Microsoft has recently published the latest version of the Security Intelligence Report v14 (http://microsoft.com/sir) focusing on software vulnerabilities, software vulnerability exploits, and malicious and potentially unwanted software during the third and fourth quarter of 2012. Please allow me to share a few highlights from the report.
Computers with a real-time antimalware protection were on average 5.5 times less likely to report malware infections than those without. On top of that, 25% of computers worldwide (or 270 million computers) were not protected by up-to-date antivirus software. Microsoft offers for free its antimalware Microsoft Security Essentials for people using a genuine Windows. Windows 8 comes with a built-in antimalware called Windows Defender. Other consumer security solutions can be found here: http://www.microsoft.com/windows/antivirus-partners.
The following graph shows the vulnerability disclosures for Microsoft and non-Microsoft products, emphasizing that when you deploy security updates you should pay attention to not only Microsoft software but also to other software from third parties.
SIR v14 provides a heat-maps that show the infection rates in locations around the world in computers cleaned per mille (CCM), which represents the number of reported computers cleaned for every 1,000 executions of the Microsoft Malicious Software Removal Tool (MSRT). Here is the one for Q4 2012:
As you can see, the Gulf region is having a greater proportion of cleanings of malware supported by MSRT than the worldwide average (keep in mind though that MSRT only cleans a subset of all malware listed in Microsoft Malware Encyclopedia.)
I want here to underline that the State of Qatar was the least infected country in the Middle-East at the end of 2012
The more recent your Windows is, the less likely the infections.
See above how Windows XP was the most infected Windows. If you add on top of that the termination of Windows XP on April 8th, 2014, I hope it’s a clear case to retire Windows XP as soon as possible.
Next I’ll cover targeted attacks by determined and persistent human attackers. Stay tuned.