Microsoft's security head gives predictions for 2013's malware

As 2012 comes to a close, some people are already looking ahead to what the next 12 months will bring. One of them is Tim Rains, who is the director of Microsoft's Trustworthy Computing division. Today, Rains gave five predictions on software security threats that he thinks will be a part of 2013.

One of his predictions, as posted on the Microsoft Security blog, concerns malware creators using software that was originally made or sanctioned by governments to go after enemy nations, such as the Stuxnet virus that tried to cripple Iran's nuclear program in 2010. He says that a portion of the Stuxnet virus was picked up by other malware makers to exploit some software vulnerabilities. He states:

The barriers to entry for criminals to leverage highly sophisticated techniques in their attacks are lowered each time the malware and vulnerabilities that highly skilled professionals develop and use, are discovered.  This is likely to amplify the unintended consequences of espionage in the coming years.

Rains also believes that more malware creators will attempt to deliver their software inside apps, movies and music in 2013 and that drive-by attacks and cross-site scripting attacks will become more prevalent in the next year. Developers of rootkits will also evolve their programs, now that Microsoft is using the Unified Extensible Firmware Interface (UEFI) and secure boot for Windows 8.

Finally, Rains believes that it will be harder to go after some software due to constant automatic updates. He says, "For example, following a surge in detections that peaked in the third quarter of 2011, detections of exploits that target vulnerabilities in Adobe Flash Player have decreased significantly in every subsequent quarter, likely due to the ease of keeping it updated."

Source: Microsoft Security blog
Security image via Shutterstock

Report a problem with article
Previous Story

Dell: Windows 8 PCs are better for them than Android products

Next Story

ArmA III delayed into 2013

11 Comments

Commenting is disabled on this article.

Obviously this Microsoft guy has ties to those who make the malware. What better way to predict what will happen..

maybe he checked the security audit review on the Windows source code and found video and picture codecs were skipped over?

wasn't the US Gov. responsible for unleashing the that virus ?
I heard that and another one before on another country was the FBI or something like that..

I've long been suspicious of American Gov. agencies combined with having M$ as their buddy. Combined with AV/Firewall makers that auto exempt various net related services..
svchost.exe ? sure no problem ..allow

I would rather have the American Government and Microsoft team up than the others. If it happens with Microsoft, then people like yourself will make sure to publicize it until Microsoft has to give in under pressure.

If it is the government and Goog£€, then people will proclaim that it is perfectly fine because they (both the government and Goog£€) need to make money some how, so stop complaining and willfully hand your information over to both. Oh, who are we kidding, you don't need to give them your information, they both already have it.

If the government and App£€ team up, then you should be happy to use it because it is shiny and looks pretty, and everyone is happy to use shiny stuff. Besides, if you complain, it means you are a hater of both App£€ and a racist because of the government is headed by Obama, and since the government is involved, we now have the ability to imprison you for your hate crimes.

Hello,

SVCHOST.EXE is the broker process for services under Microsoft Windows, i.e., it is the program used to start, pause, resume, and end services. Prompting to allow it to run would likely render the operating system unable to respond to input (system freeze), assuming enough of it could get loaded in the first place.

Regards,

Aryeh Goretsky

i know what the process is thanks for the lesson anyway though lol

and nohone
your views are rather extremist and as usual i say your comments rely entirely on jumping to conslusions and making wide sweeping assumptions about anyone that makes a comment *YOU don't like.
If there is anyone on earth i fear it people like you.. the core basic thought process behind what just rolled off your tongue gives me shivers.
that's the same process Nazi's used stuffing Jews in a gas chamber.

I'm not gonna point out why espionage is a bad thing ..it should go with out saying..
But obviously it does not ..sad

click "Like" on that..
..wacko's lol

You know I never did look or check but has W8/Server 2012 changed from NTLM to another password hashing mechanism at all?

goatsniffer said,
NTLM is still secure. Weak passwords, however, are still never secure.

It is still secure for long passwords but I would have thought they'd have gone with how linux has been doing it for years and mac more recently, using salted hashes so that rainbow tables are useless.

n_K said,

It is still secure for long passwords but I would have thought they'd have gone with how linux has been doing it for years and mac more recently, using salted hashes so that rainbow tables are useless.

luckily you need to have local access to preform such tasks and thus shouldn't be a risk to your servers.

Shadowzz said,

luckily you need to have local access to preform such tasks and thus shouldn't be a risk to your servers.

Servers are generally secure because there's no publically available software that will extract hashes from active directory running on Server 08 R2 upwards.