The newly published Microsoft Security Intelligence Report (SIR) is a hefty 152 page read, which will probably keep many IT sysadmins occupied for a while.
It’s a good excuse to put your feet up, lean back in your swivel chair and read Microsoft’s pontifications on exploits, vulnerabilities, malware and other threats that might keep you and your company awake at night.
In fairness to Microsoft, they have one big advantage over many of the other vendors who produce security threat reports. After all, Microsoft’s software is – by its very nature – running on every single Windows computer, giving the firm an opportunity to gather data on what’s really happening out there.
Here is one of the highlights from Microsoft’s report that was pointed out to me by industry veteran Righard Zwienenberg.
Yes, in the last quarter of 2013, Microsoft says that the Windows 7 computers it scanned were more likely to be infected by malware than PCs running Windows XP. An infection rate of 2.59% for Windows 7 (25.9 per 1000 computers scanned) compared to 2.42% for XP.
Windows Vista isn’t looking too healthy either.
And before you think that the stats are telling a skewed story because of the different number of users of the different operating systems, these numbers have been normalised by Microsoft.
This data is normalized; that is, the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP3 computers to 1,000 Windows 8 RTM computers).
Microsoft says the dramatic rise in infection rates from Q3 to Q4 2013 can be largely blamed on the Rotbrow family of malware which presented itself as a browser add-on.
So, do these statistics suggest that Windows 7 is a less safe environment than Windows XP? If only things were that simple.
No, the truth is that – if configured correctly – Windows 7 can provide better security than Windows XP.
For instance, users of more modern versions of Windows can take full advantage of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a utility that can block malware successfully exploiting zero-day vulnerabilities, and make life harder for attackers.
EMET *can* be run on Windows XP Service Pack 3, but users of that platform don’t have access to all of its protection features.
It should also be remembered, of course, that not all malware relies upon vulnerabilities and security holes.
A large number of the malware attacks seen use simple social engineering techniques that trick users into making poor decisions, such as clicking on a malicious link or running a malware-infected file that has been sent to them.
The statistics in Microsoft’s report cover a period when Windows XP was still receiving security updates from Microsoft. Going forward we can expect XP computers to become more and more riddled with malware as security holes are left unpatched.
In short, don’t downgrade your version of Windows to Windows XP!
Also, don’t expect to see Windows XP making as much of an impact in future Microsoft security reports. The company collects statistics on officially supported versions of the operating system and, as we hopefully all know by now, the creaky old XP version of Windows is no longer supported.
You can download the full report from Microsoft’s website.
Errata: An earlier version of this article messed up the percentages, assuming Microsoft’s graphic to show a percentage rather than be figures per *1000* computers. Apologies to anybody who was misled by my error.
Update 13 May 2014: Microsoft has been in touch, clearly keen to put its statistics in context and reassure Windows users.
Here’s what a spokesperson for the company had to say to me:
As you’ve reported, there was an the increase in computers cleaned from malware (CCM) in the 4th quarter of 2013. This increase was predominately due to a new detection added to Microsoft’s security products for a threat known as Rotbrow. Rotbrow is a threat that uses deceptive tactics instead of software vulnerabilities to trick its victims into installing malware. (More information on Rotbrow can be found here.)
Rotbrow was more prevalent on Windows 7 and Windows Vista, likely for monetization purposes (e.g. Click Fraud, etc). It is important to note that the rise in computers cleaned in the chart below is not an indication of the operating systems security effectiveness. Deceptive tactics can trick anyone.
Detections of Rotbrow significantly decreased after December 2013 once systems were cleaned and we expect the CCM infection rate to return to more typical levels in subsequent quarters as the Malicious Software Removal Tool and other security products work to clean the remaining backlog of old Rotbrow infections.
Microsoft continues to urge people to upgrade from Windows XP to a more modern operating system to better protect themselves.