Incident Response, TDR

Microsoft report explores dangers of running expired security software

Operating a computer with an expired security product is practically as unsafe as operating a system without security software at all – that is one of the key takeaways from the Microsoft Security Intelligence Report 17, which was released on Tuesday.

According to statistics in the lengthy study, non-domain computers running Windows 8 and Windows 8.1 with updated real-time security software reported a 0.6 percent infection rate, whereas systems with expired protections reported a 2.2 percent infection rate, and systems with no protections reported a 2.4 percent infection rate.

Roughly 10 percent of non-domain Windows 8 and Windows 8.1 computers are running expired security software, the report shows.

One of the big reasons why users are running expired security products is because they often purchase PCs that come preloaded with trial versions of anti-malware solutions, which typically expire within a month or so, the report indicates.

“Cybercriminals change the structure of their malware frequently using automated tools,” Wolfgang Kandek, CTO of Qualys, told in a Monday email correspondence. “Signature-based tools have a hard time keeping up with the attackers and if one does not have access to updates the protective effect quickly disappears.”

The report also touches on the challenges of securing account credentials, which are often compromised by attackers in bulk through breaches of websites, but also through malware infections and phishing attacks.  

“Users can protect themselves by not reusing passwords, most likely with the help of a password manager to be able to manage the hundreds of accounts and passwords that we manage in our everyday lives,” Kandek said. “However the best solution to the problem is the adoption of multi-factor authentication, i.e. getting a login code through SMS or generating a one-time code through a special application.”

Additionally, the report explores some of the efforts being taken by Microsoft to combat malware – notably through its Digital Crimes Unit (DCU), which collaborates with law enforcement, government, and other organizations.

Within the last 180 days, DCU was involved in the disruption of MSIL/Bladabindi and VBS/Jenxcus, malware developed by individuals in Algeria and Kuwait that infected millions of Microsoft users, the report indicates, adding DCU also helped disrupt Win32/Caphaw, a banking trojan – also known as Shylock – that primarily targeted financial institutions in the UK.

“The coordination across the law enforcement domains in different countries that are involved is substantial and significant groundwork has to be laid to generate the necessary contacts and trust relationships,” Kandek said. “In the end, cybercriminals have to know that police can catch up with them and that their actions have serious penalties.”

The extensive Microsoft Security Intelligence Report goes on to cover a variety of threats, including vulnerabilities, exploits, malware, email threats and malicious websites, as well as mitigating risk.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.