Microsoft has released its 10th Security Intelligence Report (SIR) that analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers.
As part of the study Microsoft have found that Windows 7 has consistently had the lowest infection rate of any Microsoft client operating system/service pack combination over the past eighteen months.
The biggest threat to information security remains in applications (like Adobe Reader, Microsoft Office and Adobe Flash). Application vulnerabilities accounted for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities has declined since 2009.
As with all statistics it is about how the data is interepted. It is clear from the report that infection rates for Windows 7 is much lower than that of XP. And that the infection rates for the 64-bit versions of Windows Vista and Windows 7 are lower than for the corresponding 32-bit versions of those operating systems. But some are choosing to report that Windows 7’s malware infection rate climbed by more than 30% during the second half of 2010, while the infection rate of Windows XP fell by more than 20%.
In reality the infection rate of Windows XP SP3 fell from 1.8% in the first quarter to just over 1.4% in the fourth quarter, and indeed this is a 22% drop. But for the last six months of 2010 the 32-bit version of Windows 7 had an infection rate of 0.4% up from 0.3% and so this is a 33% increase.
And so proving the saying “lies, damn lies and statistics” indeed XP has had a 22% drop and Windows 7 a 33% increase. But such figures are nonsense.
The Microsoft Security Intelligence Report can be downloaded here.