Windows 7 more at risk than Windows XP

Microsoft has revealed that computers running its Windows Vista and Windows 7 operating systems are more likely to be infected with malware than the 13-year-old Windows XP operating system that went out of support last month.

According to the company’s biannual Security Intelligence Report (SIR), Windows XP computers had an infection rate of 2.42 per cent in the last quarter of 2013, compared to 3.24 per cent for Windows Vista and 2.59 per cent for Windows 7.

Microsoft said the data had been normalised to account for the different numbers of computers running each version of the operating system. Windows 8 had a 1.73 per cent infection rate and Windows 8.1 (the latest version) just 0.08 per cent.

The Security Intelligence Report also detected a dramatic rise in infection rates between the third quarter and fourth quarter of 2013 across all versions of Windows. Microsoft said this can be largely blamed on the Rotbrow family of malware, which presented itself as a browser add-on.

Commenting on the report, security expert Graham Cluley said that the statistics do not necessarily suggest that Windows 7 is a less safe environment than Windows XP. Users of more modern versions of Windows can take full advantage of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which can block malware.

The statistics in Microsoft’s report cover a period when Windows XP was still receiving security updates from Microsoft. Going forward we can expect XP computers to become more and more riddled with malware as security holes are left unpatched. In short, don’t downgrade your version of Windows to Windows XP, he said in a blog post.

Also, dont expect to see Windows XP making as much of an impact in future Microsoft security reports. The company collects statistics on officially supported versions of the operating system and, as we hopefully all know by now, the creaky old XP version of Windows is no longer supported.

He added that not all malware relies upon vulnerabilities and security holes, and a large number of malware attacks use simple social engineering techniques that trick users into making poor decisions, such as clicking on a malicious link or running a malware-infected file that has been sent to them.

The news coincides with a report from the Information Commissioners Office, warning that a failure to keep software security up to date is one of the eight most common IT security vulnerabilities that have resulted in organisations failing to keep peoples information secure.

In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed, said the ICOs group manager for technology, Simon Rice.

While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers information secure.