Windows Vista infection rates climb, says Microsoft
End of support last year for SP1 responsible for spike in successful attacks
Computerworld - Microsoft said last week that a skew toward more exploits on Windows Vista can be attributed to the demise of support for the operating system's first service pack.
Data from the company's newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That's counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft's Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition's retirement from security support.
"This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform," said Rains in a blog post last week.
Microsoft stopped delivering patches for Vista SP1 in July 2011. For the bulk of the reporting period, then, Vista SP1 users did not receive fixes to flaws, including some that were later exploited by criminals.
Vista SP2 will continue to be patched until mid-April 2017.
Rains also noted that the infection rates of both Windows XP SP3 and Vista dropped dramatically last year after Microsoft automatically pushed a "backport" update which disabled AutoRun, a Windows feature that major worms, including Conficker and Stuxnet, abused to infect millions of machines.
Rains seemed to intimate that the AutoRun disabling had more impact on XP than on Vista, and by Microsoft's data, he may have been on to something: While XP's infection rate continued to drop throughout the year, Vista SP2's climbed from the second quarter to the third, and again from the third to the fourth.
Windows 7's infection rate also increased each quarter of 2011.
Andrew Storms, director of security operations at nCircle Security, had a different theory for XP's infection rate decline and the rise of Vista's and Windows 7's.
"As Microsoft's intelligence gets better in [the Malicious Software Removal Tool] and fewer attackers focus on the older OS, then fewer infections should be found on the older OS," said Storms, talking about Windows XP.
Most of Microsoft's infection rate data is derived from the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware families.
And the rise of infection rates in Vista and Windows 7?
"It would be expected that all the SKUs should go up slightly over time simply because new vulnerabilities are found, more attacks always happening, and so on," Storms added.
Rains urged XP and Vista users to upgrade to the supported service packs -- SP3 for XP, SP2 for Vista -- to continue to receive patches.
The 126-page Security Intelligence Report that Rains referenced can be found on Microsoft's website (download PDF)
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts