While hackers are forever finding software vulnerabilities, improved software security techniques are making it harder for those attacks to have much effect in the wild, says Jeff Jones, director for Microsoft Trustworthy Computing. Techniques like stack overflow protection, data execution prevention, and address space layout randomization limit the severity of infections if they can plant malware on machines.
"Newer is better, and I'm not just saying for Microsoft products. Smartphone makers are building in newer techniques like address space randomization," says Jones, who couldn't resist adding a plug for Windows 7. "If you are running a product that's 10 years old, time to think about moving to a product more recent than that."
For instance, infection rates are dramatically lower between older and newer versions of Windows, with 10.9 percent of Windows XP SP3, the current version, succumbing to infections; Vista SP2 32-bit users were hit 5.7 percent of the time, Windows 7 32-bit 4 percent and Windows 7 SP1 32-bit a mere 1.8 percent (with 64-bit infection rates even lower). Microsoft normalizes these statistics, comparing an equal number of computers per version, so the number of XP users vs. Windows 7 users does not taint the findings. Windows 7 SP1 was released in February and was essentially a roll-up release of security and bug fixes, with no added functionality.
Meanwhile, the report says exploits affecting Android and the Open Handset Alliance were on the rise. These were detected when Android users downloaded infected programs to their Windows computers before transferring the software to their devices. The biggest was a Trojan family it calls AndroidOS/DroidDream, "which often masquerades as a legitimate Android application, and can allow a remote attacker to gain access to the mobile device," the report says. Google fixed that hole with a security update published in March; however, detected DroidDream infections continued to rise through the second quarter.
There was some good news. Many of the methods Microsoft has implemented to limit the severity of infections are having some effect, if Microsoft does say so itself. For instance, in February, Microsoft released an update for XP and Vista systems which fixed the Autorun feature from being so easily abused. Windows 7 always included this feature. Autorun is a favorite method to spread Conficker, which still appears as a top infection on enterprise networks, the report says. A more secure Autorun doesn't automatically launch applications on thumb drives and DVDs.
Microsoft reports that Autorun infections decreased by as much as 82 percent. However, Autorun is still a top prorogation technique, and 43 percent of malware included Autorun as a propagation method, the report says.
Likewise, with Microsoft's help in taking down the botnets Cutwail and Rustock, spam rates dropped from about 90 billion blocked messages in July 2010 to about 25 billion in June 2011.
Now for the bad news. The report did not indicate that overall infections were down. What hackers are losing in the way of easy drive-by infections and Autorun propagation, they seem to be making up for in phishing via social media, such as Facebook clickjacking attacks. "In April 84 percent of all phishing was through social networks," Jones says.
As Microsoft sees it, protection against these attacks remains in your hands, by keeping up on patches and fixes.
Julie Bort is the editor of Network World's Microsoft Subnet and Open Source Subnet communities. She writes the Microsoft Update and Source Seeker blogs. Follow Bort on Twitter @Julie188.
Read more about wide area network in Network World's Wide Area Network section.