This is Part 4 of a series of articles on the threat landscape in the Middle East and southwest Asia. This series examines malware infection rates and the factors contributing to them in several locations in the region including Bahrain, Egypt, Israel, Iraq, Jordan, Kuwait, Lebanon, Oman, Pakistan, Palestinian Authority, Qatar, Saudi Arabia, Syria, Turkey, and the United Arab Emirates. The first three parts of the series covered the following topics:

  • Part 1 examines malware infection rates of many locations in the region and establishes that they are relatively high compared to the worldwide average.
  • Part 2 explores the “encounter rate” and whether the relatively high malware infection rates in the region are simply a result of people encountering malware more frequently in this region than other parts of the world.
  • Part 3 examines whether differences in real-time anti-virus usage among countries/regions helps explain differences among regional infection rates, i.e. do locations that have a high percentage of unprotected systems have high malware infection rates?

This article explores whether there is a link between the usage of older software and relatively high regional malware infection rates. Specifically, can the relatively high malware infection rates in the Middle East and southwest Asia be explained by the relatively large number of systems in the region running an older operating system like Windows XP?

I have written about infection rates for the different versions of Windows on a few occasions, here are a couple of past articles:

For the most part, the long term trend we have observed is that newer operating systems have lower malware infection rates than older operating systems, as seen in Figure 1. This is true despite all of the operating system versions encountering malware in the same ball park range between 12 percent and 20 percent of systems running Microsoft real-time anti-virus software, i.e. all the currently supported Windows operating systems encounter malware as often as the others, but the newer operating systems end up getting infected far less often than the older operating systems. For more details on encounter rate, please see Part 2 of this series.

Figure 1 (left): Infection rates or CCM (left vertical axis) and encounter rates (right vertical axis) for Windows XP Service Pack 3, Windows Vista Service Pack 2, Windows 7 Service Pack 1, and Windows 8 (no service pack) in the second quarter of 2013 (2Q13); Figure 2 (right): Windows XP Market share % for locations in the Middle East and southwest Asia in August/September 2013, source: statcounter.com. This work by StatCounter is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. No changes were made to the content. CCM source: Microsoft Security Intelligence Report, Volume 15

     

Given that Windows XP has a malware infection rate six times higher than Windows 8 and twice the infection rate of Windows 7, a reasonable hypothesis would seem to be that locations with high concentrations of Windows XP systems will have relatively high malware infection rates. The data in Figure 2 suggests that this is generally true, but with some notable exceptions.

The locations in the region that have the highest Windows XP market share according to StatCounter include Pakistan (42.6%), Egypt (41.6%), the Palestinian Authority (26.7%), and Turkey (26.8%). These four locations are among the top six locations with the highest malware infection rates in the region. Pakistan has the highest Windows XP market share percentage of the locations we looked at in the region, according to StatCounter, and has the second highest malware infection rate in the region.

As I mentioned there are some interesting exceptions, it had the highest malware infection rate in the region with a CCM of 31.5, but the lowest Windows XP market share percentage in the region at 7.6 percent. You might be wondering why Iraq has such a low Windows XP market share percentage compared to all other locations in the region. Interestingly, there were sanctions restricting trade with Iraq between 1990 and 2003. Windows XP was released during this time in 2001, which helps explain why Windows XP had such a relatively low market share there. Windows 7, which was released in 2009 well after sanctions ended in Iraq, had almost 80 percent market share in Iraq in August/September of 2013 according to StatCounter. Considering this data, it would seem that Windows XP market share percentage is not as big a factor in regional malware infection rates in Israel and Iraq as it might be in other locations in the region.

In this series I have examined some factors that all seem to have some effect on regional malware infection rates including malware encounter rates and targeted attacks, regional anti-virus usage, and regional Windows XP market share. But none of these factors by themselves can explain why the Middle East and southwest Asia have such high malware infection rates, relative to other places. In the final parts of this series I will explore a broader range of socio-economic factors that we have observed to be correlated with regional malware infection rates. Could factors like Facebook penetration, government corruption or GDP per capita help explain differences in regional malware infection rates? Part 5 of this series will look at these factors and others.

Tim Rains
Director
Trustworthy Computing