The newly published Microsoft Security Intelligence Report (SIR) is a hefty 152 page read, which will probably keep many IT sysadmins occupied for a while.
It’s a good excuse to put your feet up, lean back in your swivel chair and read Microsoft’s pontifications on exploits, vulnerabilities, malware and other threats that might keep you and your company awake at night.
In fairness to Microsoft, they have one big advantage over many of the other vendors who produce security threat reports. After all, Microsoft’s software is – by its very nature – running on every single Windows computer, giving the firm an opportunity to gather data on what’s really happening out there.
Here is one of the highlights from Microsoft’s report that was pointed out to me by industry veteran Righard Zwienenberg.
Yes, in the last quarter of 2013, Microsoft says that the Windows 7 computers it scanned were more likely to be infected by malware than PCs running Windows XP. An infection rate of 2.59% for Windows 7 (25.9 per 1000 computers scanned) compared to 2.42% for XP.
Windows Vista isn’t looking too healthy either.
And before you think that the stats are telling a skewed story because of the different number of users of the different operating systems, these numbers have been normalised by Microsoft.
This data is normalized; that is, the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP3 computers to 1,000 Windows 8 RTM computers).
Microsoft says the dramatic rise in infection rates from Q3 to Q4 2013 can be largely blamed on the Rotbrow family of malware which presented itself as a browser add-on.
So, do these statistics suggest that Windows 7 is a less safe environment than Windows XP? If only things were that simple.
No, the truth is that – if configured correctly – Windows 7 can provide better security than Windows XP.
For instance, users of more modern versions of Windows can take full advantage of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a utility that can block malware successfully exploiting zero-day vulnerabilities, and make life harder for attackers.
EMET *can* be run on Windows XP Service Pack 3, but users of that platform don’t have access to all of its protection features.
It should also be remembered, of course, that not all malware relies upon vulnerabilities and security holes.
A large number of the malware attacks seen use simple social engineering techniques that trick users into making poor decisions, such as clicking on a malicious link or running a malware-infected file that has been sent to them.
The statistics in Microsoft’s report cover a period when Windows XP was still receiving security updates from Microsoft. Going forward we can expect XP computers to become more and more riddled with malware as security holes are left unpatched.
In short, don’t downgrade your version of Windows to Windows XP!
Also, don’t expect to see Windows XP making as much of an impact in future Microsoft security reports. The company collects statistics on officially supported versions of the operating system and, as we hopefully all know by now, the creaky old XP version of Windows is no longer supported.
You can download the full report from Microsoft’s website.
Errata: An earlier version of this article messed up the percentages, assuming Microsoft’s graphic to show a percentage rather than be figures per *1000* computers. Apologies to anybody who was misled by my error.
Update 13 May 2014: Microsoft has been in touch, clearly keen to put its statistics in context and reassure Windows users.
Here’s what a spokesperson for the company had to say to me:
As you’ve reported, there was an the increase in computers cleaned from malware (CCM) in the 4th quarter of 2013. This increase was predominately due to a new detection added to Microsoft’s security products for a threat known as Rotbrow. Rotbrow is a threat that uses deceptive tactics instead of software vulnerabilities to trick its victims into installing malware. (More information on Rotbrow can be found here.)
Rotbrow was more prevalent on Windows 7 and Windows Vista, likely for monetization purposes (e.g. Click Fraud, etc). It is important to note that the rise in computers cleaned in the chart below is not an indication of the operating systems security effectiveness. Deceptive tactics can trick anyone.
Detections of Rotbrow significantly decreased after December 2013 once systems were cleaned and we expect the CCM infection rate to return to more typical levels in subsequent quarters as the Malicious Software Removal Tool and other security products work to clean the remaining backlog of old Rotbrow infections.
Microsoft continues to urge people to upgrade from Windows XP to a more modern operating system to better protect themselves.
This tells me that win7 users explore more dodgy web sites than users of other os, this would fall correctly into the fact that XP is used by older users and would be less likely to visit sites that harbour threats, And of course nobody at all uses windows 8 and in the early part of next year Microsoft will be closed down by trading standards for calling win 8 an operating system .
Windows XP is mostly used by governments and enterprises anymore – meaning places that do care about security. That said, the infection rates are a bit worrying. What comes to Vista, it is not used by enterprises or governments. It's used by laggards who doesn't know anything about security or even computers in general.
W8 numbers prove that porting malware to W8 is not too difficult. W8.1 numbers prove that if you run latest and greatest, you are virtually free of malware.
“W8.1 numbers prove that if you run latest and greatest, you are virtually free of malware''
…which is quite obvious, given that the 'malware-as-a-service' dealers usually have got more time to concentrate on the 'oldies' than on the 'latest and greatest'.
Please, please tell me that a Microsoft spokesman did not really say that CCM stands for "Computers Cleaned from Malware." As per the linked glossary entry, it stands for "Computers Cleaned per Mille," where mille is a statistician's way of saying "thousand." So a CCM of 25 means that 25 machines out of a thousand were cleaned.
not around here. we don't access the internet from ANY microsoft product. two reasons. first off they don't know squat about security (and thats pretty obvious, isn't it?). and secondly we access the internet ONLY from linux. that's only one reason linux is so much faster (don't need none of that stuff running within background threads). the real reason for all this is this thingee called "partitions". In linux partitions are protect by the partition itself. however in Microsoft the partitions are protected by the OS, but NOT the partitions themselves. thus we can just walk right into a windows partition and grab anything we want. We've "grabbed" a LOTTA stuff on a windows partition that was not reachable from a non-booting OS. but that's no issue from linux! simply boot off a stick, see? and if you don't believe me try it yourself.