Microsoft Security Intelligence Report – What it means for EMEA

“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective.

One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a huge amount of data we can collect from different like the Malicious Software Removal Tool, Microsoft Security Essentials, Defender, etc. given you agreed to share your data with us.

If we look at the heat map in EMEA, this is the picture you will see:


So, there are different countries which are red (highly infected) and green (not very infected). Now, obviously we do not have the same amount of data for all the countries. If we take the countries with more than 100’000 average executions per month of the Malicious Software Removal Tool, we see this ranking for the best and the worst countries worldwide (the bold countries have an execution rate with more then a million average executions per month):

Malware Infection Rate Let’s take the EMEA countries in this list and see how they developed over the last three reports. The best countries first:

image It is actually good to see that with the exception of Senegal all the EMEA countries in the top list could reduce their infection rate. Often this is based on a good collaboration between the public and the private sector.

But what about the other end of the ranking? Let’s see:

image Here the picture is not as clear. Some countries like Serbia and Montenegro, Turkey etc. have a very bad 1H09 but then came back to their “normal” level. Unfortunately we cannot see a clear trend here but there are some countries, which are slowly improving (e.g. Russia). There is definitely coordinated activity needed in these countries. Turkey for example is working on pulling people together to address the issue.

If we turn it around and look at it from an Operating System perspective, we definitely see that newer Operating Systems are better than older (which was to be expected):

image From the malware we can turn to the vulnerabilities. Since quite a while we are talking about having the problem moving up the stack, which is reflected in the picture on the industry-wide vulnerabilities:

image This means as well, that you definitely should cover all your applications when you think about patch management and you have to do this for all your vendors:
image When it comes to patching, we see a fairly good coverage with Windows Update, Microsoft Update and WSUS. Especially if you are looking at the relative growth compared to the Windows installed base:


So, you see: There is a lot of great information in the Security Intelligence Report – go and look at it.


Even though I did not go into the details here but Rogue Security Software is still a huge a problem out there and there is a chapter again on this theme as well!

Finally, if I could have three take-away, this would be it:

  • Get a coordinated approach to fight malware between the public and private sector
  • Move to the latest version of software, wherever you can
  • Cover all the products you have with your Patch Management processes