Monday, February 26, 2007
Thoughts on MS Security Intelligence Report
It's old news, but just now I've found time to comment about the MS Security Intelligence Report.Some things confirmed some of my opinions about the Brazilian security field.First, banks here are quite more advanced on figthing phishing and malware against their clients than other contries. The report shows that password stealers and key loggers malware are a very common threat in Brazil. This is happening for years, what made our banks to migrate their online banking systems from simple password authentication to much more complex security systems. Today it will be very hard to find a bank here that is not using a different password for the debit card and for Internet services, on-screen keyboards, anti-malware plugins and OTP cards. We should really think about showing all those things on the regular security events around the world. It's funny to see that too fw people know about this.There is information too about the use of Instant Messaging as a social engineering attack vector. Puting information leak and productivity issues aside, it shows that blocking IM seems to be not so necessary as it seemed before. If you consider that Microsoft Messenger updates can also be published by the regular patching systems (WSUS, Microsoft Update), it won't be something that really really must be forbidden. If your business like to use it, keep it working.Another interesting data is the normalized view of Windows version with detected malware. Windows XP SP2 is responsible for only 3.7% of the cases. It clearly shows that even before Vista the last security improvements from Microsoft are having effect.