Depending on your background, you may find different sections of the newly published Microsoft Security Intelligence Report (SIR) to be of more interest.  In today’s post, we would like to highlight the section on infection rates based on the operating system (OS) version and the service pack level.  Microsoft has consistently observed that machines with newer OS and with more recent service packs are less likely to be infected by malware.  The graph below shows the number of computers having malware removed per 1,000 executions of the MSRT on that OS/SP during the second half of 2008 (2H08).

In the SIR, you will find the the following conclusions based on this data:

  • The infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP, in all configurations.

  • Comparing the latest service packs for each version, the infection rate of Windows Vista SP1 is 60.6 percent less than that of Windows XP SP3. 

  • Comparing the RTM versions of these operating systems, the infection rate of the RTM version of Windows Vista is 89.1 percent less than that of the RTM version of Windows XP. 

  • The infection rate of Windows Server 2008 RTM is 52.6 percent less than that of its predecessor, Windows Server 2003 SP2. 

    • The higher the service pack level, the lower the rate of infection. This trend can be observed consistently across client and server operating systems. There are two reasons for this:

    • Service packs include all previously released security updates. They can also include additional security features, mitigations, or changes to default settings to protect users.

  • Users who install service packs generally maintain their computers better than users who do not install service packs and may also be more cautious in the way they browse the Internet, open attachments, and engage in other activities that can open computers to attack.

  • Server versions of Windows typically display a lower infection rate on average than client versions. Servers tend to have a lower effective attack surface than computers running client operating systems as they are more likely to be used under controlled conditions by trained administrators and to be protected by one or more layers of security. In particular, Windows Server 2003 its successors are hardened against attack in a number of ways, reflecting this difference in usage.

This data shows that regularly deploying service packs can help reduce the risk of malware and deploying newer versions of operating system can help further reduce the infection rate. We hope this information is useful for you.

Scott Wu