| Trustworthy Computing
http://www.microsoft.com/sir | 1 | Trustworthy Computing http://www.microsoft.com/sir 2 | Trustworthy Computing http://www.microsoft.com/sir 3 Main Customer Spyware and Potentially Malicious Software Available Segment Unwanted Software Main at No Product Name Distribution Additional Scan and Real�time Scan and Real�time Methods Consumers Business Charge Remove Protection Remove Protection Prevalent Windows Malicious Software WU/AU ● Malware ● Removal Tool Download Center Families Download Center Windows Defender ● ● ● ● Windows Vista/ Windows 7 Windows Live OneCare ● ● ● ● Cloud safety scanner Microsoft Security Essentials ● ● ● ● ● ● Cloud Forefront Online Protection ● ● ● Cloud for Exchange Forefront Client Security ● ● ● ● ● Volume Licensing
| Trustworthy Computing http://www.microsoft.com/sir 4 | Trustworthy Computing
http://www.microsoft.com/sir | 5 100% 100% 80% 80% 60% 60% 40% 40% 20% 20% 0% 0% 2006 2007 2008 2009 2010 2006 2007 2008 2009 2010 High (7 - 10) Medium (4 - 6.9) Low (0 - 3.9) High Complexity Med Complexity
7.000 7.000 6.000 6.000 5.000 5.000 4.000 4.000 3.000 3.000 2.000 2.000 1.000 1.000 0 0 2006 2007 2008 2009 2010 2006 2007 2008 2009 2010 Operating system vulnerabilties Browser vulnerabilities Microsoft Non-Microsoft Application vulnerabilities
| Trustworthy Computing http://www.microsoft.com/sir 6 | Trustworthy Computing http://www.microsoft.com/sir 7 7.000.000
6.000.000 Java
5.000.000
4.000.000 HTML/JScript 3.000.000
2.000.000 Operating System Computers Reporting
Document 1.000.000 Readers/Editors Shellcode and Heapspray 0 1Q10 2Q10 3Q10 4Q10 Adobe Flash (SWF)
| Trustworthy Computing http://www.microsoft.com/sir 8 | Trustworthy Computing
http://www.microsoft.com/sir | 9 45,0
40,0 Korea
35,0 Spain Turkey 30,0
25,0 Taiwan Brazil 20,0
15,0
10,0 Worldwide
5,0
0,0 3Q09 4Q09 1Q10 2Q10 3Q10 4Q10
| Trustworthy Computing http://www.microsoft.com/sir 10 45,0
40,0
35,0
30,0
25,0
Brazil 20,0 Portugal 15,0 Russia Bahrain 10,0 Worldwide
5,0 China
0,0 3Q09 4Q09 1Q10 2Q10 3Q10 4Q10
| Trustworthy Computing http://www.microsoft.com/sir 11 Malicious & potentially unwanted software
July through December 2010
| Trustworthy Computing http://www.microsoft.com/sir 12 20%
15%
10% 1Q10 2Q10 5% 3Q10 0% Frethog Conficker Autorun Rimecud Taterf Hamweq RealVNC Alureon Renos FakeSpypro 4Q10
Password Worms Miscellaneous Miscellaneous Trojans Stealers & Potentially Monitoring Unwanted Tools Software
20%
15%
10%
5% 1Q10
0% 2Q10 Frethog Conficker Autorun Rimecud Taterf Zwangi Pornpop Hotbar Renos FakeSpypro 3Q10 Password Worms Miscellaneous Potentially Unwanted Software Miscellaneous Trojans Stealers & 4Q10 Monitoring Tools
| Trustworthy Computing http://www.microsoft.com/sir 13 20,0 19,3 Client Server 18,0 15,9 16,0
14,0
12,0 9,8 10,0 9,2
8,0 7,5 6,6 5,8 6,0 5,3 3,6 3,8 4,0 2,5 64 64 2,0 32 32 32 32 64 32 64 32 64 32 0,0 SP2 RTM SP2 SP3 RTM SP1 SP2 RTM Windows Windows Windows XP Windows Vista Windows 7 Server Server 2003 2008 R2
| Trustworthy Computing http://www.microsoft.com/sir 14 | Trustworthy Computing
http://www.microsoft.com/sir | 15 Metric 1Q10 2Q10 3Q10 4Q10
Host infection rate (CCM) 5.5 4.6 5.6 5.3 (Worldwide) (10.8) (9.6) (9.9) (8.7)
Phishing sites per 1000 hosts 0.44 0.43
Malware hosting sites per 1000 hosts 1.98 4.98
Percentage of sites hosting 0.109% 0.019% 0.026% drive�by downloads
| Trustworthy Computing http://www.microsoft.com/sir 16 CCM (100,000 MSRT executions)
| Trustworthy Computing http://www.microsoft.com/sir 17 | Trustworthy Computing http://www.microsoft.com/sir 18 | Trustworthy Computing http://www.microsoft.com/sir 19 Family Percent of Computers Affected 1 JS/Pornpop 18.2% 2 Win32/Renos 7.6% 3 Win32/Zbot 6.9% 4 Win32/Conficker 5.2% 5 Win32/Obfuscator 4.8% 6 Win32/Keygen 4.2% 7 Win32/Alureon 4.1% 8 PossibleHostsFileHijack 3.7% 9 Win32/Autorun 3.5% 10 Win32/ClickPotato 3.4%
| Trustworthy Computing http://www.microsoft.com/sir 20 | Trustworthy Computing http://www.microsoft.com/sir 21 | Trustworthy Computing http://www.microsoft.com/sir 22