September 28, 2010

Why cybercriminals do not need to target Microsoft

Next week Secunia will be at the e-Crime Mid Year Meeting 2010 in London. I am presenting on October 5th at 10:20h and 12:45h covering the topic "Why cybercriminals do not need to target Microsoft” - providing a closer look at the fundamental failings of end-point security that turn most of us into easy prey for cybercriminals.

Following is an abstract of my talk:

This seminar explores the fundamental failings of end-point security that continue to turn most Internet users (corporate and private) into easy targets for cybercriminals. We start with a look at the evolution of the security threat posed by vulnerabilities in the programs of typical end-user PC's over the last five years, and provide an outlook for the rest of 2010 based on the data of the first six months of 2010.
What we uncovered through our free Personal Software Inspector (PSI) service (with +2.6 million users) is that desktop security (and integrity) is much more complex than many people commonly realise, and that the narrow focus on OS vulnerabilities (and even Microsoft product vulnerabilities) is to severely underestimating the problem facing current/future victims of cyber crime.
Our analysis identified an alarming trend - vulnerabilities affecting the portfolio of the Top-50 programs typically present on end-user PC's almost doubled from 2005 to 2009; and an almost four-fold increase is expected to the end of 2010 - which confirms that cybercriminals are very adaptive in finding the easiest path to compromise a host. We identify the primary source of the increased trend, and quantify the complexity of keeping an average PC secure.

I hope this talk contributes to raising awareness on the origin of the threats, and spurs further discussions. Come and join, I am looking forward to meeting with you and to vivid discussions about today’s challenges in securing the end-points.