Maximizing customer protections

Transcription

1

2

3 Maximizing customer protections 8 7 Vista XP

4 XP end of support 8 XP 7 Vista XP

5 What is the risk of continuing to run XP? Attackers will have the advantage over defenders After support ends, when Microsoft releases its monthly security updates for supported versions of, attackers will reverse engineer them to identify any that exist in XP XP If XP shares any of those vulnerabilities, attackers will develop exploit code to take advantage of them Since a security update will never become available for XP to address new vulnerabilities, XP will essentially have a zero day vulnerability forever Between July 2012 and July 2013 XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected 7 and 8

6 Exploits Targeting CVE Zero-day 1 month after update 2+ months after update 6

7 Threats have evolved over time Mitigated by DEP Bypassed DEP The number of CVEs for which exploits were written that could have been mitigated by enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP XP SP3 Vista SP2 32-bit 7 RTM 64-bit 7 SP1 8 RTM Server 2003 SP2 Server 2008 R2 SP1 Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence Report volume 14

8 Billions Tablet PC Convention on Cybercrime Facebook Mobile YouTube Twitter ipad Ad-hoc internet connection Always-on connect Daily life on Internet Privacy and Intellectual property Anywhere access Cloud and multi devices 95 XP Logon Experience Ctrl+Alt+Del User Profile Encryption Update XP SP2 Security Development Lifecycle (SDL) Exploit Prevention (ASLR, DEP) Auto Update on by Default Firewall on by Default Security Center Vista Full SDL Additional technology to prevent exploitation Disk Encryption (Bitlocker) Non-Admin User User Account Control Internet Explorer Smart Screen Filter Digital Right Management Secure by default configuration ( features and IE) 7 Full SDL Application Control (AppLocker) Bitlocker to Go Defender Action Center Improvements on attack prevention (ASL, DEP, IPSec) Internet Explorer Smart Screen Filter 8 Full SDL Secure Boot (UEFI) Significant Improvements on attack prevention (ASLR, DEP, IPSec) Store Built-in Anti-Virus Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) Application Reputation moved into Core OS Improved BitLocker Virtual Smartcard Picture Password, PIN

9 Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer (2003) 9/11 Mainly exploiting buffer overflows Script kiddies Time from patch to exploit: Several days to weeks Key Threats Zotob (2005) Attacks «moving up the stack» (Summer of Office 0-day) Rootkits Exploitation of Buffer Overflows Script Kiddies Raise of Phishing User running as Admin Key Threats Organized Crime Botnets Identity Theft Conficker (2008) Time from patch to exploit: days Key Threats Organized Crime, potential state actors Sophisticated Targeted Attacks Operation Aurora (2009) Stuxnet (2010) XP Logon (Ctrl+Alt+Del) Access Control User Profiles Security Policy Encrypting File System (File Based) Smartcard and PKI Support Update XP SP2 Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Security Development Lifecycle (SDL) Auto Update on by Default Firewall on by Default Security Center WPA Support Vista Bitlocker Patchguard Improved ASLR and DEP Full SDL User Account Control Internet Explorer Smart Screen Filter Digital Right Management Firewall improvements Signed Device Driver Requirements TPM Support Integrity Levels Secure by default configuration ( features and IE) 7 Improved ASLR and DEP Full SDL Improved IPSec stack Managed Service Accounts Improved User Account Control Enhanced Auditing Internet Explorer Smart Screen Filter AppLocker BitLocker to Go Biometric Service Action Center Defender 8 UEFI (Secure Boot) Firmware Based TPM Trusted Boot (w/elam) Measured Boot and Remote Attestation Support Significant Improvements to ASLR and DEP AppContainer Store Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) Application Reputation moved into Core OS BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support Virtual Smartcard Picture Password, PIN Dynamic Access Control Built-in Anti-Virus 9

10 Software security has evolved

11 Risk After Support Ends Running antivirus on an out of support system is not an adequate solution to protect against threats Out of support OS Antivirus solution No security updates 11

12 Running XP... increases your risk of infection when it goes out of support Unsupported XP SP2 malware infection rate was 66% higher than the supported version of XP SP3 Infection rate (CCM) trends for XP SP2 and XP SP3, 1Q10-4Q12 12

13 Migrate now to reduce your risk exposure Microsoft Security Blog: Springboard Series Blog: Software Vulnerability Exploitation Trends:

14 Declining markedshare

15 Jon Bing in Teknisk Ukeblad Hvis du kan gi ett råd til politikerne, hva ville det vært? - Ikke at de skal holde en bestemt grense, men holde seg informert om utviklingen. Jeg blir veldig irritert når jeg hører folk si «jeg har ikke tatt i bruk 8 fordi jeg klarer meg så godt med XP». Da har du skåret av muligheten til å skjønne den utvikling som ligger i bruken av ditt daglige arbeidsredskap. Uten at dette er noen lovtale av.

16