Windows XP is still Microsoft’s biggest security headache, but infections are rising on Windows 7

Filed Under: Featured, Malware, Microsoft, Windows

Windows XPThe rate of infection ticked up for Windows 7 in the first half of 2012, but Windows XP, Microsoft’s legacy operating system, is still far and away the biggest security headache for the software giant.

According to the recently released Microsoft Security Intelligence Report (PDF), infections per 1,000 systems running 32-bit versions of Windows XP SP3 were almost double those of 32-bit versions of Windows Vista and Windows 7, Microsoft’s newer operating systems.

Infections per 1000 Windows PCs. Source: Microsoft. Click for larger version

Microsoft says it cleaned infections from 9.5 of every 1,000 Windows XP SP3 systems it scanned for malware in the first six months of 2012 – an infection rate of less than 1%. By comparison, it cleaned infections from 4.9 of every 1,000 Vista systems and 5.3 of every 1,000 Windows 7 systems.

That sounds like a small number – until you realize that Microsoft is monitoring the subset of Windows users who install the company’s anti-malware software or various malware removal tools, and who agree to submit their data to the firm for analysis.

And, with 1.25 billion Windows systems globally, even fractional percentages translate into big numbers.

In fact, the infection rate for Windows XP SP3 increased in the first half of 2012, despite the fact that the operating system has firmly entered its sunset years.

Infections over time. Source: Microsoft. Click for larger version

Microsoft said two recent malware outbreaks, Win32/Dorkbot (part of the family responsible for this week's Skype worm attack) and the Trojan Win32/Pluzoks accounted for most of that increase.

Many of the reported infections were clustered in South Korea, where use of Windows XP remains higher than in other countries.

Microsoft’s investment in security in both Vista and Windows 7 seems to be paying off; both operating systems boast infection rates far lower than XP, while features such as Microsoft Update and Windows Update are gaining traction.

Use of Windows Update and Microsoft Update – which offer automated patching for all Microsoft’s software through a common service – increased 58 percent between 2008 and the first half of 2012.

The company credited its investments in security and automatic update capabilities for the lower infection rates with newer operating systems.

Windows 7 users, the company said, were 20 percent more likely than Windows XP users to have the latest operating system patches installed and around 40 percent more likely to have installed important application patches, such as for Word and Adobe Reader.

, , , , ,

You might like

12 Responses to Windows XP is still Microsoft’s biggest security headache, but infections are rising on Windows 7

  1. AndyL · 1057 days ago

    Isn't this dodgy stats or am I missing something? XP has 9.5 infections per 1000, Vista has 10.0 and Win7 has 17.6! Therefore XP has fewer infections per 1000.....

    • mittfh · 1057 days ago

      Nope, they're not dodgy stats. 4.9 out of every 1,000 Vista 32-bit scans and 5.1 out of every 1,000 Vista 64-bit scans had to be cleaned - making the Vista total 10.0 out of 2,000 scans, or an average of 5.0 out of every 1,000 scans.

      Similarly, Win 7 rolls in at an average of 17.6 per 4,000 scans, or 4.4 per 1,000.

      But these are still fractional percentages - XP works out at 0.95%, Vista at 0.5%, Win 7 at 0.44%, Server 2003 at 0.42% and Server 2008 at 0.31%. Of course, what these statistics don't show is the raw figures - how many computers in each category were scanned?

  2. Sophisticat · 1057 days ago

    Microsoft are only monitoring infections cleaned by their own software. The people I know who use Microsoft anti-software tend to be those who know nothing about computers, and just use "what it came with". They also tend to be people who blithely click on links in dodgy emails, get phished and have their credit card details stolen.

    It suggests to me that the rate of infection recorded by Microsoft is therefore likely to be higher than the true picture.

    Disclaimer: I'm not an expert/professional, this is just a thought from someone using alternative anti-software, but still running a 9 year old XP computer which has only ever had one trojan.

    • Dan D · 1057 days ago

      My experience differs from yours.

      None of the Microsoft Windows machines I've seen come with Microsoft's anti-virus software, so I find those who use "what it came with" are using Symantec software or something similarly priced. These machines had the trial versions installed, so the users just bought subscriptions.

      Those that I find using Microsoft Security Essentials are the ones that have taken the time to install something that they know will remain updated and, quite frankly, works pretty well. I also find that they are infected much more rarely because they have an idea of how to be responsible.

  3. Jim Shuker · 1057 days ago

    Are there any stats for Windows 8 yet as I'm just looking at upgrading

  4. Kesh · 1057 days ago

    Maybe propaganda press rease... first assault of Microsoft's "Abandon XP" campaign...?

  5. The Dude Man · 1057 days ago

    umm, yeah, of all OS i have used, XP seems to be the main one that doesn't really take a genius to work out how to use either, works with most programs, and i don't even think once i have had any problem with it.. i only use AVG Free as the Virus finder thingy, and yeah,.. no problems at all.

    I do not understand the graphs one bit.

    My mother uses Vista, my Fiancee uses 7 and both have had more problems than my trusty XP operated systems.

  6. Richard C · 1057 days ago

    i'm wondering about the source of these stats. if it's infections that are cleaned by MS software (for which i find MSE actually quite good - and unobtrusive) then there's a selection bias...

    it still boggles my mind that people don't update their machines. it's not exactly hard...oh well. i'm not complaining as that's a substantial part of my business :)

  7. machiner · 1050 days ago

    I run Windows XP with AVG Internet Security 2012. AVG automatically updates and also I automatically have Windows updates downloaded and installed. I wonder how safe my system is?

  8. blossom · 1046 days ago

    "Safe"?... I take it to mean we dont want our puters messed up . Or we dont want to air our dirty laundry? combine both is a virtually impossible IT juggling trick... If you are using XP...use free malwarebytes with the AVG. they'll happily run together...But please patch. (try Secunia PSI or Bellarc Advisor).
    Then when you are nice and updated and 100% secure (ie 1.2 out of 10 (using the FBI yardstick lol) every fledgling hacker in cyberspace will have fun trying to get in.
    Personally? Wheres the fun in running a puter where its all done for you and you are assumed not to have a mind of your own

  9. Enoch Rotz · 947 days ago

    Most of the time I suffer from bad headache and for this reason I have come to know about this matter in this website. In this website I find out the information of Windows XP is still Microsoft’s biggest security headache, but infections are rising on Windows 7. Actually mate posting this valuable info in this website you have done a good job indeed.

  10. Bob · 914 days ago

    The difference between Windows XP and Windows 7 is even larger than just 9.5 to 4.4. Because you assume that the numbers of computers running Windows 7 RTM x86, RTM x64, SP1 x86 and SP1 x64 are equal. If they are not you cannot add the percentages without weighing them. The absolute numbers of Windows 7 x86 only is about 15%-20% compared to Windows 7 x64. Who has not installed the latest service pack, anyone? So in toal you will have something like 9.5 to ~3.5.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on, The Boston Globe,, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.