Microsoft: Scareware, PDF exploits rise
The use of scareware and exploits that take advantage of common file formats like PDF, Excel and Word rose in the second half of last year as online scammers realized people are getting smarter about recognizing spam and phishing e-mails, according to a Microsoft security report released on Wednesday.
There was a significant increase in rogue security software, which falsely informs people they need to buy security software and instead either does nothing or steals personal information, the Microsoft Security Intelligence Report found.
Two rogue malware families--Win32/FakeXPA and Win32/FakeSecSen-- were detected on more than 1.5 million computers, pushing them into the list of top 10 threats in the second half of 2008. One rogue application, dubbed Win32/Renos, was found on 4.4 million computers, showing growth of nearly 70 percent over the first half of the year, according to the report issued twice a year.
Microsoft and the Attorney General's office in Washington state filed a handful of lawsuits against alleged scareware companies last year.
Meanwhile, the total number of unique vulnerability disclosures dropped 3 percent during the second half of last year and was down 12 percent for the year from the prior year. The proportion of vulnerabilities disclosed in operating systems continued to decline, to 8.8 percent, while 4.5 percent affected browsers and 86.7 percent affected applications and other software.
During the second half of 2008, Microsoft released 42 security bulletins addressing 97 vulnerabilities, a 67 percent increase over the first half of the year. For the full year, the company released 78 security bulletins addressing 155 vulnerabilities, up nearly 17 percent from 2007.
Microsoft software accounted for 6 of the top 10 browser-based vulnerabilities attack on computers running Windows XP in the second half of last year, while there were none for computers running Windows Vista.
The most frequently exploited holes in Office were also some of the oldest, with more than 91 percent of attacks exploiting a single vulnerability for which a security fix had been available for more than two years.
Attacks targeting PDF files rose sharply, reaching twice as many in July as in all of the first half of 2008, the report said. Adobe last month released a security update to fix a critical vulnerability in Adobe Reader 9 and Acrobat 9 for which exploits had been reportedly found in the wild for nearly two months.
Corporate environments running Forefront Client Security are more likely to encounter worm infections than home computers running Windows Live OneCare, while home computers had more Trojans and Trojan downloaders, the report found.
As for e-mail, more than 97 percent of it is unwanted as either spam, phishing attacks or have malicious attachments, the report found.
Despite the seeming industry emphasis on malicious hacking and other Internet attacks, lost and stolen equipment remains the most common cause of security breaches resulting in data loss, representing half of all reported incidents, according to the Open Security Foundation's OSF Data Loss Database. Stolen laptops, for instance, represented 33.5 percent of all data loss incidents and combined with lost equipment represented half of all incidents reported. Hacking accounted or malware incidents accounted for less than 20 percent.
Updated 11:25 a.m. PDT with link to report.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
2. Vista Rocks!
http://blogs.zdnet.com/security/?p=2996
Microsoft seriously needs to stay out of the Security Utility business, even their corporate AV seems to be crap. I use Symantec EndPoint 11 on Vista 64 bit, works like a charm! The last time I caught a W32 virus was back in August of 2001, running Windows ME. But its my fault, didn't update the Antivirus for weeks.
Forefront Client Security was created by Giant Software before Microsoft bought that company and is still using that legacy code. I don't think there is a true Microsoft version yet, just a rebranded one.
"Computers running Forefront Client Security (typically found in corporate environments) were much more likely to encounter worms than home computers running Windows Live OneCare. Home computers also encountered significantly greater percentages of trojans, trojan downloaders and droppers, adware, and exploits. Similar percentages of backdoors and spyware were detected by both products."
This quote is followed by a graph (Page 10 of the report) showing that the conclusions were arrived at by studying how often a given type of malware or virus was *cleaned* from the user's system. It makes absolute sense that corporate computers would encounter more worms than home users, because worms are typically targeted at enterprises. Enterprises are also often more hardened against lower level threats like adware and trojans.
I don't use Forefront Client Security, so I can't attest to it's quality. But, as someone who hates to see people misuse information, I have to point out that you cannot conclude from this data that the product is crap, since the sample is only of successful neutralizations. To make an assertion on Forefront's quality, you would need to find the ratio of successful neutralizations to uncontained infections AND compare that ratio to that of the competitors.
Do it with Ubuntu.
its easy to install programs in Ubuntu
no more compiling
Windows needs central update API like ubuntu has. Each program has it's own mechanizm, what is worse Autoupdate like Apple has asks you to install software you don't even want e.g. SAFARI