Microsoft announces MAPP overhaul
Posted on 30 July 2013.
Introduced in 2008, the Microsoft Active Protections Program (MAPP) was created to give antivirus vendors a head start against malware developers. Vendors would get information from Microsoft security bulletins some time before it was shared with the greater public, so that they could be ready to release signatures for vulnerabilities immediately after the bulletins were published every second Tuesday of each month.

"Since the program launched, there has been little external change to how it operates. Internally, we have made slight adjustments to how the program is managed but by and large, it is the same program it was in 2008 and the same program our partners still say is essential to their operations," says Jerry Bryant, senior security strategist with Microsoft Trustworthy Computing.

But with the release of Microsoft's latest MSRC Progress Report, the company has announced some considerable changes to MAPP.

By renaming it to MAPP for Security Vendors, they are making it just a part of a larger program which will also include MAPP for Responders and the MAPP Scanner.

MAPP for Security Vendors will be gaining MAPP Validate, a program that will allow some members of the MAPP community to provide feedback on Microsoft's detection guidance before the final distribution. Also, some trusted vendors will be now getting a three day window instead of the current one-day to come up with a signatures for vulnerabilities, while entry-level MAPP partners will be limited to the latter for the time being.

MAPP for Responders is a new program that will concentrate on threat intelligence. "Arming more defenders against targeted attacks is a key part of our overall strategy," says Bryant, and the program will employ a “give to get” model, i.e. incident responders will get critical threat intelligence but will be required to share theirs (in a common format - Mitre's STIX and TAXII specifications). Microsoft will contribute by sharing threat indicators such as malicious URLs, file hashes, incident data and relevant detection guidance.

Finally, the MAPP Scanner, a cloud-based service that will allow program members to scan suspect Office documents, PDF files, Flash movies, and URLs and see if they are malicious or not.

It will combine static and active analysis, and will test the files in virtual machines running every supported version of Windows and of the application they need to run. By detecting in this way both known vulnerabilities and suspicious activities tied to unknown ones, Microsoft hopes to increase the likelihood of new attacks and attack vectors being discovered.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th