1. Cliff Evans Security and Privacy Lead Microsoft Ltd

2. For consumers needing protection from malicious software including Spyware, Viruses, Trojans and rootkits, Microsoft Security Essentials is the no- cost, high-quality anti-malware service that efficiently addresses the ongoing security needs of a genuine Windows- based PC www.microsoft.com/security_essentials

3. Built on the same core security technology that is the foundation for Forefront™, Microsoft’s trusted security solution for the enterprise Tested and certified by independent experts including West Coast Labs and ICSA labs The vast world-wide network of PCs providing intelligence on the most current threats ensures early detection and quick response to new threats In the event of a suspicious file, the dynamic signature service enables immediate signature download – without waiting until the next download event New and improved technologies including live kernel behavior monitoring, anti-stealth functionality, and live rootkit removal to provide additional defense against rootkits and other aggressive threats

4. Available at no additional charge as a benefit of genuine Windows Downloads and installs quickly and easily direct from Microsoft.com with no complicated registration process and no personal information collected. Automatic, behind the scenes updates in Microsoft Security Essentials ensures that users always have the latest threat protection and prevention technology on their PC at all times - no need to upgrade or renew Intuitive interface - with a single click, users can quickly and easily take the actions needed to keep their PC better protected.

5. Intelligent caching and smart memory swapping are designed in to limit the amount of memory used CPU utilization is limited and low priority disc operations are leveraged to ensure the system remains responsive to those tasks the user is likely to be performing such as opening files or browser windows, cut/copy/past, file save, and so on Real-time access to the latest signatures through Dynamic Signature Service means PC can stay up to date on the latest identified threats with less frequent signatures downloads Works quietly in the background without distracting pop- ups – only notifying users if action is required to stay protected

6. Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Key loggers Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets & Rootkits War Driving Financial motivation Internet wide impact 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks Network device attacks 64-bit Windows

7. Trustworthy Computing Protecting customers throughout the entire life cycle (in development, deployment and operations) Microsoft Security Engineering Center (MSEC) Security Assurance Security Science Security Development Lifecycle (SDL) Microsoft Malware Protection Center (MMPC) Microsoft Security Response Center (MSRC) (MSRC) MSRC Engineering MSRC Ops EcoStratEcoStrat Conception Release

8. Alert and prescriptive guidance Sasser April 2004 Blaster August 2003 Zotob August 2005 Within 1 day Within 2 hours 2 days prior Within 10 days Within 2 days Same day Within 38 days Within 3 days Within 3 days Online guidance/ Webcast Free worm removal tool Update available after 1 st exploit Products not affected by attacks MS08-067 October 2008 (Conficker) Before publicly known (MAPP) 3 times, 2x Same day Didn’t need one* +11 days+4 days+2 days-11 days none XPSP2 Vista, Server 2008

9. http://blogs.technet.com/security

11. Report addresses data and trends observed over the past several years, but focuses on the second half of 2008 (2H08) Major sections cover The Threat Ecosystem Software Vulnerability Disclosures Software Vulnerability Exploits Browser-Based and Document Format Exploits Security and Privacy Breaches Malicious Software and Potentially Unwanted Software Email, Spam, Phishing and Drive-By Download Threats Special Focus on Rogue Security Software Report builds on five previous editions of the SIR

12. Software Vulnerability Disclosures Common Vulnerabilities and Exposures Website http://cve.mitre.org http://www.first.org/cvss National Vulnerability Database (NVD) Web site http://nvd.nist.gov/ Security Web sites Vendor Web sites and support sites Security Breach Notifications http://datalossdb.org

13. Malicious Software and Potentially Unwanted Software Data from several hundred million computers worldwide Some of the busiest services on the Internet (e.g. Hotmail) During 2H08 MSRT executed 2.2 billion times Since January 2005 total MSRT executions surpass 15 billion Also data from Windows Live Search and the Microsoft Windows Safety Platform

15. Disclosures in 2H08 down 3% from 1H08 Disclosure for all of 2008 down 12% from 2007 Industry-wide vulnerability disclosures by half-year, 2H03-2H08

16. Operating system vulnerabilities – 8.8% of the total Browser vulnerabilities – 4.5% of the total Other vulnerabilities – 86.7% of the total Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08

17. Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-Microsoft products, 2H03-2H08 Non-Microsoft Microsoft

19. On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006 The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08 Microsoft Vulnerabilities Third-Party Vulnerabilities

20. On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08 Third-Party Vulnerabilities

21. Attacks spiked significantly in 2H08 Both vulnerabilities exploited had updates available from Adobe and did not exist in the most recent version of Adobe products Adobe Reader exploits by month in 2008, indexed to the monthly average for 2H08

23. Study of publicly reported security breaches worldwide Hacking and viruses less than 20% of all notifications in 2H08 50% of breaches in 2H08 resulted from stolen equipment Security breach incidents by type, expressed as percentages of the total, 2H07-2H08

26. FamilyCategory Infected computers Trend 1 Win32/ZangoSearchA ssistant Adware 400,596+ 13.3% 2Win32/Renos Trojan Downloaders & Droppers 329,368+ 213.3% 3Win32/Zlob Trojan Downloaders & Droppers 325,628- 21.9% 4Win32/VundoMisc. Trojans 270,021+ 27.8% 5 Win32/ZangoShoppin greports Adware 205,727+ 20.0% 6Win32/Hotbar Adware 179,861+ 2.4% 7Win32/FakeSecSenMisc. Trojans 125,321New 8Win32/FakeXPAMisc. Trojans 112,358New 9Win32/Antivirus2008 Misc. Potentially Unwanted Software 86,509New 10ASX/Wimad Trojan Downloaders & Droppers 84,944 11Win32/Playmp3z Misc. Potentially Unwanted Software 83,190 12Win32/AgentMisc. Trojans 74,978 RankFamilyCategory Infected computers 13 Win32/SeekmoSea rchAssistant Adware 67,773 14Win32/C2LopMiscellaneous Trojans 60,333 15Win32/MeredropMiscellaneous Trojans 50,837 16Win32/Winfixer Misc. Potentially Unwanted Software 50,750 17Win32/TibsMiscellaneous Trojans 48,411 18Win32/Starware Misc. Potentially Unwanted Software 42,831 19 Win32/WinSpywar eProtect Trojan Downloader 39,107 20Win32/ConHookMiscellaneous Trojans 36,127 21Win32/Vapsup Misc. Potentially Unwanted Software 33,488 22 Win32/OneStepSea rch Misc. Potentially Unwanted Software 33,409 23Win32/AlureonMiscellaneous Trojans 33,397 24Win32/OderoorBackdoors 32,556 25Win32/AdRotatorAdware 30,723

27. The infection rate of Windows Vista SP1 was 60.6% less than Windows XP SP3 Windows Vista with no service pack was 89.1% less than Windows XP with no service pack installed

29. Some rogue security software families mimic genuine Windows security warnings Clicking “Recommendations” initiates a registration and purchase process

30. Some variants of Win32/FakeXPA display fake “blue screen” error messages

31. Microsoft Internet Safety Enforcement Team (ISET) partners with governments, law enforcement, and industry partners worldwide Several legal cases initiated against the creators and distributors of rogue security software For full details of these legal actions please refer to the full Security Intelligence Report volume 6 document

33. Microsoft Forefront Online Security for Exchange filtered 97.3 percent of all e-mail messages received in 2H08

36. http://www.microsoft.com/downloads/details.aspx?FamilyID=c3d986d0 -ecc3-4ce0-9c25-048ec5b52a4f&displaylang=en

37. www.microsoft.com/mscorp/twc/blogs

38. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.