Microsoft: third-party apps are biggest security threat
By Barry Collins
Posted on 8 Apr 2009 at 14:36
Microsoft claims third-party applications are now a bigger security threat than its own software.
The company was speaking following the launch of its latest Security Intelligence Report, an annual compilation of security trends and threats.
Cliff Evans, security and privacy lead at Microsoft UK, says third-party developers are being increasingly targeted by malware writers. Only 5.5% of browser-based exploits target Microsoft software on Windows Vista machines, although that figure rises to 40.9% on Windows XP.
"We now account for a very small percentage of the exploits that are out there, and there is a shift towards other applications because it's easier," he told PC Pro. "If you're a criminal, you're just going to go for those easier pickings."
The report points the finger squarely at Adobe, which saw attacks on its PDF format rise sharply in the second half of 2008, according to Microsoft.
"We really want to encourage people to update their third-party applications," Evans said. "I think a lot of people have got the message around updating their operating system, and a fair percentage around their antivirus products, it's really about the third-party products as well, and the importance of keeping those products updated."
Microsoft's claims the vast majority of attacks on its own software are exploiting unpatched applications: 80.3% of the successful attacks on Office 2003 were found on machines that were still using the RTM software, for example.
Has Microsoft considered enforcing security updates on users of its own products? "Someone like me might say yes," said Ed Gibson, chief cyber security advisor at Microsoft UK. "The problem with that is how do we then work with major enterprise companies who have written specific applications for their particular needs and they feel they have to do testing on security updates. They wouldn't want to have those updates forced on them."
"As far as the general consumer is concerned, that goes against the grain of Microsoft and other providers, in that it needs to be consumer choice," he added.
False security apps
Microsoft claims it's also seen a huge increase in malware masquerading as security software. The company says the recent Conficker scare has further stoked consumer fear, and driven them to mistakenly install fake antivirus packages.
Gibson admits the malware writers are blatantly ripping off the look and feel of Microsoft and third-party security products to give their malware an air of authenticity. "They've definitely become cleverer in terms of their approach," he said.
Unusually, the fake software is largely emanating from Western countries such as the US and Spain. "Organised crime is using that [virus attacks] as a scare tactic to give you pop-ups that look legitimate," he warned.
He said the company was working with law enforcement agencies to hunt down the perpetrators.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
