Windows 7 malware infection rate soars in 2012

Computerworld - Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today.

But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.

Data from Microsoft's newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.

The infection rate for Windows RTM, or "release to manufacturing," the original version launched in Oct. 2009, was 33% higher this year for the 32-bit edition (x86), 59% higher for the 64-bit (x64) OS.

Windows 7 Service Pack 1 (SP1) -- the upgrade that shipped in Feb. 2011 -- saw even larger infection increases: 172% for x86, 182% for x64.

Microsoft blamed several factors for the boost in successful malware attacks, including less savvy users.

"This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows," said Microsoft in its latest Security Intelligence Report. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."

But other elements came into play, argued Tim Rains, director of Microsoft's Trustworthy Computing group.

"There are several factors at play here. In XP, for example, we've seen infection rates go up because of particular pieces of malware that are more effective on that platform," said Rains in an interview. "[And] in different places in the world, [users'] ability to keep Windows up to date varies greatly."

For the first time, Microsoft ranked the threats facing each version of Windows, bolstering Rains' assertion that some malware families are more successful against, or at least more often aimed at, specific Windows builds, and thus affect the infection rates.

But security researchers were more likely to pin the blame on Windows 7's popularity.

"Windows 7 has really been the first platform adopted by both enterprises and consumers, and that kind of adoption hasn't happened in quite some time for Microsoft," said Andrew Storms, director of security operations at nCircle Security. "Given the market movements, its likely that the attackers follow."

And Windows 7 is a more popular operating system this year: From June 2011 to June 2012, Windows 7's usage share grew 45%, according to statistics from metric firm Net Applications.

Microsoft collects infection data from several sources, including the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware. It then normalizes the data by comparing an equal number of computers for each edition of Windows.

The measurements are expressed as X per thousand: Windows XP SP3's infection rate, for instance, was 9.5 in the second quarter, or 9.5 XP SP3 machines out of every 1,000.

The x86 editions of Windows 7 RTM and SP1 came with higher infection rates than the x64 versions, and Windows 7 SP1 was less likely to be infected than RTM. Windows 7 RTM x86 had the highest rate, 5.3, while Windows 7 SP1 x64 had the lowest, just 3.1.

But even with that low rate, Windows 7 SP1 x64 had the dubious distinction of sporting the largest year-to-year increase because in the second quarter of 2011, its infection rate was an even lower 1.1.

Microsoft's numbers back up the belief that Windows 7 is a more secure OS than the still-present-in-large-numbers XP, and makes a good case for users of the latter to migrate to the former, a transition Microsoft and industry analysts have long supported.

If history is any guide, Windows 7's infection rate will continue to climb as its market share does the same, and won't begin to decline until a successor replaces it on a large number of PCs.

"There is probably no single technology feature set that can explain infection rates in either incline or decline," said Storms. "It has more to do with what the attackers want to attack. And as we have seen, attackers generally get what they want."

The 146-page Security Intelligence Report Volume 13 can be downloaded from Microsoft's website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about Security in Computerworld's Security Topic Center.