Microsoft Security Report: Applications are Top Target

Microsoft Windows vulnerabilities are decreasing, but malware is increasing.

This is the news from the latest report of Microsoft's global view of the threat landscape from hundreds of millions of computers around the world.

The Microsoft Security Intelligence Report shows that the total amount of malware and potentially unwanted software removed from computers grew more than 43 percent during the first half of 2008. The biggest factor behind the growth: Organized crime.

Microsoft's research shows that even while Microsoft and other vendors in the industry have made great strides in toward protecting customers from these malicious threats, they continue to evolve. The report notes that improvements in security for its Windows Vista operating system and security updates to the previous Windows XP system have made operating systems less of a target for the attackers. The report shows that the total number of unique vulnerability disclosures across the industry decreased in the first half of 2008, down 19 percent from the same time in 2007. The vulnerability disclosures in Microsoft software in the first half of 2008 continued a multi-period downward trend, both in total disclosures and compared to total industry disclosures.

The report reveals a continued rise in Trojan downloaders and high-severity vulnerabilities, showing that financial gain still is a hacker's top reason to attack. The report also shows that attacks are being directed toward the application layer and away from the operating system, as more than 90 percent of vulnerabilities disclosed in the first half of 2008 affected applications, while only 10 percent affected operating systems like Windows Vista or Windows XP. Read the entire report:

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.