Microsoft: More Attacks on Applications, less on Windows

Microsoft announced his fifth Microsoft Security Intelligence Report. It's a deep look into the threat landscape based on data derived from hundreds of millions of computers worldwide. The report has been designed to help enable better protection from cybercriminals.

The research from the first half of 2008 shows that while Microsoft and others in the industry have made huge progress toward helping protect customers from malicious threats online, threats to business and consumers still continue to change.

More specifically, the report shows that the total amount of malware and potentially unwanted software removed from computers worldwide grew over 43 percent during the first half of 2008. The Microsoft Security Intelligence Report also reveals a continued rise in both trojan downloaders and high-severity vulnerabilities, proving that financial gain remains attackers’ top motivation.

In addition, Microsoft’s research illustrates how attacks are continuing to move into the application layer and away from the operating system, as more than 90 percent of vulnerabilities disclosed in the first half of 2008 affected applications, while only 10 percent affected operating systems.

Based on the key findings from the report, Microsoft recommends customers use the data, insights and guidance in the report to better assess and improve their own security practices. Some of the active steps Microsoft recommends include the following:

• Check for and apply software updates on an ongoing basis, including updates provided for third-party applications.
• Enable a firewall.
• Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software.
• Open links and attachments in e-mail and instant messages with caution, even if they are from a known, trusted source.

Following customer feedback on previous reports, Microsoft took a different approach with this volume, creating a more reader-friendly core document accompanied by appendices that provide expanded explanations and analysis.