Windows 7 malware infection rate soars in 2012
But 2009 OS still 2X-3X less likely to get hacked than 11-year-old XP
Computerworld - Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today.
But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.
Data from Microsoft's newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.
The infection rate for Windows RTM, or "release to manufacturing," the original version launched in Oct. 2009, was 33% higher this year for the 32-bit edition (x86), 59% higher for the 64-bit (x64) OS.
Windows 7 Service Pack 1 (SP1) -- the upgrade that shipped in Feb. 2011 -- saw even larger infection increases: 172% for x86, 182% for x64.
Microsoft blamed several factors for the boost in successful malware attacks, including less savvy users.
"This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows," said Microsoft in its latest Security Intelligence Report. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."
But other elements came into play, argued Tim Rains, director of Microsoft's Trustworthy Computing group.
"There are several factors at play here. In XP, for example, we've seen infection rates go up because of particular pieces of malware that are more effective on that platform," said Rains in an interview. "[And] in different places in the world, [users'] ability to keep Windows up to date varies greatly."
For the first time, Microsoft ranked the threats facing each version of Windows, bolstering Rains' assertion that some malware families are more successful against, or at least more often aimed at, specific Windows builds, and thus affect the infection rates.
But security researchers were more likely to pin the blame on Windows 7's popularity.
"Windows 7 has really been the first platform adopted by both enterprises and consumers, and that kind of adoption hasn't happened in quite some time for Microsoft," said Andrew Storms, director of security operations at nCircle Security. "Given the market movements, its likely that the attackers follow."
And Windows 7 is a more popular operating system this year: From June 2011 to June 2012, Windows 7's usage share grew 45%, according to statistics from metric firm Net Applications.
Microsoft collects infection data from several sources, including the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware. It then normalizes the data by comparing an equal number of computers for each edition of Windows.
The measurements are expressed as X per thousand: Windows XP SP3's infection rate, for instance, was 9.5 in the second quarter, or 9.5 XP SP3 machines out of every 1,000.
The x86 editions of Windows 7 RTM and SP1 came with higher infection rates than the x64 versions, and Windows 7 SP1 was less likely to be infected than RTM. Windows 7 RTM x86 had the highest rate, 5.3, while Windows 7 SP1 x64 had the lowest, just 3.1.
But even with that low rate, Windows 7 SP1 x64 had the dubious distinction of sporting the largest year-to-year increase because in the second quarter of 2011, its infection rate was an even lower 1.1.
Microsoft's numbers back up the belief that Windows 7 is a more secure OS than the still-present-in-large-numbers XP, and makes a good case for users of the latter to migrate to the former, a transition Microsoft and industry analysts have long supported.
If history is any guide, Windows 7's infection rate will continue to climb as its market share does the same, and won't begin to decline until a successor replaces it on a large number of PCs.
"There is probably no single technology feature set that can explain infection rates in either incline or decline," said Storms. "It has more to do with what the attackers want to attack. And as we have seen, attackers generally get what they want."
The 146-page Security Intelligence Report Volume 13 can be downloaded from Microsoft's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
Read more about Security in Computerworld's Security Topic Center.
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 9 Essentials for a Complete Cloud-to-Cloud Backup Solution In 9 Essentials for a Complete Cloud-to-Cloud Backup Solution, we'll walk you through potential sources of data loss in the cloud and provide...
- Workload Change: The 70 Percent of Your Business DevOps Forgot Adding WLA early in the development process ensures that the benefits of DevOps accrue for all applications, including your batch services. This paper...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts. All Operating Systems White Papers | Webcasts