Archive for November, 2009

Microsoft Security Intelligence Report

November 16, 2009 Leave a comment

Computer security seems like a never ending battle sometimes. You can never have enough layers of defence, your definitions can never be up to date enough, and you can never be paranoid enough. Threats seem to mutate almost daily. However, the days of threats making big waves in the mainstream news headlines appear to be over now. The threat landscape has changed.

Whereas before malware writers wanted to destroy your pc, these days they want to avoid that, since a “dead” pc is a pc not held to ransom or carrying out some other nefarious task the malware author wants done. A broken pc is of no use to these people.

I recently ran into an article that spoke about the Microsoft Security Intelligence Report, and about how some progress was being made in fighting malware. Curious, I went to go and download it. You too can get a copy by visiting

The report is quite long, but was quite interesting and even enlightening to read through. Compiled from statistics from its various anti-malware products, Microsoft has painted an interesting picture of computer security. I don’t know how accurate these numbers are, and I do know that without the statistics of the other anti-virus companies, the results are not a truthful reflection of the state of Windows computing.

The next version of the report should be quite interesting, as it will include data from Vista SP2, Microsoft Security Essentials and Windows 7.

In summary, the report vindicates what I’ve been telling friends for years about how much safer Vista was than XP. Vista has suffered far less attacks than XP. It has gotten to the point where attacks are being shifted into the application market, rather than attacking the base OS. Windows security has come a long way now, to the point where it is becoming harder for attackers to attack the base OS easily.

What it also points out is that by patching your computer, you can avoid some of the issues that have affected people. One example was that by simply having one patch, roughly 98% of attacks based though Microsoft Office would have failed to work.

I would highly recommend that if you are interested in computer security, that you take the time to read this report. It is well worth the time to do so.