1 / 28

Securing Against Malware

Securing Against Malware. Nick Hall and Fred Baumhardt Security Technology Architects Microsoft EMEA. Agenda. History of Viruses Current Threats Future…? What is Microsoft Doing?. Microsoft Execution. National Interest. Personal Gain. Personal Fame. Curiosity. The Attackers.

marjean
Télécharger la présentation

Securing Against Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Against Malware Nick Hall and Fred Baumhardt Security Technology Architects Microsoft EMEA

  2. Agenda • History of Viruses • Current Threats • Future…? • What is Microsoft Doing?

  3. Microsoft Execution National Interest Personal Gain Personal Fame Curiosity The Attackers Largest Segment By $$ Spent On Defense Largest Area By $$ Lost Spy Fastest Growing Segment Largest Area By Volume Thief Trespasser Author Vandal Undergraduate Script-Kiddy Expert Specialist

  4. Phishing

  5. ..this is actually the legitimate site you are returned to.

  6. Virus Information • Viruses: speed is dependent on the vector • File viruses took months to years to spread widely • Macro viruses took weeks to months • Mass Mailers took days • Code Red took about 12 hours • Klez went around the world in 2.5 hours • SQL Slammer affected the world in about 10 minutes Source: ICSA Virus Prevalence Survey 2003 “Just how fast is instant messaging?”

  7. Viruses Over IM • "We advise customers to contact their anti-virus software provider and obtain the latest signatures for the virus, which should now be available.“ • W32/Kelvir – Slowed down a network by putting additional traffic on it, it did not create backdoors, install keyloggers, or steal money from brokerage accounts. BUT THE NEXT ONE MIGHT !!!! • You're 10 times more likely to click on a URL that comes from someone on your buddy list than something that comes in over email”

  8. Spyware www.ISpyNow.com www.keykatcher.com

  9. Spies per Consumer PC Oct to Dec 2005 • UK 21.6 • Norway 20.3 • Sweden: 19.1 • Lithuania 17.2 • Slovenia 15.7 Source: BBC website

  10. Worm Malware Theory Authenticate Traffic – Stops foreign Infection Enforce Protocol Rules at the Network Device – things that break are dropped Don’t process traffic that you didn’t ask for, understand protocols and know what to expect • Worms are Anonymous – they don’t carry your password database…. • Pathogens Break protocol rules – you wrote a buffer for 72 characters – attacker sent you 182 • Worms send clients something they didn’t ask for

  11. Future…? • Creation of a Superbug (usually worm propagating)? • Vector is changing. i.e. music, video • The attackers themselves are changing • “New World” virus writers • New threats like “Spear Fishing"

  12. SPAM • Is it Malware ? • Nuisance or Pain ? • Same mindset to AV ? • 4 Million mails, generate 4 responses with 1 person buying (well in the US anyway !!!) • Going away…………..You decide?

  13. What is Microsoft Doing ? Individual users Businesses

  14. Windows Services Hardening • Windows Firewall with advanced security • Reduced administrative privileges • User Account Protection • Internet Explorer 7 with Protected Mode • Secure Start-up • Integrated Anti-Malware • Control over removable device installation • Restart manager to reduce reboots • Security Center enhancements • ActiveX Opt-in puts users in control • Phising Filter

  15. “Windows OneCare is the comprehensive PC health service for consumers that continuously and automatically manages vital computer tasks to help protect and maintain your PC” Product Features Design Principles Simple and Easy Comprehensive Automated Evolving Protection Plus Performance Plus Backup & Restore Help and Support

  16. Provides businesses the control they need to protect against current and emerging malware threats Guards against current and emerging malware threats Prioritizes data to help focus resources on the right issues Maximizes the value of existing investments

  17. Antigen IM and Documents Live Communications Server Viruses Worms Antigen SharePoint Server E-mail ISA Server Antigen Antigen Antigen Exchange Servers Windows SMTP Server

  18. caching caching Content filtering application publishing content filtering application publishing advanced application layer firewall advanced application layer firewall / vpn

  19. Transport and CAS/UM are rewritten in managed code • Encryption of all links among E12 servers by default if encryption can be supported • Emails between two E12 organizations can be encrypted over the Internet without end-user S/MIME • SMTP Gateway Throttling • Much enhanced Anti-spam protection in addition to Ex2003 IMF

  20. Microsoft Exchange Hosted Services Real-time threat prevention features Multi-layer anti-spam and anti-virus Customized content and policy enforcement E-mail retention for help with compliance and e-discovery Customized report generation for help demonstrating compliance Fully indexed, searchable archive Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages Thirty-day rolling historical e-mail store Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption

  21. Windows Defender Windows Live Safety Center Windows OneCare Live Microsoft Client Protection MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration FOR INDIVIDUAL USERS FOR BUSINESSES

  22. Important Dates • Q2 06 • Exchange Hosted Services • Antigen V 9.0 for Exchange, SMTP & AEM • Microsoft Client Protection – Beta • Antigen for E12 – Beta • Windows OneCare • Q3 06 • Antigen V 9.0 for IM, SharePoint • ISA 2006 - RTM • Q4 06 • Microsoft Client Protection • Antigen for E12 • ISA 2006 - RTMQ1 07 • Q1 07 • Windows Vista • Antigen for ISA

  23. © 2005-06 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

More Related