14 DAY TRIAL // Cybersecurity clearly remains one of the main concerns of all tech giants right now, with Microsoft trying to set up campaigns around the world to educate users on the best ways to browse the web safely.
Since customers clearly need more information on the way they can protect their data, we talked with Tim Rains, Microsoft's director in the trustworthy computing group at Microsoft, who was kind enough to share his thoughts on the company's efforts in this regard.
Softpedia: Please introduce yourself to our readers and talk a bit about your role at Microsoft.
Tim Rains: My name is Tim Rains. I’m a Director in the Trustworthy Computing group at Microsoft. Trustworthy Computing focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet.
Softpedia: Global cybersecurity is clearly one of the things that concern all of us, so Microsoft’s efforts to educate users around the world are obviously helpful. Still, not all large tech companies follow Microsoft’s lead, so how important do you think it is to see other big names joining these kinds of campaigns? Tim Rains: Microsoft believes that user education is very important and helps provide a safer and more secure online experiences for customers around the world. We actively partner with other companies and organizations around the world to promote better consumer security. We welcome other companies around the world to work with customers to raise awareness. Campaigns like “Stop. Think. Connect.”, Cybersecurity Month or the International Cybersecurity day create great opportunities for companies to engage their customers.
Softpedia: The latest Microsoft Security Intelligence Report has revealed that the United States is one of the countries where more than 20 percent of computers running Windows lack an anti-malware software solution. How come so many users are ignoring recommendations coming not only from Microsoft, but also from security experts around the world?
Tim Rains: There are a few reasons why this might be the case:
Trial period expired or solution is out of date: For starters, many computers today come pre-loaded with an antivirus (AV) solution. They are often trial versions which require a purchase typically within 90 days of activation. Unfortunately renewal notifications are often times dismissed or people don’t realize they are using a trial version, and ultimately systems go unprotected. In some cases, people may be running an AV solution that is missing updates or is an out dated version.
Solution was disabled by malware: Secondly, people don’t always realize that malware or viruses have the capability to purposely disable a user’s AV. For instance, if a system is missing security updates or a user has fallen victim to a scam and clicked on a malicious link or attachment, malware can infiltrate their computer and turn off their AV. In this case, people may be presented with fake warnings enticing them to provide credit card information for a fake AV solution, also known as “scareware”.
No real-time AntiMalware solution installed, or is turned off by the user: And lastly, some may simply not realize the importance of having AV software installed on their systems. In some cases, a user might decide to pause or disable their antimalware program and simply forget to turn it back on.
Softpedia: Many, if not most, pirated copies of Microsoft software are delivered with various forms of malware that could expose users’ data and make their computers vulnerable. In some countries around the world though, buying a Windows or Office license is pretty difficult, mostly due to the price. How do you plan to convince local users to make the move to genuine software since pirated versions represent the more affordable choice?
Tim Rains: Pricing is only one component of why people chose to pirate software, and not purchase it. Just lowering pricing does not result in less piracy; there is more to it than that. In markets where we have the least expensive pricing due to economic factors, the piracy rates are often the highest.
The fact is, according to “The Dangerous World of Counterfeit and Pirated Software,” released by IDC this year, one in three PCs with counterfeit software installed will be infected with malware in 2013.
Because of these infections, consumers will spend 1.5 billion hours and US$22 billion identifying, repairing and recovering from the impact of malware. Genuine software provides the peace of mind that you will not be one of these victims, for whom the personal and financial price tag is far greater.
Our goal is to encourage and empower our customers to demand legitimate software: ask questions of resellers, investigate packaging, look for “too good to be true” prices—to ensure they get what they pay for, and only what they pay for.
Softpedia: Microsoft has greatly improved the anti-malware protection in the last version of Windows with the help of Windows Defender. And still, AV-TEST claims that Microsoft’s security products aren’t quite as effective as the other ones from Kaspersky or BitDefender, for instance. What do you think about this?
Tim Rains: Microsoft is committed to protecting our customers. We leverage threat intelligence from more than 600 million customer computers worldwide each month to help keep our customers safe. We also monitor our protection, quality, and customer experience and publish our performance results regularly. For last month’s results, see this page.
Microsoft provides security features out-of-the-box with Windows 8 that are designed to provide a minimum baseline to keep customers safe and secure. For more information on these capabilities, visit this website.
However, some customers may want a different experience with their antivirus software. For these customers, we encourage them to take advantage of the benefits of antivirus software, whether from Microsoft or other trusted vendors like those listed here, as this added layer of protection is vital, regardless of the solution’s manufacturer.
Softpedia: Microsoft has recently managed to disrupt the Nitol botnet and stats are proving that the cleaning process is going just as planned. How difficult was it to shut down the botnet?
Tim Rains: Good question! I’ll defer to my colleague, Richard Bosovich from Microsoft’s Digital Crimes Unit. He’s written two blog posts on some of the backstory from the takedown that I think your readers will find interesting.
First, “Microsoft Disrupts the Emerging Nitol Botnet Being Spread through an Unsecure Supply Chain.” Second, “Microsoft Reaches Settlement with Defendants in Nitol Case.”
Softpedia: Rogue security products remain a main threat these days, as it’s basically pretty easy to convince a less experienced user to buy such an app. How can a beginner tell that he’s about to purchase a useless security product?
Tim Rains: The key here is to only acquire software from a vendor that you know and trust. My mantra is “if you don’t trust the source of the software, don’t trust the software.” Downloading security software directly from the website of a vendor you know and trust is key.
The bad guys make rogue security software look exactly like the real thing – so it can be really hard to tell the difference. The Microsoft Malware Protection Center provides a free resource to help educate people on these threats. It’s called “Real vs. Rogue”. It’s a fun way to learn about these fake security products.
Softpedia: Do you have any security advice for our readers?
Tim Rains: Reading about malware and other threats on the Internet can be intimidating, but some basic, easy to do steps will help protect your computer.
1. Make sure you have Windows Firewall turned on or a firewall from a vendor that you trust. This will make it harder for attackers to get to your computer.
2. Run anti-virus software from a vendor you know and trust. Microsoft Security Essentials is a great choice as is Windows Defender built into Windows 8. Many other companies also offer security software, both free and paid options.
3. Keep all of your software up to date. Microsoft software will keep itself up-to-date if your computer is set to use Microsoft Update. If you have software from other vendors installed you’ll want to keep this software up-to-date as well and use the latest versions whenever possible. This will make it much harder for attackers to compromise your system.
4. Think before you click. Attackers are trying to trick you into installing malware on your system by sending you email with malicious attachments and links to malicious sites. Don’t take the bait – only open attachments and click on links if you really have to.