Windows Vista infection rates climb, says Microsoft
End of support last year for SP1 responsible for spike in successful attacks
Computerworld - Microsoft said last week that a skew toward more exploits on Windows Vista can be attributed to the demise of support for the operating system's first service pack.
Data from the company's newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That's counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft's Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition's retirement from security support.
"This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform," said Rains in a blog post last week.
Microsoft stopped delivering patches for Vista SP1 in July 2011. For the bulk of the reporting period, then, Vista SP1 users did not receive fixes to flaws, including some that were later exploited by criminals.
Vista SP2 will continue to be patched until mid-April 2017.
Rains also noted that the infection rates of both Windows XP SP3 and Vista dropped dramatically last year after Microsoft automatically pushed a "backport" update which disabled AutoRun, a Windows feature that major worms, including Conficker and Stuxnet, abused to infect millions of machines.
Rains seemed to intimate that the AutoRun disabling had more impact on XP than on Vista, and by Microsoft's data, he may have been on to something: While XP's infection rate continued to drop throughout the year, Vista SP2's climbed from the second quarter to the third, and again from the third to the fourth.
Windows 7's infection rate also increased each quarter of 2011.
Andrew Storms, director of security operations at nCircle Security, had a different theory for XP's infection rate decline and the rise of Vista's and Windows 7's.
"As Microsoft's intelligence gets better in [the Malicious Software Removal Tool] and fewer attackers focus on the older OS, then fewer infections should be found on the older OS," said Storms, talking about Windows XP.
Most of Microsoft's infection rate data is derived from the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware families.
And the rise of infection rates in Vista and Windows 7?
"It would be expected that all the SKUs should go up slightly over time simply because new vulnerabilities are found, more attacks always happening, and so on," Storms added.
Rains urged XP and Vista users to upgrade to the supported service packs -- SP3 for XP, SP2 for Vista -- to continue to receive patches.
The 126-page Security Intelligence Report that Rains referenced can be found on Microsoft's website (download PDF)
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts