Security Advisor

Microsoft Security Report: XP Won't Keep Users Safe

Microsoft's latest security report highlights the huge gap between Windows XP and Windows 8 infection rates.

Microsoft's 15th Security Intelligence Report (SIR), released this week, gave the company yet another platform to reiterate the importance of moving away from Windows XP before official support ends in April.

The report, which analyzed threats from more than one billion systems worldwide over the first two quarters of 2013, found that those running XP were more than six times likely to be infected than those systems running Windows 8.

While it may be easy to theorize that systems running older OSes have higher infection rates than newer versions due to increased attacks roaming in the wild, the encounter rates between versions may be closer than you would think. According to Microsoft's data, only 16.3 percent of monitored XP machines reported running into attacks. This isn't a huge margin from Windows 8, which had an encounter rate of 12.4 percent and isn't far off from the encounter-leading Windows 7 and its 19.1 percent rate.

"The disparity between the two metrics highlights the importance of moving away from older operating system versions to newer, more secure ones," read the report. "Computers running Windows XP in 1H13 encountered about 31 percent more malware worldwide than computers running Windows 8, but their infection rate was more than 5 times as high."

Keep in mind that these numbers all come from a time when XP is still being supported just as much as Windows 8 (even more if you look at the previous few months on which OS has received the most security bulletins out of all supported Windows versions). Supported or not, sticking with the older OS means you're not able to take advantage of the newer defensive capabilities baked into later versions.

"The data help illustrate the positive impact that security innovations in newer operating systems are having. Modern operating systems such as Windows 8 include advanced security technologies that are specifically designed to make it harder, more complex, more expensive and, therefore, less appealing for cybercriminals to exploit vulnerabilities," said Tim Rains, director of Microsoft Trustworthy Computing.  

While newer security features in Microsoft's latest OS is helping to curb the actual number of infections, vulnerabilities exploited through flaws in Microsoft software took an uptick for the first half of the year. After the number of Microsoft vulnerabilities had steadily declined between the second half of 2010 and the beginning of 2013, the number of disclosed issues rose 7.4 percent during the report's timeframe.

Looking at not only Microsoft software, this report once again pointed to application vulnerability disclosures leading the pack, accounting for 63.5 of all disclosures for the first half of 2013. The good news is that the number of app disclosures has steadily fallen since the beginning of 2012 and that also holds true for browser vulnerability disclosures, which decreased to 18.3 percent.

The bad news is OS vulnerability disclosures rose 39.3 percent since the end of last year, finishing the first half with 22.2 percent of total vulnerability disclosures.

Next time we'll dive into what types of malware Microsoft's report found dominated the security landscape in the first half of the year.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube