Windows 7 malware infection rate soars in 2012
But 2009 OS still 2X-3X less likely to get hacked than 11-year-old XP
Computerworld - Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today.
But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.
Data from Microsoft's newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.
The infection rate for Windows RTM, or "release to manufacturing," the original version launched in Oct. 2009, was 33% higher this year for the 32-bit edition (x86), 59% higher for the 64-bit (x64) OS.
Windows 7 Service Pack 1 (SP1) -- the upgrade that shipped in Feb. 2011 -- saw even larger infection increases: 172% for x86, 182% for x64.
Microsoft blamed several factors for the boost in successful malware attacks, including less savvy users.
"This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows," said Microsoft in its latest Security Intelligence Report. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."
But other elements came into play, argued Tim Rains, director of Microsoft's Trustworthy Computing group.
"There are several factors at play here. In XP, for example, we've seen infection rates go up because of particular pieces of malware that are more effective on that platform," said Rains in an interview. "[And] in different places in the world, [users'] ability to keep Windows up to date varies greatly."
For the first time, Microsoft ranked the threats facing each version of Windows, bolstering Rains' assertion that some malware families are more successful against, or at least more often aimed at, specific Windows builds, and thus affect the infection rates.
But security researchers were more likely to pin the blame on Windows 7's popularity.
"Windows 7 has really been the first platform adopted by both enterprises and consumers, and that kind of adoption hasn't happened in quite some time for Microsoft," said Andrew Storms, director of security operations at nCircle Security. "Given the market movements, its likely that the attackers follow."
And Windows 7 is a more popular operating system this year: From June 2011 to June 2012, Windows 7's usage share grew 45%, according to statistics from metric firm Net Applications.
Microsoft collects infection data from several sources, including the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware. It then normalizes the data by comparing an equal number of computers for each edition of Windows.
The measurements are expressed as X per thousand: Windows XP SP3's infection rate, for instance, was 9.5 in the second quarter, or 9.5 XP SP3 machines out of every 1,000.
The x86 editions of Windows 7 RTM and SP1 came with higher infection rates than the x64 versions, and Windows 7 SP1 was less likely to be infected than RTM. Windows 7 RTM x86 had the highest rate, 5.3, while Windows 7 SP1 x64 had the lowest, just 3.1.
But even with that low rate, Windows 7 SP1 x64 had the dubious distinction of sporting the largest year-to-year increase because in the second quarter of 2011, its infection rate was an even lower 1.1.
Microsoft's numbers back up the belief that Windows 7 is a more secure OS than the still-present-in-large-numbers XP, and makes a good case for users of the latter to migrate to the former, a transition Microsoft and industry analysts have long supported.
If history is any guide, Windows 7's infection rate will continue to climb as its market share does the same, and won't begin to decline until a successor replaces it on a large number of PCs.
"There is probably no single technology feature set that can explain infection rates in either incline or decline," said Storms. "It has more to do with what the attackers want to attack. And as we have seen, attackers generally get what they want."
The 146-page Security Intelligence Report Volume 13 can be downloaded from Microsoft's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts