-conceived recovery plan, supported by suitably skilled incident response capability. Maintain a “crisis committee” to set response priorities and engage in exercises to test the organization’s ability to recover from different attack scenarios.

Microsoft recommends that customers and businesses adhere to the following security fundamentals to help ensure they are protected:

  • Use strong passwords and educate employees on their importance
  • Keep systems up to date by regularly applying available updates for all products
  • Use antivirus software from a trusted source
  • Invest in newer products with a higher quality of software protection
  • Consider the cloud as a business resource

How do I remove the Conficker worm?

“Conficker is one of the biggest security problems we face and yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”

Tim Rains, Director, Microsoft Trustworthy Computing, provides a report overview of the Security Intelligence Report Volume 12, highlighting the latest vulnerability disclosure, exploit and malware trends focusing on the second half of 2011.

 

If your computer is infected with the Conficker worm, you may be unable to download certain virus protection security products, such as the Microsoft Malicious Software Removal Tool or you may be unable to access certain websites, such as Microsoft Update. If you can’t access those tools, try using the Microsoft Safety Scanner for virus removal.

In Conclusion:

Key questions on this data:

1. The malware infection rates in SA have been trending down – what factors are contributing to this trend?

2. Conficker and Autorun are among the top ten threats in SA.  What citizens, government and organizations need to do in order to protect themselves against these specific threats? 

3. Worms appear to be at higher levels in SA than the world wide average. What can citizens, government and organizations in SA do to protect themselves from these threats?

I will be presenting this data at the ITWeb Security Summit 2012 – Agenda 15 May and will follow with a blog.

→ 1 Comment

Posted in Cloud, Cybercrime and Fraud, Education, Industry, Information Security

Tagged , , , , , , , , , , ,

Malware Trends in South Africa –MS SIRv11

Posted on October 31, 2011 | 7 Comments

On the 11th October 2011, volume 11 of the Microsoft Security Intelligence Report (SIRv11) was released, covering the period January to June 2011. With detailed analysis on 105 countries, it is the largest and most in-depth report on cyber-threats ever developed thus far. One of the SIRv11 Key Finding - less than 1% of all vulnerability attacks were against zero-day vulnerabilities; 99% of attempted attacks impacted vulnerabilities for which an update was available. image

Customers had a good sense of what zero-days are (situations where an exploit is released before the vendor has issued a security update), but don’t always know how to prioritize them. Zero-days are real, and we don’t want to diminish the risk they represent. But this data suggests that IT professionals can prioritize their security work on the more prevalent threats that they already know how to defend.

Malware detection

Looking at the malware detection regionally or per country and zooming specifically into South African whose report can be found here, consider the heat map below:

image

Second Quarter of 2011 (2Q2011) – April, May June 2011

As noted in Tim Rains blog “The Threat Landscape in Africa & the Internet Governance Forum”, Africa is one area where it has been difficult to obtain reliable, long-term trend data on the threat landscape for specific locations. The heat maps above, shows that insufficient data exists for many regions in Africa.  Microsoft Windows Malicious Software Removal Tool (MSRT) was downloaded and executed over 4.7 billion times in the first half of 2011 (1H11) alone. The number of systems that runs this tool changes from month to month, although there has being some consistency in some countries like South Africa, Egypt and Kenya on the African continent.

The most common category in South Africa in 2Q11 was Worms, which affected 45.4% of all infected computers, down from 46.3%  in 1Q11. The second most common category in South Africa in 2Q11 was Miscellaneous Potentially Unwanted Software, which affected 28.3% of all infected computers, up from 27.0% in 1Q11. The third most common category in South Africa in 2Q11 was Adware, which affected 23.1% of all infected computers, down from 26.5 % in 1Q11

image

South Africa generally performed below the worldwide average with the exception of exploits, adware and spyware.  The top two identified malware families driving worms were Win32/Autorun (20.3% of detected computers) and Win32/Rimecud (a.k.a. Mariposa botnet – 15.5%). Both of these threats spread using multiple techniques and have been observed spreading via mapped drives, removable media like USB drives, instant messaging and by abusing the Autorun feature in Windows.

image

Worldwide cybercriminals abuse Autorun to install malware such as malicious and potentially unwanted software.  Autorun was the 2nd most common malware propagation method cybercriminals were using to swindle money from their victims. Some of the most prevalent malware threats over the past couple of years have misused a feature in Windows commonly called Autorun to execute code and attack systems.

  • To protect users, AutoRun is more locked down now by default in Windows 7.
  • For users of Windows XP and Windows Vista we released updates in February to make the AutoRun feature more locked-down from being enabled automatically for most media.
  • By May, the number of infections related to the most prolific Autorun-abusing families found by the MSRT per scanned computer was reduced by almost 60% on XP and by 74% on Vista in comparison to the 2010 infection rates.

But it’s still a problem that persists for those that have not turned off the feature or click unknown things on their USB drives. Threats that use Autorun-feature abuse, like Win32/Autorun and Win32/Rimecud, have being addressed in this blog post: Defending Against Autorun Attacks.  

Cybercriminals are also trying to do business in South Africa using the following:

  • Phishing sites (per 1000 hosts) has increased from 0.06 in 1Q11 to 0.07 in 2Q11 – worldwide 0.38
  • Malware hosting sites (per 1000 hosts) has increased from 0.04 in 1Q11 to 0.06 in 2Q11 – worldwide 2.02
  • Percentage of sites hosting  drive-by downloads has increased from 0.056% in 3Q10 to 0.726% in the second quarter of 2011 (2Q11) way above the worldwide rate of 0.273%.
  • In 2Q11, Forefront Online Protection for Exchange (FOPE ) determined that 0.519% of all spambot IP addresses were located in South Africa; this figure is down from 0.554% in 1Q11.

Protect Your Environment

Challenges and constraints

So the obvious question is if the majority of threats can be mitigated against, why do they still exist? The reality is that although the sophistication of cybercriminals continues to be a challenge, old techniques of infecting users continue to succeed. For consumers and corporations alike, creating and maintaining a fully-threat proof system is not easy.

Consumers -For the vast majority of people, the scope of the security problem far exceeds their will and ability to keep up with it. People want to spend their time and money on using the technology for enjoyment and to help them be productive. Generally, they want to spend minimal time and money keeping pace with the latest security threats.

Businesses – On the other hand, for the vast majority of businesses, the scope of the problem has become exceedingly complex. Businesses have many competing security challenges. Regulatory compliance, application testing and compatibility, incident response and expectations around the everyday threat-du-jour. There may also be competing demands for resources, budget, or skill. That can be a hard call for many companies to make.

Despite these challenges and constraints, this data shows us that, in most cases, with a “back to basics” kind of approach customers can be more secure.

So, what can we do?

Build products and services with security in mind – from the ground up

  • Microsoft has to work harder to continue to make our products and services more secure – our unique responsibility in that regard is never far from our minds. But so too has the broader industry. And there is progress.
  • SIRv11 shows the number of vulnerabilities tracked by CVE declined ~24% when comparing the past 12 months to the year prior – a trend that has been declining since we started tracking it in 2006. Progress, but more work to be done.
  • See the following blog – “Science inside the SDL” – Microsoft SDL Progress Report (2004 – 2010).

Education and Best Practices

  • IT PROFESSIONALS – Companies need to look at educating their employees on their responsibility to security and back that up by developing and enforcing strong security policies around things like passwords.
  • CONSUMERS - Leverage best practices to protect your PC:
Install updates regularly
(February 2011 – Updates released for XP and Vista to make the Autorun feature more locked-down, as it is by default in Windows 7.)
Use strong passwords for security
Install and enable anti-malware software
Click links after verifying the source
Avoid downloading pirated software
Use caution with attachments and file transfers
Protect yourself from social engineering attacks

Improving Security. Newer Products, Better Protections

In the video below Tim Rains, Frank Simorjay and Vinny Gullotto discuss how newer products and services offer better protection.

Newer Software is Better Protection

You can better protect yourself from malicious attacks by upgrading to the latest software version available irrespective of the vendor.

Infection rate (CCM) by operating system and service pack in 2Q11

SIRv11 shows that people who use Windows 7 and IE9 are significantly less likely to be the victim of an attack. It’s a simple matter of innovation. Years ago banks put big padlocks on their safes. As robbers became more advanced so too did the locks and security measures used by banks. When it comes to keeping your data safe from cyber criminals, don’t put your faith in old technology.

For example, Windows 7 and Windows Server 2008 R2, the most recently released Windows client and server versions, respectively, have the lowest infection rates of any prior operating systems. Additionally, Office 2010 proved to be the most effective at blocking exploits when compared to all prior versions.

Security and Privacy Technologies

Internet Explorer 7

Internet Explorer 8

Internet Explorer  9

Security by default

X

X

X

SmartScreen – Phishing Filter

X

X

X

SmartScreen – Antimalware protection

 

X

X

InPrivate Browsing

 

X

X

Cross-site scripting filter

 

X

X

SmartScreen – Application Reputation

 

 

X

Tracking Protection

 

 

X

ActiveX Filtering

 

 

X

Newer products have less computers cleaned per thousand. In fact, the latest version of Windows 7 32 bit is three times less likely to get infected than Vista and 6 times less than XP. As you can see from the chart above, IE incorporates the latest security and privacy technologies. In fact, according to NSS labs, IE9 blocked 96% of socially engineered malware worldwide. More than 7 times any other browser measured. I blogged about this earlier here  – Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats.

It is important to migrate to the latest products and services to keep protected from the changing threat landscape. Download the Windows 7 Security Deep Dive Report here:  Windows 7 Security Deep Dive

In conclusion, South Africa might need to look into the lessons learned from some of the least malware infected countries in the world. This information was blogged  here. Implementation of the national CSIRT as one of the recommendation by the Cybersecurity policy of South Africa will bring a lot of improvement in how we can respond to this threats. While zero-days do pose a serious risk, it’s important that organizations know that the vast majority of attacks can be mitigated by following the best security practices.

→ 7 Comments

Posted in Cybercrime and Fraud, Education, Information Security

Tagged , , , , , , , , , , , , , , ,