Safeguarding your systems

Source: Technology Digital

Date :5/31/2007 3:11:00 PM

Microsoft's Margaret Dawson offers advice to senior executives on how to establish an effective IT security plan.

By David Weldon

The March issue of ExecDigital reviewed the various forms of malware that are threatening corporate PCs, with Paul Bryan, director of product management for Forefront Security Products at Microsoft Corp. This month, Margaret Dawson, group product manager for Microsoft’s Security and Access Products Division, discusses the findings of Microsoft’s study of infected user PCs, what the findings mean to business, and what executives need to do in response.

ED. What should corporate executives know about current IT security issues?

Dawson: Unfortunately, most executives don’t even understand what malware — malicious software — stands for. But most importantly, at the high level, executives must realize they have to balance the need for their employees to have access to data, with the need to project that data.

Companies need to be able to compete in a global environment, and you need to provide access from any device, from anywhere, by any employee. But you need to have clear rules for your employees, and some sort of governance to make sure you maintain compliance with regulations.

ED. What are the greatest IT security threats to a corporation from outside sources?

Dawson: Microsoft released The Security Intelligence Report in October 2006 (based on research from the first six months on 2006) in an effort to share our understanding of the evolving threat landscape with the industry. In the report, the company uncovered the following:

• Threats against businesses are continuing to become more targeted and motivated by financial gain, with backdoor Trojans and bots continuing to comprise a significant percentage of the malicious software detected by Microsoft anti-malware offerings

• The percentage of computers infected with email worms increased from 18 to 23 percent from 2005 through first half of 2006 (a worm is a potentially harmful computer program that spreads itself and can make your computer run slowly or send e-mail from your computer without your knowledge or consent)

• 17 percent of the computers cleaned by Microsoft’s Malicious Software Removal Tool (MSRT) contained as least one peer-to-peer network worm (peer-to-peer networks allow computer users to share information and files with other computer users)

• 71,026 new variants of Backdoor Trojans and password stealers/key loggers were identified in the first six month of 2006

• In the case of both the MSRT and Microsoft Windows Live OneCare, approximately 20% of computers cleaned were infected with a mass mailing worm. We anticipate this trend to grow and continue in 2007.

• Since its public availability in August 2006, the Windows Live OneCare safety scanner has detected almost 3 million instances of malware or spyware in nearly 7 million scans, showing the prevalence of these threats.

• Overall, 22.27 million pieces of potentially unwanted software were detected by Windows Defender (beta 2) between April 11 and June 30, 2006, resulting in 13.83 million removals.

[More information about the findings from this report is available online at www.microsoft.com/security]

ED: What does Microsoft see as the greatest IT security threats to a corporation from inside sources?

Dawson: Security issues can be looked at in two big buckets – system issues, or security threats that attack our systems; and people issues, or security breaches either intentionally or unintentionally caused by users.

On the people side, we focus on making our products easy to use and easy to manage. Our solutions try to make it easier for administrators to establish strong, granular policies to make sure users can’t turn off their firewall for example, and that catch spam before it goes into the inbox, or that let a user know their system needs remediation or updates to be compliant with policies.

Sometimes, something as simple as a configuration error can result in security problems. So we are working to make our products easy to configure, deploy and manage. We also make it easy for the IT administrator to run reports and have clear visibility into the state of his/her infrastructure.

Managing identities effectively is important to ensure that users have a seamless experience interacting with resources they are entitled to access, while being denied access to those they are not – regardless of where they are, the device they are using, or the role they play in the organization.

Q. What is Microsoft currently doing to better safeguard against security threats?

Dawson: We have a number of initiatives underway in that area. Windows Vista provides defense-in-depth protection and represents a significant step forward in helping users become more aware of the threats facing them. Microsoft will continue to evolve technology and guidance to further educate users about the evolving threat environment.

Microsoft’s Security Development Lifecycle (SDL) is an industry leading methodology for developing secure and reliable software. At Microsoft, every Internet-facing or enterprise-class product we develop is required to go through the SDL process. This has resulted in a significant reduction in the number of vulnerabilities in our products, and provided our customers with high quality software that is both meticulously engineered and rigorously tested to help withstand malicious attack. Privacy is also integrated into the SDL at the design stage because there is significant overlap with security.

We’ve also increased protection from malware for our Forefront customers with multi-engine anti-malware protection, which provides coverage single-engine competitors can’t match.

Also, we’re expanding our security response teams in Europe and Asia to provide round-the-clock assistance. We’ve also increased protection from malware for our Forefront customers with multi-engine anti-malware protection, which provides coverage single-engine competitors can’t match.

ED. What software applications used in wide-scale corporate use are the most venerable to IT security threats?

Dawson: Threats are moving up the application stack and away from the operating system. It’s no secret that e-mail and the web are the big application vectors for malware attacks, and that’s why we’ve put so much effort into fighting spam and malware, such as our multi-engine scanning approach.

Microsoft’s Security Development Lifecycle process enables us to deliver software and products that are more secure and reliable and less likely to be impacted by malicious threats. With collaboration from trained developers, testers and program managers, the SDL helps to reduce the number of security flaws in code at every level of the development process, from design to the release, and has resulted in measurable improvements in the security and reliability of Microsoft’s software.

ED: What is the good news on the IT security front?

Dawson: As software increases in popularity, the motives for targeting it will increase as well. It is important to remember that security is an industry-wide issue because no software is ever 100 percent secure. While malicious attackers seek to broaden their scope of attack, our goal remains focused on ensuring that our customers have a trustworthy computing experience. We are committed to building software that is as secure and reliable as we can make it, and we feel that the SDL process is an industry leading methodology for doing so.

I would say that they should know that Microsoft and the rest of the industry are working towards better interoperability and better standards, with initiatives such as Network Access Protection.