Operating system statistics

Computers running newer Windows versions and service pack levels were generally more likely to run up-to-date real-time antimalware software, as shown in Figure 4.

Figure 4. Unprotected computers in 2H12, by operating system version and service pack level
32 = 32-bit edition; 64 = 64-bit edition. SP = Service Pack. RTM = release to manufacturing. Operating systems with at least 0.05 percent of total MSRT executions in 2Q12 shown.

Computers running Windows 8 had the highest rate of protection, with just 8.1 percent of computers running the 32-bit edition and 7.0 percent of computers running the 64-bit edition lacking up-to-date real-time protection. Windows 8 includes real-time antimalware and antispyware protection by default,1 which is likely a significant factor in the reduced number of Windows 8 computers not running security software; previous releases of Windows did not include real-time antimalware software by default. In addition, Windows 8 was only generally available for slightly more than two months of the half-year period, which provided less of an opportunity for real-time protection to expire or to be disabled by computer users or by malware.

Among supported releases of Windows, the lowest rate of protection was observed on computers running the RTM version of Windows 7, of which 32.3 percent of computers running the 32-bit edition and 28.2 percent of computers running the 64-bit edition lacked up-to-date real-time protection. Computers running Windows 7 SP1, the most recent service pack available for Windows 7, were significantly less likely to lack real-time protection than computers running the RTM version.

Although infection rates for unprotected computers were significantly higher than those for protected computers, regardless of operating system version or service pack level, platforms with greater usage of up-to-date security software also tended to have lower infection rates in general, as shown in Figure 5


1 See http://windows.microsoft.com/en-US/windows-8/windows-defender for more information about antimalware protection in Windows 8.

Figure 5. Infection rates for computers with and without up-to-date real-time antimalware protection in 2H12, by operating system version and service pack level
32 = 32-bit edition; 64 = 64-bit edition. SP = Service Pack. RTM = release to manufacturing. Operating systems with at least 0.05 percent of total MSRT executions in 2Q12 shown.

Of all the currently supported Windows client operating system and service pack combinations, Windows XP SP3 had the smallest relative difference between the infection rates of protected and unprotected computers, with protected computers reporting an infection rate 3.7 times greater than unprotected computers. More recently released versions of Windows feature a number of security improvements that are not included in Windows XP, which means that even protected computers running Windows XP face risks from exploitation and malware infection that don’t apply to more recent versions of Windows.

Figure 6. Infection rates for computers running Windows XP and Windows Vista with and without up-to-date real-time antimalware protection in 2H12, by month

The RTM version of Windows 7, which had the highest percentage of unprotected computers of any platform (shown in Figure 4), also displayed the highest infection rates for unprotected computers, with a CCM of 20.4 for the 32-bit edition and 12.5 for the 64-bit edition. This correlation suggests that a larger population of unprotected users within a platform creates an attractive target for attackers.

Figure 7. Infection rates for computers running Windows 7 and Windows 8 with and without up-to-date real-time antimalware protection in 2H12, by month

On Windows 8, which had the lowest infection rate overall, unprotected computers have an infection rate (CCM) that is 16.2 times greater than the infection rate for protected users. This difference is much higher than average, and suggests that protected users benefit far more from their protection than protected users on other platforms. Because Windows 8 includes real-time antimalware protection by default,2 many or most unprotected Windows 8 computers may lack protection because their users have chosen to disable it.3

The threat family most commonly detected by Microsoft security products on Windows 8 computers in 2H12 was Win32/Keygen, a detection for tools that generate keys for various software products that are often distributed by software pirates to enable users to run software illegally. Such tools are typically detected as malware or unwanted software by most antimalware scanners, so some users may choose to disable their security software to use the tools.4 As the analysis presented here demonstrates, such users face significantly greater risk from malware than do users who leave real-time protection enabled.5

See “Operating system infection rates” on page 43 for more information and statistics about infection rates by operating system.




2See blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx for more information about this change and other security improvements in Windows 8.
3As with other Windows releases, many computer vendors ship Windows 8 with a preinstalled trial version of a different antivirus product. The MMPC will continue to monitor MSRT telemetry to determine whether Windows 8 computers tend to become unprotected due to license expiration or for other reasons.
4Microsoft classifies Win32/Keygen as unwanted software rather than malware, and therefore does not include detection signatures for the family in the MSRT.
5See “Deceptive downloads: Software, music, and movies” on page 1 of Microsoft Security Intelligence Report, Volume 13 (January–June 2012) for more information about Keygen and the threats users face from unsecure software distribution channels.

Featured Articles

Locations

United States Change All Microsoft Sites

Search

Feedback:

Was the information in this article helpful?