Evolution of Malware

The Evolution of Malware and the Threat Landscape – a 10-Year review

Microsoft Trustworthy Computing team publishes the Microsoft Security Intelligence Report (SIR) to provide information about the changing global threat landscape of exploits, vulnerabilities, and malware. This special edition of the SIR provides summarized information about how malware (and other forms of unwanted software) has evolved over the last 10 years:

10 year report

Download the report:
The Evolution of Malware
and the Threat Landscape

Download the summary:
Key Findings

Reporting period

Throughout the report, half-yearly and quarterly time periods are referenced using the nHyy or nQyy formats, respectively, where yy indicates the calendar year and n indicates the half or quarter. For example, 1H11 represents the first half of 2011 (January 1 through June 30), and 2Q11 represents the second quarter of 2011 (April 1 through June 30). To avoid confusion, please note the reporting period or periods being referenced when considering the statistics in this report.


This report uses the Microsoft Malware Protection Center (MMPC) naming standards for families and variants of malware and unwanted software.

Windows Update and Microsoft Update

Microsoft provides several tools and services that enable systems or their users to download and install updates directly from Microsoft or, for business customers, from update servers managed by their system administrators. The update client software (called Automatic Updates in Windows XP and Windows Server 2003, and simply Windows Update in Windows 7, Windows Vista, and Windows Server 2008) connects to an update service for the list of available updates. After the update client determines which updates are applicable to each unique system, it installs the updates or notifies the user that they are available, depending on the way the client is configured and the nature of each update.

For users, Microsoft provides two update services that the update clients can use:

  • Windows Update provides updates for Windows components and for device drivers provided by Microsoft and other hardware vendors. Windows Update also distributes signature updates for Microsoft antimalware products and the monthly release of the MSRT. By default, when a user enables automatic updating, the update client connects to the Windows Update service for updates.
  • Microsoft Update provides all of the updates offered through Windows Update as well as updates for other Microsoft software, such as the Microsoft Office system, Microsoft SQL Server, and Microsoft Exchange Server. Users can opt in to the service when installing software that is serviced through Microsoft Update or at the Microsoft Update website.

Enterprise customers can also use Windows Server Update Services (WSUS) or the Microsoft System Center 2012 family of management products to provide update services for their managed computers.

Usage of Windows Update and Microsoft Update, 2H06-2H11, indexed to 2H06 total usage

Usage of Windows Update and Microsoft Update, 2H06-2H11, indexed to 2H06 total usage

Click on the image to enlarge.

  • Since its introduction in 2005, usage of Microsoft Update has increased dramatically.

Top of page Top of Page

Featured Articles


United States Change All Microsoft Sites



Was the information in this article helpful?